Many of the largest enterprises in the world trust Cohesity for managing and protecting their data. Cohesity’s next-gen data management platform supports intelligent IT operations to unlock data value for operational excellence and innovation.
Cohesity leverages extensive controls, policies, and safeguards to ensure customer data is protected and secure. The Cohesity Threat Defense architecture provides capabilities to protect data, detect anomalies that may signal an attack in progress, and rapidly recover from ransomware, cyberattacks and malicious or accidental threats to data security.
Organizations like yours face an extremely complex environment in leveraging technology for innovation and automation. Coupled with a myriad of privacy and industry regulations, cyber threats continue to grow in sophistication, frequency, and severity.
These cyber threats challenge information and security professionals to provide diverse, reliable, and safe information services to their organizations. In most cases, these services will rely on a variety of technology providers. Without hardened and intelligent security capabilities from their technology providers, organizations increase their risk of business disruption, data loss, and regulatory fines.
Combined with the latest global developments, organizations must understand how their technology providers secure and protect their information and what risks a given vendor’s operations may pose to them. Along with the U.S. Department of Cybersecurity and Infrastructure Security Agency’s (CISA) “Shields Up” warning, Germany recently warned German companies to avoid certain vendors who have significant operations in Russia.
This backdrop mandates transparency from technology providers. By disclosing detailed information on security capabilities and safeguards, organizations can ensure their providers meet their security and privacy goals and SLAs.
The online Cohesity Trust Center provides the transparency required by customers and prospects to understand how we secure and protect the data they have entrusted to our Helios platform and related products. Additionally, the Cohesity Trust Center provides an easy mechanism for customers, partners, and third-party researchers to report suspected vulnerabilities in Cohesity products and services.
Cohesity has organized the Trust Center as a comprehensive “one-stop-shop” for easy use to support purchase and compliance needs, with six sections covering product, cloud and corporate security, data privacy, and security certifications along with supporting resources.
The Product Security section details Cohesity’s security by design principles, development security, security assurance standards, programs and training, and disclosure standards. Organizations can leverage this section to understand how Cohesity utilizes rigorous security principles across all phases of its product development lifecycle.
The Cloud Security section reviews Cohesity’s security, privacy, and resiliency capabilities for Cohesity’s SaaS offerings. In this section, Cohesity provides details on administration, security architecture and isolation, cloud infrastructure, and how customers and Cohesity staff are authenticated, and the access controls used. Additionally, this section reviews resiliency and availability, encryption for at rest and in flight data, attack defenses, data center security, business continuity and disaster recovery, vulnerability management, and finally, monitoring and alerting.
In the Corporate Security section, you can view the security practices of Cohesity that provide a trusted relationship to customers, partners, employees, and other organizations. This section details Cohesity’s security organization, practices, training, and its cyber and vendor risk management. It also provides details of Cohesity’s incident response practices, and practices and controls for personnel and physical security.
In the Security Certifications section, you can find information on Cohesity’s comprehensive security certification program. Cohesity has designed this program to protect our customers’ data confidentiality, integrity, and availability in accordance with industry, US government, and international standards. Cohesity’s products and services have also been certified by independent third-party auditors to meet various security standards. This section details numerous certifications: SOC 2 Type II Reports, HIPAA, Secure Government Clouds, Trade Agreement Act Compliance, National Defense Authorization Act of 2019, US Department of Defense Information Network Approved Products List, Authorization to Operate, Common Criteria EAL2+, NIST FIPS 140-2 Cryptographic Module Validation, IPv6, and finally, SEC17a-4(f), FINRA Rule 4511(c), and CFTC Regulation 1.31(c)-(d) rules by Cohasset Associates.
In the concluding section of the Cohesity Trust Center, Resources, Cohesity provides additional reference information for organizations to understand Cohesity’s privacy and security practices. This section has links to numerous documents that provide details on the following: Data Protection Addendum (DPA), Subprocessor List, Products and Services Documentation, Helios SaaS Security Brief, Data Platform Security Whitepaper and Data Platform Security Hardening Guide, and finally, the Cohesity Ransomware Protection-Prepare and Recover white paper.
For now, and the foreseeable future, organizations like yours will face a continuously evolving threat landscape. Besides your own efforts to keep cybercriminals at bay, you will need technology providers who have a security first mindset and provide full transparency into their security and privacy practices. Full transparency establishes the foundation for vendor trust —which is further supported by reliable products and services and award-winning customer service. Cohesity is fully committed to transparency in furthering its relationships with our customers, partners, employees, and suppliers and we hope this new resource goes a long way towards bolstering your trust in us.
Visit the Cohesity Trust Center at: www.cohesity.com/trust/