Security has always been a priority at SolarWinds® Database Performance Monitor (DPM), and we have architected and built our product for security from the beginning, frequently conducting exercises such as third-party penetration tests and code reviews. We are pleased to announce that SolarWinds DPM has successfully completed SOC 2 Type I certification. The report comes after an intensive (and completely successful) auditing process, and is tangible and transparent proof of our commitment to customer protection.
SOC 2 compliance is neither an easy process nor a useless one. Most of us have worked in companies that were subject to various types of security requirements. What we like most about SOC 2 is that it’s sensible and legitimate: the requirements are both common sense and rigorous types of things you must do to actually be secure
. SOC 2 Type 1 attests that the SolarWinds DPM controls were designed and implemented to meet the criteria for Security, Availability, Processing Integrity and Confidentiality.
SolarWinds has a dedicated security team, but security involves literally every person at the company. Our security program follows a Risk Management framework, reports directly to the CEO, and is reportable to the board of directors.
SOC 2 compliance is just one of several security-related initiatives SolarWinds DPM has completed this year. Other initiatives SolarWinds DPM has undertaken include:
- A full security-driven cloud infrastructure change to separate our highly sensitive environments from other environments
- The deployment of Intruder Detection and client MDM solutions
- Security awareness training for employees and specific OWASP training for all engineers
- Monthly Internet vulnerability testing
- A variety of dedicated third-party penetration tests
It’s a lot of work, but it’s often satisfying. It’s rare that a company can pass compliance testing by showing its own product in action! At SolarWinds DPM we use our own solutions to monitor our cloud production services, so when it came time to produce much of the evidence needed for SOC 2 Availability
and Processing Integrity
criteria we simply showed the same DPM features and systems monitoring outputs our customers see every day.
Going forward, SolarWinds DPM will continue on the compliance path for SOC 2 Type II reporting which is based on an assessment after the issuance of the Type I report. The Type II audit validates the strength of our controls over time, and highlights our ongoing commitment to security.