Symform Passes Another SSAE 16 SOC 2 Audit

If you’ve chosen to safeguard your data by storing it on the Symform free cloud storage network, congratulations. You’ve chosen one of the most innovative, efficient, and secure ways ever devised to keep your digital assets safe. But don’t just take our word for it: Symform has passed another rigorous SSAE 16 SOC 2 audit with flying colors.

Whoa! That’s a lot of acronyms…

Symform Passes Another SSAE 16 SOC 2 auditLet’s dip into the alphabet soup and explain what SSAE16 and SOC actually signify. SSAE 16, simply stated, is a set of auditing standards related to service organizations. It is a framework for assessing the internal controls of the organization being audited. (SSAE 16 used to be known as SAS 70, for those of you keeping score at home!) SOC 2 specifically relates to controls related to security, availability, processing integrity, confidentiality, and privacy. All of these should be extremely important to you as the customer of a cloud backup solution.

So, what does it mean for you?

Symform’s independent auditors—the respected firm Moss Adams—did what auditors do: they pored over our practices, procedures, systems, and safeguards. They inspected our operation very closely, with expert eyes to ensure that Symform’s globe-spanning virtual data storage center is healthy and secure. What this means to you is Symform is a cloud data storage company that can be trusted. Your data is in not just good hands—but world-class hands.

Compliance: Symform’s and yours

If you’re in a regulated industry, or work with data subject to regulations like HIPAA or Sarbanes-Oxley, it is especially important that your data backup solutions pass muster. In fact, those regulations mandate specific controls around data security, and Symform’s highly-secure architecture can help. Learn more about Symform’s compliance with SSAE 16.

Online Data Backup Best Practice 2: Who’s in Charge?

This is part of our ongoing series covering Online Data Backup Best Practices. In this post, I’m discussing Who’s in Charge? or how to make sure there is assigned responsibility for the different areas of your online data backup process. For example, who owns sourcing and selecting a data backup vendor or solution, who manages the backups to ensure it’s working the way it should, and who ultimately is responsible for making sure you can restore your data when you need it.  For some companies, this is all the same person, but with others, it’s a team.

Online data backup can be accomplished by many organizations or individuals with little effort, some budget and a moderate amount of time. However, the ease with which online data backup is accomplished can be a blessing and a curse.  The blessing comes from the ease of implementing and managing online data backup. The curse is the same — that it is easy for any department or employee to independently decide and implement an online data backup service.  Unless someone or some team is in charge of your online data backup processes, policies and practices, there can be substantial risk to your data and business.

What does IT own with Online Data Backup?

  • IT (whether it is internal or a contracted organization) will typically be in charge of the technical due diligence, integrating online data backup with your local back up practices ongoing management and help desk support. And typically the cost of online data backup will come out of the IT budget.

Who is Responsible for Security and Compliance?

  • There are many online data backup services that offer convenient ways to select a file, folder or entire device and back it up.  Many of these services also easily enable sharing of your data to devices and individuals outside of your organization.  Across these services there is significant variation in levels of data protection.
  • While you can select an online data backup service that meets your security and risk management needs, you will also have to contend with clever and motivated employees who are willing to select and use some other service. Many organizations deal with this risk through policies and employee security training. IBM has recently moved to block services that present this potential risk. You may need to do the same, or at least make sure you have clear policies around such use.
  • If your industry or data types require that you stay compliant with laws, regulations or standards related to privacy or data protection, then you need to make sure your online data backup service does not jeopardize your compliance. You (and your security and compliance auditors) will need to obtain your vendors security statements and audit reports on an ongoing basis.

Who Minds The Business?

  • The purpose of data backup is to enable restore, and the purpose of restore is to keep your organization running. Business leadership needs to be involved in setting the recovery time objective ( RTO is a measure of how long it takes to recover) as well as the recovery point objective (RPO is measured as the gap in time between real life and the last back up). Shorter RPO and RTO periods will cost more.  The trade-offs between RTO, RPO and constrained budgets need to be handled openly between business and IT leadership. Surprises here are not good.

Who Makes Sure it All Works?

  • IT should lead the effort to test backup and restore capabilities during vendor evaluation. After implementation, IT should lead regularly scheduled restore tests and share the results with business leadership. Are you able to meet or beat your organization’s recovery time objective and recovery point objective?

There are a number of companies not doing any data backup, local or offsite/online. We counsel our customers that online should be used as a backstop to good local backup practices. It is not a substitute for local back up. So, if you’re in IT, and your company is doing nothing or just local backup, you have a huge opportunity to make a difference by making sure the business keeps running.

Symform Receives Strong Product Reviews by Tech Media

Peer-to-peer network, ease of use, and value of FREE cloud backup stressed.

As with any technology, it’s only as good as what the customer perceives it to be, and for an early stage company, getting your product in customer’s hands and understanding what they like and don’t like is critical to success.  If they like it, you hope they will talk about and tell their friends.

Then, there’s product reviews by both official media and more unofficial bloggers, who test your solution and share their results, both good and bad. Not that long ago, reviews were a managed process, where you “shipped” the reviewer your product, did a formal briefing, walked the journalist through set-up and config, etc.  But with so many solutions Web-based now and the ability of anyone to become a “reviewer”, it’s an open field.

Lately, Symform has been getting a great deal of attention among reviewers.  In the past couple of weeks, we’ve had reviews in AddictiveTips, a tech blog focused on helping users find free and simple solutions to everyday problems like data backup; ComputerActive, a tech site giving all kinds of computer advice; and most recently, in PCWorld.

What I appreciate about all three of these reviews is the honesty, simplicity and technical understanding.  These reviewers quickly “got” what Symform does and articulated clearly the economic benefit of joining such a cooperative cloud system for data storage and backup, as well as cautioning readers any potential issues, such as making sure you have enough bandwidth, understanding contribution, etc.

In my opinion, this feedback is critical and helps us constantly re-evaluate our user experience, our packaging and pricing, and our communications.  Our main goal has not changed – to disrupt the cloud storage and backup market with a revolutionary way of storing and securing data online at the lowest price.  But step-by-step reviews and honest evaluations keep us on track and making sure we are giving the customer what they need.