by CData Software | December 05, 2022

Q&A with CData CISO Steven Close: Building Trust with SOC 2 Certification and More

Data security is a top concern for our customers, and of the highest priority for CData. Chief Information Security Officer (CISO) Steven Close, who recently led the initiative to achieve SOC 2 compliance, took some time to chat with us about our vital security initiatives.

1. Can you give us some background on your role here at CData?

Close: My role as CData CISO is to get the company secure and compliant as much as possible. About a year ago, CData brought me aboard to leverage my past expertise working with several prior companies — large and small — to manage a formalized security program.

I’ve concentrated on building out a security program by staffing a security team organization, and ultimately deploying stronger security controls to protect the company, our assets, and our customers' data.

2. What exactly is SOC 2 compliance and why are you excited for CData to be certified?

Close: SOC 2 is a baseline information security standard by the AICPA that verifies a company’s secure handling of customer data across their entire business. Independent SOC 2 auditors look at areas involving multiple departments — governance, operational controls, technical controls, and so on. It's a company-wide initiative.

SOC 2 Type 1 compliance gives our customers peace of mind that CData meets the most rigorous data security requirements, and we’re actively pursuing SOC 2 Type II certification to further drive that point home.

3. How has CData worked together as an organization to accomplish this milestone?

Close: People often think SOC 2 is just a concern for the Security team, but the reality is that the entire organization — from HR, to legal, finance, and beyond — all own and conduct specific duties to make sure that we're compliant.

CData’s SOC 2 compliance starts with leadership. From the top down, the message needs to be sent that we prioritize security. Supportive leadership and organization-wide cohesion create a dream scenario for any new CISO. Having leadership onboard is the difference in obtaining SOC 2 in months versus a year or more.

Where some companies may juggle priorities and delay successful compliance, CData streamlined and accomplished SOC 2 certification within five months of engaging with the auditor — two months earlier than forecasted.

There was no question that SOC 2 compliance was a key initiative for our company to obtain as quickly as possible.
– Steven Close, CData Chief Security Officer

4. What do future security initiatives entail for CData?

Close: At the core of our compliance efforts, CData’s true initiative is to be secure — both for customers’ data and our internal operations.

SOC 2 Type II is our immediate priority, but CData will also look at other compliance grids for our customers as we expand our customer base internationally.

By delivering on SOC 2 compliance, we’ve put a lot of security controls within our internal-facing operational infrastructure as well as in our customer-facing product features. That foundation gets the operational and technical security checks in place to receive and maintain compliance to achieve SOC 2 Type II.

Our next efforts might potentially be focused on ISO compliance. Fortunately, before we focused on SOC 2, CData had already conducted our full internal readiness assessment against the ISO 2700 security framework that we already follow. So, we're looking very closely at what official ISO certification would take.

We have set a strong foundation of trust for customers in highly-regulated spaces that we can handle their data and give them compliant options, both on-premises and in the cloud. As a data-centric company, that’s the ultimate security goal for CData.

Get Started with CData

CData enables your organization to work with real-time data on your terms. You’re free to keep sensitive data fully in your control on-premises or trust our enterprise-grade connectivity as you access data in the cloud. In any scenario, you can rest easy knowing your data is protected.

Book a demo with a CData data connectivity expert today.