A shared responsibility model puts the hard conversations first
No one wants to hire a managed service provider only to discuss a “shared responsibility” model. But you’re always going to have to play a role in protecting your infrastructure.
SOC 2 Reports, Audit Periods and Bridge Letters
Any participating organization has the opportunity to select the Trust Services Criteria that apply to them.
At Deft, we participate in all five.
Deft Security Notice: Log4j Update
A critical vulnerability has been made public for Apache’s Log4j Java-based logging tool. It allows an attacker to alter code remotely.
Achieving compliance in the cloud requires a rules rethink
Maintaining compliance in the cloud should be easy. Every industry that manages sensitive data has some form of requirement around how that data is held. SOC 1, SOC 2, HIPAA, or PCI — a regulatory agency, governing body, or compliance board writes the...SUNBURST SolarWinds Orion IT management platform security advisory
If your organization is using SolarWinds Orion, the CISA ED advises its immediate shutdown and partnering with an organization that conducts incident response to assess impact.
