How KernelCare Helps You Meet SOC 2's Privacy Requirements - TuxCare
TuxCare Blog News

How KernelCare Helps You Meet SOC 2’s Privacy Requirements

July 24, 2019

Soc2B No CTA (1)

SOC 2 is an audit framework that gives organisations a trusted way to verify their controls for protecting, securing and utilizing data. Increasingly, cloud computing companies that want to attract business need to demonstrate SOC 2 certification. (If you’ve never heard of SOC 2 and want the full lowdown, check out our whitepaper here.)

Acquiring SOC 2 certification isn’t easy, though. An outside CPA firm has to conduct a thorough audit, which takes many months and serious investment. It’s not something you want to fail and have to try for a second time.

The Five Categories of SOC 2 Compliance

There are five categories of SOC 2 compliance (or “Trust Services Criteria”): Security, Availability, Processing Integrity, Confidentiality and Privacy. According to the nature of the organisation under review, they will opt to aim for certification in one, some, or all five of these areas.

One of the key criterion is Privacy. SOC 2 regulations state that, in order to obtain a Privacy certification, a company must operate in such a way that “personal information is collected, used, retained, disclosed, and disposed” in line with the company’s standards and goals. There is a requirement that companies communicate transparently with subjects about data usage, and don’t use data beyond what has been explicitly allowed.

Here’s where KernelCare is important. SOC 2 is deeply concerned with systems. 95% of software companies apply patch updates for their Linux kernel by rebooting their servers. But rebooting disrupts services and causes a major headache for sysadmins. Because of this, kernel patching is always delayed, for weeks if not months.

Related post: How KernelCare Helps You Meet SOC 2’s Security Requirements

 

Get a FREE 7-Day Supported Trial of KernelCare 


Staying Compliant with KernelCare

This gap between patch issue and patch application puts proper privacy controls at risk. If you aren’t applying kernel patches as soon as possible, then you are leaving yourself exposed to attackers who know all about new vulnerabilities, and are eager to steal personal information for malicious reasons. Personal data is exposed if your kernel isn’t patched and up to date.

What’s more, point xiii of the Privacy TSC requires that “the entity monitors compliance to meet its objectives related to privacy.” All companies will, of course, have an objective of honoring the terms of their insurance policies. In most cases, these require that patches are applied in around 30 days – which, if you’re rebooting, almost definitely isn’t happening. So, by keeping you insurance-compliant, live patching inherently fulfils the Privacy TSC for the system in focus.

If you’re a cloud computing company, then getting SOC 2 certification should be at the forefront of your mind. And if you’re looking to fulfill the Privacy criteria, then you shouldn’t overlook your rebooting practice. Get live patching today, and make your privacy controls tighter right away.

To get fully up to speed on all things SOC 2, check out our whitepaper here.

To start using KernelCare today, and give yourself a better chance of securing a SOC 2 Privacy certification, go to kernelcare.com or buy KernelCare risk-free today!

TuxCare can help you reduce your risk window to data exfiltration and other cyber security threats.

TALK TO A CYBERSECURITY EXPERT

Expert knowledge of Linux security tips,
live patching education, and Cybersecurity news.

Stay updated with the latest news and announcements from TuxCare.com

Related Articles

The Bugs Behind the Vulnerabilities...

We continue to look at the code issues that cause...

November 14, 2022

Cybersecurity insurance and fine print:...

Catastrophic risks such as natural disasters and indeed cyberattacks require...

June 29, 2022

IT Automation With Live...

In a symphony orchestra, instruments harmonize to create one pleasing...

June 20, 2022

KernelCare ePortal updated – version...

We are pleased to announce that a new updated ePortal version...

June 16, 2022

KernelCare agent update – version...

We are pleased to announce that a new updated KernelCare agent...

June 2, 2022

KernelCare ePortal updated – version...

We are pleased to announce that a new updated ePortal version...

May 26, 2022

Resources

State of Enterprise Linux Cybersecurity ... Read More State of Enterprise Linux Cybersecurity ...
Dangerous remotely exploitable vulnerability ... Read More Dangerous remotely exploitable vulnerability ...
Securing confidential research data ... Read More Securing confidential research data ...
State of Enterprise Vulnerability Detection ... Read More State of Enterprise Vulnerability Detection ...
Demand for Rapid Risk Elimination for ... Read More Demand for Rapid Risk Elimination for ...
TuxCare Free Raspberry Pi Patching Read More TuxCare Free Raspberry Pi Patching