We’ve expanded to support VM-based workloads. Read about it!


Aembit’s SOC 2 Compliance: A Commitment to Security and Availability in Workload IAM

This compliance serves as a validation of our operational and security controls, offering you greater confidence in our Workload IAM services.

You might have heard the news today that Aembit became the first Workload IAM company to achieve SOC 2 Type I compliance. That’s a big deal for us (and of course is to you as well).

SOC 2, administered by the American Institute of Certified Public Accountants (AICPA), is a comprehensive audit that scrutinizes a variety of operational and security controls. 

There are two types: Type I assesses the sufficiency of these controls at a specific moment in time, while Type II examines the effectiveness of these controls over a longer period. We’ve successfully completed Type I and are preparing for the Type II audit.

The SOC 2 framework has served as an invaluable guide for us. It has outlined the specific policies and controls we need to have in place, extending beyond the functionality of our cloud-based Workload IAM Platform to include internal protocols and employee policies.

In addition to SOC 2, we’re also planning to align with ISO 27001, another esteemed security framework, to ensure that we’re meeting and exceeding industry standards.

As a company specializing in security and workload communication, the principles that SOC 2 evaluates – such as data availability and confidentiality – are not just regulatory requirements for us; they’re fundamental to the services we provide. We have a robust set of procedures to ensure high availability and data protection, equipping us to respond effectively to a range of scenarios, from minor technical issues to significant operational challenges.

SOC 2 reports have become somewhat of an industry standard. They are commonly requested by prospective customers and partners. This is understandable given that the digital assets we are entrusted with often constitute critical infrastructure for our clients. 

Applications, APIs, and services are increasingly integrated into the core functions of many organizations, much like well-known platforms such as AWS and Vault by HashiCorp, so it’s only natural for these entities to demand assurances that their data will be handled securely and reliably.

The journey to SOC 2 compliance has been both challenging and rewarding. As we move forward, we remain committed to enhancing our security posture, always with an eye toward exceeding both industry norms and your expectations.

I hope this provides a clearer understanding of what our SOC 2 compliance means for us – and you. 

Thank you for entrusting us with your critical data and operations. We don’t take this responsibility lightly.

You might also like

In the span of a few weeks, three leading tech authorities published findings on non-human identity security challenges. What does...
Our latest update enables secure, seamless connectivity for workloads across cloud and Kubernetes, without trust domain restrictions....
OAuth 2.0 has emerged as a de facto standard for secure authentication. Here is a step-by-step tutorial for configuring it...