| Executives September 1, 2017
September 1, 2017
When government agencies and multinational companies choose a security solution, it's critical that they are able to trust those solutions to handle data securely.
When evaluating security technology vendors, enterprises must ask whether the vendor protects its data in a systematic and secure way. If a vendor poorly secures information in transit or at rest, it puts the enterprise's data, reputation, and compliance at risk. Certifications are a clear signal to enterprises that a vendor has taken appropriate precautionary measures to protect its data.
Lookout has built its technology and business on mobile security data. We have collected the largest dataset of mobile code from over 100 million devices that connect to the Lookout Security Cloud. Lookout is able to feed that data into our analysis machines to identify complex patterns and indications of risk.
Achieving ISO 27001 certification is one of the most important indicators that a company is taking data security and privacy very seriously.
ISO 27001 is a globally recognized comprehensive security standard that requires management commitment, continuous improvement to the security program, and the maintenance of an Information Security Management System (ISMS). An ISMS is a set of policies, processes and systems designed to manage risks regarding information assets, thus ensuring acceptable levels of information security risk.
The ISO 27001 standard is focused on using a risk-based approach, meaning it takes into consideration the risks a specific ISMS has and identifies security controls that mitigate those risks around information assets. The goal for ISO 27001 is to demonstrate to customers the confidence that their data is being properly secured, transmitted, accessed, and stored.
With the ISO 27001 certification, Lookout demonstrates our commitment to enterprises on securing Lookout and customer data. As we move forward, we will go through yearly surveillance audits and certification renewals every three years.
In January, Lookout received the designation "FedRAMP Ready." Now we have moved on to the next level, "FedRAMP In Process." This is an indicator to federal agencies that Lookout is actively working with Federal agencies to make sure we adhere to the stringent NIST 800-53 standards for cloud products and services and obtain authorization for use in U.S. government organizations.
The Federal Risk and Authorization Management Program (FedRAMP) is a government-wide program that standardizes how agencies vet the security of cloud solutions. FedRAMP provides a consistent method of assessing, authorizing, and monitoring cloud products and solutions, making it easier for the agencies to adopt technologies that will help employees become more productive while staying secure.
FedRAMP is extremely important as it's the gold standard for assessing cloud service providers within the government. It significantly decreases agencies' technology vetting processes, allowing them to quickly implement approved services, like Lookout. FedRAMP is an important distinction for Lookout, as it measures security not only at a single point in time, but on an ongoing basis.
Gaining FedRAMP authorization is not as simple as hosting a SaaS solution on a FedRAMP-approved cloud hosting service. The SaaS solution itself must also be FedRAMP authorized. You must also go through the stringent FedRAMP process, which includes heavy technical documentation, audits, and evaluations to determine if the technology is up to FedRAMP's security standards. The best way to determine a company's FedRAMP progress is to check the FedRAMP.gov website.
Lookout Mobile Endpoint Security is the only mobile security solution recognized as FedRAMP In Process.
EU-U.S. Privacy Shield is an important certification for enterprises concerned about the protection of personal data for EU subjects. This is a subset of the larger General Data Protection Regulation (GDPR), which impacts companies doing business internationally, transmitting personal data outside of the European Union.
The U.S. Department of Commerce worked with the European Commission and Swiss Administration separately to develop a set of data protection requirements businesses can use to safely transmit personal data of individuals in the EU without violating EU regulations. The Privacy Shield program, which allows companies to certify that they follow these requirements, was born out of this collaboration.
Global enterprises looking to protect their mobile fleets with Lookout can be assured that Lookout is properly handling the personal data of individuals in the EU.
These specific certifications make it easier for organizations in the federal government, private sector enterprises, and multinational businesses to validate the security of our solutions and infrastructure. Lookout takes protecting customer data seriously and has taken precautions to ensure that data is secured using these widely accepted industry standards.
Want to learn more about how Lookout can protect your enterprise's data? Contact us today.