The Evolve IP Compliance CloudTM
With a dedicated compliance and certifications practice, Evolve IP offers our customers confidence with The Compliance CloudTM. In addition to SSAE- 16 SOC II compliance, Evolve IP has been rigorously audited and achieved standing compliance for government (ITAR) and healthcare (HIPAA). The company also features one of the broadest sets of cloud service provider certifications in the nation including: VMware, Cisco, EMC, Microsoft, Citrix, and Polycom.
In addition to cloud security, Evolve IP enables IT departments to minimize the risk, complexity and ultimately cost of managing corporate data, especially around email. Evolve IP delivers solutions that help organizations protect the security, integrity and availability of information within their businesses.
Learn more about email security, archiving and continuity.
SSAE 16 Service Organization Control II (SOC 2)
Evolve IP has received an SSAE 16 SOC 2 Type II report on our internal controls relating to how we assess and address the potential risks associated with the security, availability, and confidentiality of not only the cloud-based services that we provide, but also our physical and logical infrastructure. Evolve IP utilizes the Certified Public Accounting firm of Grant Thornton to perform its annual audit and attestation in accordance with the Statements on Standards for Attestation Engagements No. 16 and the associated Trust Services Principles, as published by the AICPA, to evaluate the effectiveness of Evolve IP’s service organizations controls.
International Traffic in Arms Regulations Compliant (ITAR)
The Compliance Cloud™ supports U.S. International Traffic in Arms Regulations (ITAR) compliance. As part of managing a comprehensive ITAR compliance program, companies subject to ITAR export regulations must control unintended exports by restricting access to U.S. persons and restricting the physical location of that data to the U.S.
The Compliance Cloud™ provides an environment physically located in the U.S. and where access by Evolve IP associates is limited to U.S. persons, thereby allowing qualified customers to transmit, process, and store protected articles and data subject to ITAR restriction. The Evolve IP Compliance Cloud™ environment has been audited by and independent third-party to validate the proper controls are in place to support customer export compliance programs for this requirement.
Download an ITAR-focused cloud brief to learn more about how The Evolve IP Compliance Cloud™ meets, and in many instances exceeds compliance requirements for transmitting, processing, and storing protected articles and data subject to ITAR restriction.
Health Insurance Portability & Accountability Act (HIPAA)
The Privacy regulations of the U.S. Health Insurance Portability and Accountability Act (HIPAA) require health care providers, organizations, and their business associates, develop and follow procedures that ensure the confidentiality and security of protected health information (PHI) when it is transferred, received, handled, or shared. This applies to all forms of PHI — paper, oral, and electronic, etc. Those who fail to adhere to HIPAA can suffer from huge fines climbing into the millions of dollars for major violations.
The Compliance Cloud™ fully enables covered entities and their business associates subject to HIPAA regulations to leverage a secure environment to process, maintain, and store protected health Information (PHI) featuring among other controls:
- Military-grade data encryption in transit and at rest
- Password protected access to backups
- Redundant secure data centers
Download a HIPAA-focused cloud brief to learn more about how The Evolve IP Compliance Cloud™ meets, and in many instances exceeds compliance requirements for transmitting, processing, and storing Protected Health Information (PHI).
HITRUST Common Security Framework (CSF)
The HITRUST Common Security Framework (CSF) was developed to address the multitude of security, privacy and regulatory challenges facing healthcare organizations. The HITRUST CSF was developed by healthcare and IT professionals to provide an efficient and prescriptive framework for managing the security requirements inherent in HIPAA. HITRUST CSF rationalizes healthcare-relevant regulations and standards into a single overarching security framework. An important part of the “What is HITRUST” answer is understanding that the CSF is risk-based and compliance-based so that organizations can tailor the security control baselines and vendor management programs that they follow based on their specific organization type, size, systems, and regulatory requirements.
Payment Card Industry Security Standards Council (PCI SSC)
The Payment Card Industry Security Standards Council (PCI SSC) was founded in 2006 by the major card brands American Express, Discover Financial Services, JCB International, MasterCard Worldwide, and Visa Inc. The Council created the PCI Data Security Standard (PCI DSS) as a worldwide information security standard for protecting credit card data, and agreed to incorporate the PCI DSS as part of the technical requirements for each of their data security compliance programs. In addition to developing the requirements and enforcing annual compliance, each member also recognizes the Qualified Security Assessors (QSAs) and Approved Scanning Vendors (ASVs) that are annually qualified by the Council.
Although Evolve IP does not directly manage the storage, transmission and processing of customer cardholder data, our compliance with PCI DSS 3.1 Service Level 1 ensures our customers have the ability to create their own cardholder data environment that can store, transmit or process customer cardholder data with The Evolve IP Compliance Cloud™.
As a Level 1 certified PCI Service Provider, the highest level of validation for payment card data security, Evolve IP demonstrates a strong security posture and dedication to information security for our clients. Download a PCI-focused cloud brief to learn how our customers have the ability to create their own cardholder data environment (CDE) that can store, transmit or process cardholder data using The Evolve IP Compliance Cloud™.
CSA STAR – Participating Member
Evolve IP is also a registered and participating member of the CSA Security, Trust & Assurance Registry (STAR). The CSA was formed to encourage transparency of security practices within cloud providers. It is a free, publicly accessible registry that documents the security controls provided by various cloud computing offerings, thereby helping users assess the security of cloud providers they currently use or are considering contracting with. CSA STAR is open to all cloud providers, and allows them to submit assessment reports that document compliance to CSA published best practices. The searchable registry will allow potential cloud customers to review the security practices of providers, accelerating their due diligence and leading to higher quality procurement experiences. CSA STAR represents a major leap forward in industry transparency, encouraging providers to make security capabilities a market differentiator.
Evolve IP has the broadest set of cloud certifications in North America including:
- Cisco IaaS
- Cisco DRaaS
- Cisco DaaS
- VMware VSPP
- Microsoft CSPMicrosoft Mobility
- EMC CSP
Evolve IP associates are dedicated to learning and growing their knowledge. Today on our staff you’ll find associates that hold multiple certifications for the following:
- Cisco SMB
- Cisco SMB Engineer
- MS 365
- Windows 7
- VMware VSP5
- VMware VTSP
- VOP CP
Industry and Other Vendor Certifications
- Six Sigma
- Red Hat
Evolve IP Secure Data Sovereignty and Security Management Practices
From its inception, Evolve IP recognized that security management and data integrity were not just important features and nice to haves, they are critical requirements demanded by enterprise customers and those subject to formal compliance regulations.
Experience you can trust
Evolve IP is a Managed Security Services Provider (MSSP) with longstanding experience in protecting, reporting and auditing enterprise customer networks. Products and services range from perimeter security (premise based or in the cloud) protection to ongoing vulnerability assessments and remediation.
These reports are available to qualifying customers to assist in audits, process design and provider competence evaluation. These reports attest that our security management and control program is appropriately designed and the controls defined to safeguard customer data are operating effectively over time. This allows our customers to leverage the power of the cloud but be completely confident that the applicable processes, technologies and controls are in place to provide the highest level of protection and compliance enablement in securing, processing and storing any type of sensitive data. This includes financial reporting data, healthcare patient data (PHI, ePHI) as defined by HIPAA and credit card processing as defined by PCI DSS 2.0.
These reports, certifications and affiliations differentiate Evolve IP from other service providers by demonstrating that we understand and have mitigated the risks within our environment (and by extension, our Customers’ environments) by proactively deploying audited and attested technology, processes and appropriate controls. It is for these reasons that Evolve IP has led the market in Cloud Services Securitization.
Mitigating Web Threats With Comprehensive, Cloud Delivered Web Security
Organizations rely heavily on the web not only to innovate and compete, but also to conduct daily business. Yet, every web interaction exposes companies to hidden cybersecurity threats, staff productivity losses and significant business risks. Attacks on this mission-critical tool are continually evolving, increasingly damaging and harder to detect.
Traditional web security methods can block known threats but are not able to adapt to the changing threat landscape or to handle advanced malware. Beyond perimeter defense, your own users may consume excess bandwidth or access inappropriate content that can put your organization at risk. And their personal devices may introduce malware from inside the firewall.
Web security products protect against both inbound malware threats and outbound data leakage threats and they are increasingly tapped by other security components to leverage their threat intelligence data for better situational awareness. The underlying security functions remain the same, but the components are now increasingly able to communicate threat intelligence data. This interoperability provides the ability to automate the process of calibrating your organization’s security posture to changing threat conditions.
Cisco Cloud Web Security Essentials
As a cloud service, Cisco® Cloud Web Security (CWS) delivers superior flexibility. A single management interface provides global control, providing enforcement of detailed web-usage policies across an entire organization no matter where users are located or on what device. Through the Cisco AnyConnect® Secure Mobility Client, Cloud Web Security extends its strong protection to roaming laptop users and ensuring that company policies are consistent across all users.
As a cloud-delivered web security solution, Cisco CWS offers extensive security as a service (SaaS). Deployment is simple and fast. No maintenance or upgrades are required.
Benefits at a Glance:
- With fully integrated web security, application control, management and reporting – Administrators can set and enforce specific web use policies across the entire environment.
- Scalable to accommodate from 25 to more than 10,000 users.
- Cisco CWS controls access to websites and specific content in Web pages as well as applications.
- Cisco’s analysis engines deliver continual industry-leading antimalware and zero-day threat protection against web-based attacks.
- Cisco’s advanced global threat telemetry network continuously updates Cisco CWS against the latest threats.
Cisco Cloud Web Security is fed by information from Talos, the largest global threat telemetry network of any company that updates file reputation and web reputation scores.
Email Security, Archiving and Continuity with Mimecast Unified Email Management
Despite risk awareness, many businesses are ignoring critical cyber-issues. Case in point: Although 83% of IT staff highlight email as a common attack vector, one out of 10 reports not having any kind of email security training in place.
That’s according to Mimecast’s Email Security Uncovered global research study, which also shows that while 64% regard email as a major cybersecurity threat to their business, 65% also feel ill-equipped or too out of date to reasonably defend against email-based attacks. One-third of respondents also believe email is more vulnerable today than it was five years ago.
Organizations face an ever-increasing number of threats from email-based spam, viruses and advanced threats. Email-based attacks, in particular spear phishing, remain one of the primary methods used to initiate an advanced persistent threat (APT) attack because of the complexity involved in detecting them.
Mimecast Email Security
Mimecast is a Software-as-a-Service-based enterprise email management solution for archiving, e-discovery, continuity, security and policy enforcement. It is a single modular service that integrates with your existing IT to take care of all of your email requirements online, with no hardware, software, or capital expense and it takes just a few days to set-up. By connecting your current email systems to Mimecast, you instantly deliver unified email security, continuity and archiving.
As a Mimecast partner, Evolve IP delivers a holistic approach to email security in the form of modular unified email management (UEM) service in the cloud. We will work with you to ensure this solution helps you reduce and eliminate on-premises email storage requirements, ensure 100% complete email availability, email security and email compliance, while providing services to help you get more from your email.
Mimecast helps organizations mitigate three key risk areas:
- Broad Spectrum Email security helps ensure optimum coverage including protection from spear-phishing or advanced persistent threats.
- Secure messaging and large file sharing introduces the ability to send and receive secure email or large files up to 2 GB, directly from Microsoft Outlook.
- An independent, immutable and searchable backup of email data to protect against loss, corruption and malicious activity.
- Moving operational and legacy archive stores to the cloud prior to a move to Office 365 can simplify and speed up the migration process.
- Mailbox Continuity services limit the risk associated with potential cloud service outages—backed by a 100% service-level agreement availability.
- Maintain a business continuity plan in the cloud and avoid a single point of failure for critical email services.
Contact Evolve IP for information regarding package options and available add-on services.