Over the years, we have witnessed malicious actors taking aim at organizational supply chains, seeking to exploit the weakest link in enterprises. Increasingly, passwords and even legacy multi-factor authentication (MFA) methods are being swiftly bypassed by phishing and ransomware – resulting in significant financial and reputational damage to organizations, as well as severe threats to critical infrastructure security. Only solutions implementing FIDO2/passkeys or PIV/Smart Card protocols, like modern, phishing-resistant hardware-based YubiKeys, are proven to stop these attacks by offering the strongest security and compliance assurance.
For any business, maintaining agility and enabling fast time to market is key to building differentiation and accelerating business. This is why modern enterprises are opting for a ‘YubiKeys-as-a-Service’ model with YubiEnterprise Services where they can raise the security bar for users working across desktop, mobile and shared workstations while using the latest devices – all with a flexible and phishing-resistant MFA solution. As YubiEnterprise Services continue to grow globally, it’s important that we prioritize delivering meaningful updates to customers – especially when it comes to security improvements.
Ensuring strict controls with SOC 2 Type 2 attestation report
Furthering our ongoing commitment to security and excellence of YubiEnterprise Services for customers, today we’re pleased to share that Yubico has completed a formal examination by an industry leading and accredited CPA firm, Schellman & Company, LLC where the focus was on the Common Criteria section of the Trust Services Criteria. While there are many firms that can conduct SOC 2 Type 2 attestation, Yubico chose to work with one of the most stringent third parties to secure attestation status to stay aligned with our proven track record of protecting some of the most security-conscious organizations in highly regulated industries. These industries trust Yubico, who raises the bar for security for their business and mitigates risk against modern cyber threats.
The SOC 2 Type 2 attestation report confirms that Yubico is following the recommended best practices in terms of security where information and systems are protected against unauthorized access, unauthorized disclosure of information and damage to systems.
The history of SOC 2
The roots of SOC 2 go back to the early 1970s, when the AICPA, which created SOC 2, released the Statement on Auditing Standards (SAS) 1. The SAS 1 document officially outlined an independent auditor’s role and responsibilities, and over the decades new SAS were created. Throughout the early 1990s, CPAs used SAS 70 to determine how effective a company’s internal financial controls were.
Over time, SAS 70 became a way to report on how companies treated information security in general. Over the next 20 years, companies began to outsource services like payroll processing and cloud computing and these services could affect financial reporting or data security. As a result, the need arose for companies to validate their level of security, ideally through a trusted third party.
Strong security and ROI with a modern subscription model
YubiEnterprise Services encompass YubiEnterprise Subscription and YubiEnterprise Delivery – enabling rapid deployment of phishing-resistant MFA with a lower cost of entry, as well as additional flexibility and choice. These services include access to a web console which allows enterprises to efficiently manage their MFA deployments at scale. For less than the price of a cup of coffee per user per month (OPEX), organizations can jump start their journey to modern, phishing-resistant MFA that greatly reduces risk while introducing significant efficiency and business acceleration.
Customers that currently leverage Yubico’s subscription program have already seen significant benefits. In a recent Yubico-commissioned analysis, a Forrester Consulting‘s Total Economic Impact™ (TEI) study examined the potential return on investment (ROI) enterprises are experiencing by deploying YubiKeys – specifically via YubiEnterprise Subscription.
Yubico’s hardware security key subscription and delivery services contributed significantly to the ROI organizations reaped from their MFA investments. As an example, a 5,000-person composite organization representative of interviewed customers leveraging Yubico’s YubiEnterprise Services, with YubiEnterprise Subscription paired with YubiEnterprise Delivery, achieved a 203% ROI over three years.
Want to know how YubiEnterprise Services can benefit your organization? Create your own customizable TEI study here.
For more information on YubiEnterprise Subscription plans and to learn which plan is right for your business, please visit here or watch the video below. To see the cost savings that YubiEnterprise can bring, check out our calculator here.
Contact us to see how you can reduce risk by 99.9% and stop account takeovers with YubiKeys as a Service via a subscription program.