SOC 2 Type 2 Certification: What A Ride And Wonderful Accomplishment!
Aliza Mon
Senior Infosec Engineer
Starburst
Aliza Mon
Senior Infosec Engineer
Starburst
Share
More deployment options
I’ve been at Starburst now for over a year and it has been a great joy to work here and be associated with such great innovative people. I do my best to support the team and also to figure out ways to help promote our wonderful Starburst Galaxy product and also strengthen the confidence our customers have in it. How best could I add value to get it noticed?
For us, getting a SOC 2 Type 2 certifications was highest in our security roadmap along with the ISO27001 so that customers would know that we were serious about making sure we had controls and processes in place to safeguard our product. We had recently received the ISO27001 certification which is a globally recognized security standard with a heavy focus on risk management based on controls, tracking and addressing concerns.This is applied to the entire Starburst business versus a product which the SOC 2 certification looks at. With this certification it gives our customers confidence that we as a business have built a security foundation that we apply across the organization, utilizing 114 controls that all organizations pursuing this must adhere to. Security is serious business!
Source: ITGovernance.co.uk
Sampling of controls
Source: ITGovernance.co.uk – ISO 27001 Annex A controls explained
Why the SOC 2 Type 2? While Starburst currently has a SOC 2 Type 1, we decided to move forward with a Type 2 because the Type 1 covered a point in time while a Type 2 is more vigorous in showing we have used these controls over a span of time. This certification also means that we have passed the auditors report on controls that we put in place to show how well we safeguard our customer data and how well those controls work. The American Institute of Certified Public Accountants developed this standard based on the 5 auditable principles.
Source: Imperva.com
Below is a sampling of some of the controls we have put in place:
As you can see, we wanted to ensure we had a mature, well thought out and testable coverage of security oversight for Starburst Galaxy. We had recently achieved the ISO27001 certifications in May 2022 and knew that a SOC 2 Type 2 would be just as much work to attain but felt confident in our teams to be able to succeed.
We started this trek back in January 2022 with the Schellman team who would serve as auditors for our controls. After some discussions and the kickoff meetings, off we went! The security team went to other Starburst teams to gather information and also ensure we had everything documented correctly and that processes were repeatable, with high quality evidence being captured. This was a lot of work for our HR , sales, and engineering teams but their incredible support made the work easy. Folks took time out of their busy schedules to hop on phone calls with the auditors, pull logs, and review configurations to make sure we were up to specifications. Along this journey we also made additional updates and improvements to our security posture by publishing a security section on our website that includes white papers, customer advisories, and also all the best practices we adhere to. More information can be found here.
With that said, we are happy to present our official SOC 2 Type 2 certification. We passed with flying colors in June 2022 and we look forward to answering any questions you may have and having you join the Starburst customer family.