YubiEnterprise Services reaches a new milestone with SOC 2 Type 2 attestation report

Over the years, we have witnessed malicious actors taking aim at organizational supply chains, seeking to exploit the weakest link in enterprises. Increasingly, passwords and even legacy multi-factor authentication (MFA) methods are being swiftly bypassed by phishing and ransomware – resulting in significant financial and reputational damage to organizations, as well as severe threats to critical infrastructure security. Only solutions implementing FIDO2/passkeys or PIV/Smart Card protocols, like modern, phishing-resistant hardware-based YubiKeys, are proven to stop these attacks by offering the strongest security and compliance assurance.

For any business, maintaining agility and enabling fast time to market is key to building differentiation and accelerating business. This is why modern enterprises are opting for a ‘YubiKeys-as-a-Service’ model with YubiEnterprise Services where they can raise the security bar for users working across desktop, mobile and shared workstations while using the latest devices – all with a flexible and phishing-resistant MFA solution. As YubiEnterprise Services continue to grow globally, it’s important that we prioritize delivering meaningful updates to customers – especially when it comes to security improvements.

Ensuring strict controls with SOC 2 Type 2 attestation report

Furthering our ongoing commitment to security and excellence of YubiEnterprise Services for customers, today we’re pleased to share that Yubico has completed a formal examination by an industry leading and accredited CPA firm, Schellman & Company, LLC where the focus was on the Common Criteria section of the Trust Services Criteria. While there are many firms that can conduct SOC 2 Type 2 attestation, Yubico chose to work with one of the most stringent third parties to secure attestation status to stay aligned with our proven track record of protecting some of the most security-conscious organizations in highly regulated industries. These industries trust Yubico, who raises the bar for security for their business and mitigates risk against modern cyber threats.

The SOC 2 Type 2 attestation report confirms that Yubico is following the recommended best practices in terms of security where information and systems are protected against unauthorized access, unauthorized disclosure of information and damage to systems.

The history of SOC 2

The roots of SOC 2 go back to the early 1970s, when the AICPA, which created SOC 2, released the Statement on Auditing Standards (SAS) 1. The SAS 1 document officially outlined an independent auditor’s role and responsibilities, and over the decades new SAS were created. Throughout the early 1990s, CPAs used SAS 70 to determine how effective a company’s internal financial controls were. 

Over time, SAS 70 became a way to report on how companies treated information security in general. Over the next 20 years, companies began to outsource services like payroll processing and cloud computing and these services could affect financial reporting or data security. As a result, the need arose for companies to validate their level of security, ideally through a trusted third party.

Strong security and ROI with a modern subscription model

YubiEnterprise Services encompass YubiEnterprise Subscription and YubiEnterprise Delivery  – enabling rapid deployment of phishing-resistant MFA with a lower cost of entry, as well as additional flexibility and choice. These services include access to a web console which allows enterprises to efficiently manage their MFA deployments at scale. For less than the price of a cup of coffee per user per month (OPEX), organizations can jump start their journey to modern, phishing-resistant MFA that greatly reduces risk while introducing significant efficiency and business acceleration. 

Customers that currently leverage Yubico’s subscription program have already seen significant benefits. In a recent Yubico-commissioned analysis, a Forrester Consulting‘s Total Economic Impact™ (TEI) study examined the potential return on investment (ROI) enterprises are experiencing by deploying YubiKeys – specifically via YubiEnterprise Subscription. 

Yubico’s hardware security key subscription and delivery services contributed significantly to the ROI organizations reaped from their MFA investments. As an example, a 5,000-person composite organization representative of interviewed customers leveraging Yubico’s YubiEnterprise Services, with YubiEnterprise Subscription paired with YubiEnterprise Delivery, achieved a 203% ROI over three years. 

Want to know how YubiEnterprise Services can benefit your organization? Create your own customizable TEI study here.  

——

For more information on YubiEnterprise Subscription plans and to learn which plan is right for your business, please visit here or watch the video below. To see the cost savings that YubiEnterprise can bring, check out our calculator here

Contact us to see how you can reduce risk by 99.9% and stop account takeovers with YubiKeys as a Service via a subscription program.

Talk to our teamTalk to our team

Share this article:


  • FIPS certified vs. FIPS compliant: What’s the real difference?“Is your MFA solution FIPS compliant, or is it certified?”  This is a question we hear a lot, and for good reason. In industries where security and compliance are critical (especially in government contracts), understanding the difference between FIPS certified and FIPS compliant isn’t just semantics – it can mean the difference between meeting requirements […]Read moreFIPSNIST
  • 2025 Global State of Authentication survey: A world of difference in cybersecurity habitsIn a world that’s more connected than ever, the landscape of cybersecurity threats is constantly evolving. Bad actors, now supercharged with artificial intelligence (AI), are becoming increasingly adept at exploiting human error through sophisticated phishing and social engineering attacks. This makes robust cybersecurity a universal issue, impacting everyone from individuals to the largest global enterprises. […]Read moreGlobal State of Authenticationsurvey
  • Making digital security a right: Inside Yubico’s Secure it Forward programTechnology can be a great equalizer — but only if the strongest protection is within reach. Since 2022, Yubico has donated more than 65,000 YubiKeys to hundreds of organizations worldwide — a retail value of over $3.3 million. Each key helps strengthen digital protection for those doing vital work in their communities. This isn’t just […]Read more
  • Unlocking trust in enterprise security: Yubico and Okta empowering businesses togetherCollaboration with ecosystem partners is critical for providing our customers with the best cybersecurity solutions. Together, Yubico and Okta have achieved remarkable milestones over the years, including launching innovative solutions and aligning our go-to-market efforts – all aimed at delivering the most impactful cybersecurity solutions and user experience for our customers and partners. At the heart […]Read moreOktaOktane