When devices are managed at the edge, outside of centralized data centers or the cloud, data can be easily exposed to a variety of security threats and vulnerabilities, including unmonitored physical access to devices, software and firmware attacks in the field, environmental inconsistencies, and unsecured network connections, among others. Customers with edge-enabled devices are concerned about the internal security practices of the vendors they partner with to manage these devices, and compliance requirements like SOC 2 Type 2 Attestation and ISO/IEC 27001:2022 certification govern the methods used to protect sensitive data in the hands of third-party providers.
Since its very beginning, ZEDEDA has been focused on the security of its products and services with a zero-trust security model designed to protect edge computing deployments and address the unique, perimeter-less security challenges of edge infrastructure. Part of this core value has always included an inherent focus on internal data management practices.
Last month, ZEDEDA announced that it has achieved ISO/IEC 27001:2022 certification, the internationally recognized standard for information security. This international certification was the logical next step for ZEDEDA, as we already hold the primarily U.S.-based SOC 2 Type 2 Attestation, which states that ZEDEDA maintains effective controls over the security, availability and confidentiality of its cloud-based orchestration solution and related systems. The international ISO/IEC 27001:2022 certification achievement underscores this commitment. In particular, it mandates numerous controls for the establishment, operation, monitoring, maintenance and continual improvement of an information security management system, certifying that an organization has deep-rooted methodologies for business, people and IT processes, along with an established framework to help identify, manage, and reduce risks surrounding information security.
This certification was granted following an independent third-party assessment, which asserted that ZEDEDA clearly demonstrates an ongoing, structured approach to data management, security, integrity and availability.
Steadfast Commitment to Our Customers
Achieving ISO/IEC 27001:2022 compliance has also been an important step in our ongoing commitment to our customers. ZEDEDA’s now industry-leading zero-trust security model was designed to safeguard customers’ valuable intellectual property. This security promise is also reflected in our recent release of ZEDEDA Edge Application Services, which make it easier for customers to instantly gain control of all their edge applications in one place, and our new ZEDEDA Edge Kubernetes Service, an industry-first, fully managed Kubernetes service that makes container deployment and management seamless at the distributed edge.
According to ZEDEDA’s Field CTO Raghushankar Vatte, ISO/IEC 27001:2022 certification was not only the right thing to do for customers but an important investment for the company to make to set the bar for secure processes and resources.
“It takes people to put these processes in place and validate that they are in place, and it’s not a one-time thing. It’s something we’re committed to doing and recertifying every year,” Vatte explained. “It’s also an involved process and not one that smaller companies typically undertake because they don’t see a lot of value in it. But in our case, we are working with Fortune 500 and Fortune 100 companies who rely on the security of their edge deployments. They are going from very controlled cloud and data center deployment models to deploying their assets at the edge where there is no real physical security; there are no processes in place to make sure that their IP is not stolen or the data that they’re gathering is not used for purposes other than what they intend to use it for. It’s up to us to make sure that our customers’ data is safe.”
ZEDEDA’s co-founder and CTO Erik Nordmark agrees. “In addition to ZEDEDA having products and services that were built with security in mind from day one, it’s also important that our engineering and business processes are of the highest standard. Like our SOC 2 Attestation, ISO 27001 certification is a key component in the overall security and predictability that we deliver to our customers. The two go hand in hand.”
Related: Building Trust in Edge AI: A Security-First Approach to App Deployment
ZEDEDA’s ISO/IEC 27001:2022 certification achievement in the distributed edge computing market is also an industry-first, one that further validates our security commitment and gives global customers the confidence that they can now meet their unique compliance requirements. As ZEDEDA’s customer base continues to expand across the globe, it has become even more business-critical to ensure that our processes conform to international standards both for international customers who already depend on ZEDEDA’s products and services and those that may require it in the future. For Nordmark, it comes down to building trust.
“Our customers place a great deal of trust in us. Achieving these certifications goes a long way toward demonstrating that not only do we think this is important, but we’re also committed to continuing to build on the trust we have created. Earning the trust of existing customers and potential customers means we have to ensure the security and dependability of all of these cyber physical systems,” Nordmark said. “It’s part of our journey as a business and the stamp of approval that continues to give our customers the confidence that they can trust us.”
Information security measures like ISO 27001 and SOC 2 Type 2 have become critical in managing the globalization of assets, specifically for ZEDEDA’s large, multinational customers with headquarters across the globe who have assets located all over the world. Corporations who operate under this model are typically looking for security practices and processes that protect them across the globe and give them the reliability and security posture they require to demonstrate similar security properties to their end customers. Additionally, many of these large, global corporate entities have entities and offices in numerous geographical areas, and each geographical location has its own specific security standards that must be met.
Vatte believes that ISO 27001 is a critical business play that is also critical for global customers. “If our customers are doing business in the US, in Europe, or in China, Africa or the Middle East, they will all have a different set of security standards. They will all have data localization requirements and many other factors that come into the picture. Now with ISO 27001 certification, we can go in front of all of those different entities and prove, on behalf of our customers, that we meet the bar, that we are a world class organization. It’s no longer a discussion about whether we can support their security standards, it is more of a discussion about whether our product supports their security requirements, and our zero-trust security standard is something we can already customize to meet their specific needs.”
Interested in learning more about ZEDEDA’s approach to security? Check out our security whitepaper.