<img height="1" width="1" src="https://www.facebook.com/tr?id=1953097804934218&amp;ev=PageView &amp;noscript=1">

Blog

Joe Johnson

Recent Posts by Joe Johnson:

How to Prevent One Employee from Compromising Your Data Security

The former CEO of Equifax this week appeared before Congress to offer testimony around the data breach which, as of last accounting, compromised the personal details of 145.5 million people. Yet again, an organization with the resources, the budget, and the technical knowledge to protect themselves against incursion finds themselves in a pickle of their own making. Most upsetting, though, is the way former CEO Richard Smith perpetuated the myth that "one IT employee" is to blame.

Topics: Security

SOC 2 Report Now Available with Privacy Section

I'm proud to announce that ServerCentral's 2016–2017 AT-101 SOC 2 Type II report is now available to download in our customer portal

Topics: Compliance Security

OS X High Sierra Zero-Day Announced

Normally, passwords stored in a Mac Keychain vault require a master password for access. Now, attackers can steal Keychain passwords without it.

Just hours after the launch of Mac OS X High Sierra, a security researcher has identified and released a zero-day exploit of the new OS revision that can allow an attacker unfettered access to your keychain file. 

Topics: Security

Vulnerability Alert: BlueBorne

Security company Armis has identified eight exploits utilizing the Bluetooth Network Encapsulation Protocol (BNEP) service of mobile devices. 

Topics: Security

SOC 2 Report Progress

We expect and rely on information security experts and engineers to keep up-to-date with the latest exploits or attacks, just as we expect compliance experts to maintain a high level of certainty in their controls and tests. It’s part of how we’re able to address the new technology threats and risks that appear on the horizon every day.

Topics: Compliance Audit

ServerCentral's 2016 SOC 2 audit is now available!

Throughout many years of managing audit tasks and compliance programs, the most arduous part has always been gathering the proper artifacts.

  • Did we get the screen shot of one system right?
  • Where did I put that report from our vendor?
  • Who’s seen the monthly vulnerability scan reports?

Well, today ServerCentral took a large step toward making that process easier for our customers by putting our SOC 2 report online in our customer portal! 

Topics: Compliance Security Audit

The End of Safe Harbor And What Comes Next

Under European law, service providers are legally obligated to maintain the levels of security and privacy for personal, non-public information. Because of these protections, data from European users cannot be moved to jurisdictions where the same level of protection does not exist.

Topics: Security

5 Reasons You Should Care About Data Center Compliance

Day by day, businesses across the world are moving more of their operations to the cloud, relying heavily on cloud service providers to protect and secure their data from theft and loss. If they haven't dipped their toes in the big pool of cloud, maybe they've hired a managed services provider (MSP) to handle the day-to-day maintenance and availability of their systems and data or the monitoring of uptime and performance.

Regardless of the path chosen, the potential exposure and risk of business, data, and reputation loss is real. However, both of these paths also provide businesses a great deal of benefit, leading many to try and strike that perfect balance of risk vs. reward in their cloud strategy.

This is where data center compliance comes in. 

Topics: Compliance

We're Hiring A Linux System Administrator

Jacks of all trades, masters of...ALL! ServerCentral is looking for the ultimate Linux System Administrator to join our team.

Topics: Job Openings

My SOC is Better Than Your SOC

We’ve come a long way since the days of the SAS 70, which did little to actually test the security of a data center or managed service provider. Under a SAS 70, which was designed to test the integrity of financial reporting and not information security, an organization could make up their own set of rules to be audited against. An auditor, usually a CPA sanctioned by the American Institute of CPAs (AICPA), would "test" their client by looking for evidence that they followed each rule.

Topics: Data Center Compliance