Every cloud provider says they’re secure, but how do you really know that they are? Well, here at Tabush Group, we know we are secure, and we’re proud to tell you why.
Security is, and always has been, top of mind for us. It is more than a product or a process: security is our priority, always at the forefront of what we do. As a provider of cloud services to other businesses, it is our duty to ensure both our systems and yours are well protected. By using the right tools and instating the right policies, we feel confident that our multilayered approach stands up to the constantly evolving security landscape. To ensure that our cloud, as well as our clients’ businesses, are secure, we had a third-party audit done.
We researched the various types of audits, as there are many options and dozens of rulesets out there, and decided to undergo a NIST Cybersecurity compliance audit. NIST, or the National Institute for Standards and Technologies, is part of the U.S. Department of Commerce, and NIST Special Publication 800-53 deals specifically with cybersecurity. It is one of the most widely recognized security standards. We hired a firm to conduct the audit that has a deep expertise in NIST and cybersecurity.
Simultaneously during our NIST audit, we were also audited for NY Stop Hacks and Improve Electronic Data Security (SHIELD) Act compliance. This act requires businesses that have computerized data of a NY resident to maintain reasonable safeguards to protect the security, confidentiality, and integrity of the information.
The Audit
Without getting too deep into the nitty gritty, the audit process is lengthy and took place over months. It involved hours upon hours of interviews and written questions. The firm conducting the audit reviewed our documented procedures and agreements, including administrative processes, physical and data security, data encryption, backups, and more. They performed penetration testing to try and uncover holes in our security, and they reviewed emergency protocols and remediation plans.
The Results
In the end, Tabush Group passed the audits for both NIST Cybersecurity compliance and NY SHIELD Act compliance. This shows that Tabush Group has all of the proper security procedures and systems in place to protect not only our firm, but our clients’ firms as well. But now that we’re certified, how do we ensure compliance as the cybersecurity landscape is constantly evolving?
Tabush Group operates within the cybersecurity framework that was audited. Part of this framework means we have a cybersecurity committee that meets regularly to ensure we remain on top of the latest threats. We continue our own regular penetration tests, and will continue with an annual cybersecurity audit every year. You can rest assured when you place your trust in Tabush Group.
Tabush Group has a structured and documented cybersecurity framework that we operate within. For more information on our cybersecurity framework view our NIST Executive Summary.