A progressive, evolutionary approach to every aspect of information security gives customers peace of mind. Best-in-class attestations and standards provide for certifications, controls and associated audits that reinforce confidence and demonstrate compliance. Velocity recognizes that our customers trust us with their critical data and applications.
According to CIOs, CTOs, and CISOs, negligent insiders top the list of perceived security threats (51%), with malicious outsiders (43%) and compromised applications rounding out the top three (SANS Cyber Security Study, 2014). Symantec, Inc. reports 312 distinct breaches in 2014 with about 348 million identities exposed. Acute and determined attacks like advanced persistent threats and zero day vulnerabilities are becoming more frequent and complex. The top five zero days were actively exploited for 295 days before patches were available. Attackers are moving faster, frequency is increasing and threats are becoming more integrated - defenses are not keeping pace.
No longer is the conventional “CIA Triad” of confidentiality, integrity, and availability sufficient to guarantee information security in the cloud. Information assurance attributes including privacy, non repudiation and accountability must be considered along with governance aspects like auditability and authenticity. Each of these is addressed and integrated in Velocity’s market offerings and by embracing fundamental and progressive design principles:
Your business changes. Technology, systems and applications offer a distinct business benefit if they can be used to the fullest potential. Velocity engineers compliance into the cloud fabric, creating a tapestry of capabilities to meet the information security needs of today and tomorrow. The flexibility to manage payment card information for a new employee purchase program creates a significant challenge if implemented as an afterthought. Changing healthcare requirements require protection for even the rudimentary benefits administration functions intrinsic to human capital management systems. Ever widening definitions of protected information and theoretical access require an innovative approach to ITAR and EAR access.
Velocity assembles relevant certifications and attestations to design and validate our controls. Our third party certifications include Standards of Attestations Engagements in the U.S. No 16 (SSAE 16) / AT Section 801, (SOC 1), AT Section 101 Report relevant to Security, Availability, and Confidentiality Principles (SOC 2), Information Technology Infrastructure Library (ITIL) and Safe Harbor. We adhere to stringent risk mitigation and comprehensive compliance requirements. For additional information on Velocity’s compliance standards, please contact a Velocity representative.
Tools and technologies for best-in-class providers are resident in Velocity's Cloud Services. Network feeds are captured and replayed for analysis of attempted intrusion. Advanced and persistent vulnerability detection is “always on.” Intrusion detection, prevention and remediation insures access to the cloud services is made from trusted endpoints and groups. Advanced search and threat detection algorithms are deployed through cloud analytics for predictive and correlative threat elimination.
Velocity information security and processes are configurable for each customer and for each application, often to the data element. Data in the cloud must be accessible – but through appropriate means and by approved entities. Data blocking and ransomware behavior cannot be unintentional consequences of an overzealous information security approach.
The Velocity approach to information security ensures optimal protection and efficient data access for application and platform users. The human aspect – to include hardened change procedures, security reporting and transparent response – enhances our technologies and processes. Velocity Zoom® delivers self-service visibility to your environment to include security dashboard functionality that enhances the control of your piece of the Velocity Cloud.
Security, Availability & Confidentiality Principles for SOC 2
This means our services follow a standard process.
We have ITIL certified resources on staff.
Secure private cloud environment.
Visit our Resource Center.