The Evolve IP Compliance CloudTM
With a dedicated compliance and certifications practice, Evolve IP offers our customers confidence with The Compliance CloudTM. In addition to SSAE- 16 SOC II compliance, Evolve IP has been rigorously audited and achieved standing compliance for government (ITAR) and healthcare (HIPAA). The company also features one of the broadest sets of cloud service provider certifications in the nation including: VMware, Cisco, EMC, Microsoft, Citrix, and Polycom.
In addition to cloud security, Evolve IP enables IT departments to minimize the risk, complexity and ultimately cost of managing corporate data, especially around email. Evolve IP delivers solutions that help organizations protect the security, integrity and availability of information within their businesses.
Learn more about email security, archiving and continuity.
SSAE 16 Service Organization Control II (SOC 2)
Evolve IP has received an SSAE 16 SOC 2 Type II report on our internal controls relating to how we assess and address the potential risks associated with the security, availability, and confidentiality of not only the cloud-based services that we provide, but also our physical and logical infrastructure. Evolve IP utilizes the Certified Public Accounting firm of Grant Thornton to perform its annual audit and attestation in accordance with the Statements on Standards for Attestation Engagements No. 16 and the associated Trust Services Principles, as published by the AICPA, to evaluate the effectiveness of Evolve IP’s service organizations controls.
International Traffic in Arms Regulations Compliant (ITAR)
The Compliance Cloud™ supports U.S. International Traffic in Arms Regulations (ITAR) compliance. As part of managing a comprehensive ITAR compliance program, companies subject to ITAR export regulations must control unintended exports by restricting access to U.S. persons and restricting the physical location of that data to the U.S.
The Compliance Cloud™ provides an environment physically located in the U.S. and where access by Evolve IP associates is limited to U.S. persons, thereby allowing qualified customers to transmit, process, and store protected articles and data subject to ITAR restriction. The Evolve IP Compliance Cloud™ environment has been audited by and independent third-party to validate the proper controls are in place to support customer export compliance programs for this requirement.
Download an ITAR-focused cloud brief to learn more about how The Evolve IP Compliance Cloud™ meets, and in many instances exceeds compliance requirements for transmitting, processing, and storing protected articles and data subject to ITAR restriction.
Health Insurance Portability & Accountability Act (HIPAA)
The Privacy regulations of the U.S. Health Insurance Portability and Accountability Act (HIPAA) require health care providers, organizations, and their business associates, develop and follow procedures that ensure the confidentiality and security of protected health information (PHI) when it is transferred, received, handled, or shared. This applies to all forms of PHI — paper, oral, and electronic, etc. Those who fail to adhere to HIPAA can suffer from huge fines climbing into the millions of dollars for major violations.
The Compliance Cloud™ fully enables covered entities and their business associates subject to HIPAA regulations to leverage a secure environment to process, maintain, and store protected health Information (PHI) featuring among other controls:
- Military-grade data encryption in transit and at rest
- Password protected access to backups
- Redundant secure data centers
Download a HIPAA-focused cloud brief to learn more about how The Evolve IP Compliance Cloud™ meets, and in many instances exceeds compliance requirements for transmitting, processing, and storing Protected Health Information (PHI).
Evolve IP is also an Approved Scanning Vendor (ASV) of the PCI (Payment Card Industry) Security Standards Council. Approved Scanning Vendors are organizations that validate adherence to certain DSS (Data Security Standards) requirements by performing vulnerability scans of Internet facing environments of merchants and service providers. Evolve IP also has distinction in being designated as a former Qualified Security Assessor (QSA) with the PCI council. The Payment Card Industry (PCI) Qualified Security Assessor (QSA) designation is conferred by the PCI Security Standards Council to those individuals and organizations that meet specific information security education requirements, have taken the appropriate training from the PCI Security Standards Council, are employees of a Qualified Security Assessor (QSA) company Approved PCI Security and Auditing Firm, and will be performing PCI compliance assessments as they relate to the protection of credit card data.
CSA STAR – Participating Member
Evolve IP is also a registered and participating member of the CSA Security, Trust & Assurance Registry (STAR). The CSA was formed to encourage transparency of security practices within cloud providers. It is a free, publicly accessible registry that documents the security controls provided by various cloud computing offerings, thereby helping users assess the security of cloud providers they currently use or are considering contracting with. CSA STAR is open to all cloud providers, and allows them to submit assessment reports that document compliance to CSA published best practices. The searchable registry will allow potential cloud customers to review the security practices of providers, accelerating their due diligence and leading to higher quality procurement experiences. CSA STAR represents a major leap forward in industry transparency, encouraging providers to make security capabilities a market differentiator.
Evolve IP has the broadest set of cloud certifications in North America including:
- Cisco IaaS
- Cisco DRaaS
- Cisco DaaS
- VMware VSPP
- Microsoft CSPMicrosoft Mobility
- EMC CSP
Evolve IP associates are dedicated to learning and growing their knowledge. Today on our staff you’ll find associates that hold multiple certifications for the following:
- Cisco SMB
- Cisco SMB Engineer
- MS 365
- Windows 7
- VMware VSP5
- VMware VTSP
- VOP CP
Industry and Other Vendor Certifications
- Six Sigma
- Red Hat
Evolve IP Secure Data Sovereignty and Security Management Practices
From its inception, Evolve IP recognized that security management and data integrity were not just important features and nice to haves, they are critical requirements demanded by enterprise customers and those subject to formal compliance regulations.
Experience you can trust
Evolve IP is a Managed Security Services Provider (MSSP) with longstanding experience in protecting, reporting and auditing enterprise customer networks. Products and services range from perimeter security (premise based or in the cloud) protection to ongoing vulnerability assessments and remediation.
These reports are available to qualifying customers to assist in audits, process design and provider competence evaluation. These reports attest that our security management and control program is appropriately designed and the controls defined to safeguard customer data are operating effectively over time. This allows our customers to leverage the power of the cloud but be completely confident that the applicable processes, technologies and controls are in place to provide the highest level of protection and compliance enablement in securing, processing and storing any type of sensitive data. This includes financial reporting data, healthcare patient data (PHI, ePHI) as defined by HIPAA and credit card processing as defined by PCI DSS 2.0.
These reports, certifications and affiliations differentiate Evolve IP from other service providers by demonstrating that we understand and have mitigated the risks within our environment (and by extension, our Customers’ environments) by proactively deploying audited and attested technology, processes and appropriate controls. It is for these reasons that Evolve IP has led the market in Cloud Services Securitization.
Mitigating Web Threats With Comprehensive, Cloud Delivered Web Security
Organizations rely heavily on the web not only to innovate and compete, but also to conduct daily business. Yet, every web interaction exposes companies to hidden cybersecurity threats, staff productivity losses and significant business risks. Attacks on this mission-critical tool are continually evolving, increasingly damaging and harder to detect.
Traditional web security methods can block known threats but are not able to adapt to the changing threat landscape or to handle advanced malware. Beyond perimeter defense, your own users may consume excess bandwidth or access inappropriate content that can put your organization at risk. And their personal devices may introduce malware from inside the firewall.
Web security products protect against both inbound malware threats and outbound data leakage threats and they are increasingly tapped by other security components to leverage their threat intelligence data for better situational awareness. The underlying security functions remain the same, but the components are now increasingly able to communicate threat intelligence data. This interoperability provides the ability to automate the process of calibrating your organization’s security posture to changing threat conditions.
Cisco Cloud Web Security Essentials
As a cloud service, Cisco® Cloud Web Security (CWS) delivers superior flexibility. A single management interface provides global control, providing enforcement of detailed web-usage policies across an entire organization no matter where users are located or on what device. Through the Cisco AnyConnect® Secure Mobility Client, Cloud Web Security extends its strong protection to roaming laptop users and ensuring that company policies are consistent across all users.
As a cloud-delivered web security solution, Cisco CWS offers extensive security as a service (SaaS). Deployment is simple and fast. No maintenance or upgrades are required.
Benefits at a Glance:
- With fully integrated web security, application control, management and reporting – Administrators can set and enforce specific web use policies across the entire environment.
- Scalable to accommodate from 25 to more than 10,000 users.
- Cisco CWS controls access to websites and specific content in Web pages as well as applications.
- Cisco’s analysis engines deliver continual industry-leading antimalware and zero-day threat protection against web-based attacks.
- Cisco’s advanced global threat telemetry network continuously updates Cisco CWS against the latest threats.
Cisco Cloud Web Security is fed by information from Talos, the largest global threat telemetry network of any company that updates file reputation and web reputation scores.
Email Security, Archiving and Continuity with Mimecast Unified Email Management
Despite risk awareness, many businesses are ignoring critical cyber-issues. Case in point: Although 83% of IT staff highlight email as a common attack vector, one out of 10 reports not having any kind of email security training in place.
That’s according to Mimecast’s Email Security Uncovered global research study, which also shows that while 64% regard email as a major cybersecurity threat to their business, 65% also feel ill-equipped or too out of date to reasonably defend against email-based attacks. One-third of respondents also believe email is more vulnerable today than it was five years ago.
Organizations face an ever-increasing number of threats from email-based spam, viruses and advanced threats. Email-based attacks, in particular spear phishing, remain one of the primary methods used to initiate an advanced persistent threat (APT) attack because of the complexity involved in detecting them.
Mimecast Email Security
Mimecast is a Software-as-a-Service-based enterprise email management solution for archiving, e-discovery, continuity, security and policy enforcement. It is a single modular service that integrates with your existing IT to take care of all of your email requirements online, with no hardware, software, or capital expense and it takes just a few days to set-up. By connecting your current email systems to Mimecast, you instantly deliver unified email security, continuity and archiving.
As a Mimecast partner, Evolve IP delivers a holistic approach to email security in the form of modular unified email management (UEM) service in the cloud. We will work with you to ensure this solution helps you reduce and eliminate on-premises email storage requirements, ensure 100% complete email availability, email security and email compliance, while providing services to help you get more from your email.
Mimecast helps organizations mitigate three key risk areas:
- Broad Spectrum Email security helps ensure optimum coverage including protection from spear-phishing or advanced persistent threats.
- Secure messaging and large file sharing introduces the ability to send and receive secure email or large files up to 2 GB, directly from Microsoft Outlook.
- An independent, immutable and searchable backup of email data to protect against loss, corruption and malicious activity.
- Moving operational and legacy archive stores to the cloud prior to a move to Office 365 can simplify and speed up the migration process.
- Mailbox Continuity services limit the risk associated with potential cloud service outages—backed by a 100% service-level agreement availability.
- Maintain a business continuity plan in the cloud and avoid a single point of failure for critical email services.
Contact Evolve IP for information regarding package options and available add-on services.