Cloud Security Controls
Effective date: December 11, 2013
Blue Coat Cloud Security Services is based on a solid technical and operational security platform. Advanced security technologies have been implemented to protect customer's data and service availability and performance. Operationally, Blue Coat has implemented a formal Information Security Management System (ISMS) that includes all the policies, processes and controls to maximize data availability and protection. The ISMS is based on ISO standards and governs all aspects of service delivery and operations.
Blue Coat has selected internationally recognized standards to validate its security processes, tools and controls meet customer’s data integrity, availability and protection. In addition to continuous internal reviews and audits, we have engaged with industry recognized auditing firms to confirm our adherence to these standards, which will provide customers with a high confidence that their data and service requirements will be met under strict security, availability and privacy controls.
To ensure delivery of the highest level of security and availability to its customers, Blue Coat has implemented an Information Management Security System and obtained ISO 27001 certification. We are absolutely dedicated to continuously proving our commitment to best security practices while providing customers with confidence in our Cloud services.
Pursuing ISO2001 certification was a natural choice since it best represents our risk based service delivery approach and security best practices. This internationally recognized set of systems and network security, operational controls, data privacy and governance represent a comprehensive security management model that governs all aspects of our Cloud services delivery.
As part of our ongoing commitment to information security Blue Coat maintains compliance with ISO 27001 through an internationally accredited certification body.
Blue Coat as a services organization understands the importance of earning customer’s trust in our services while continuously proving our commitment to security.
We selected SSAE16 as another core standard to provide assurance to our customers that the required control and security objectives are designed and efficiently operated as part of our Cloud service delivery.
Blue Coat contracts with external parties and auditing firms to provide additional assurance through SSAE16 control review. SSAE 16 (Statement on Standards for Attestation Engagements No. 16), the successor to SAS 70, is an audit standard established by the American Institute of Certified Public Accountants (AICPA) and is geared towards service organizations. Service organizations are typically entities that provide outsourcing services that impact the control environment of their customers. SSAE 16 audits are independent verifications of compliance with security controls and effectiveness of security controls.
At the conclusion of an SSAE 16 service auditor's examination ("SSAE 16 audit"), the service auditor renders an opinion on the following information:
- Whether or not the service organization's description of controls is presented fairly.
- Whether or not the service organization's controls are designed effectively.
- Whether or not the service organization's controls are placed in operation as of a specified date.
- Whether or not the service organization's controls are operating effectively over a specified period of time. (SSAE 16 (SOC 1) Type II and (SOC2) Type II only).
Blue Coat Cloud Security Services SSAE 16 audits are performed by qualified, independent, third-party, computer security auditors at Blue Coat selection and expense.
The audit report produced includes an opinion of the controls by the external third party. Blue Coat Cloud Security Services will be audited against SSAE 16 at its next regularly scheduled audit. More information about the standard and types of audits can be found at www.aicpa.org.