Vice President, Governance, Risk and Compliance (GRC)View Bio
Velocity’s Virtual Private Cloud provides significant advantages when compared to commodity public clouds.
A progressive, evolutionary approach to every aspect of information security gives customers peace of mind. Best-in-class attestations and standards provide for certifications, controls and associated audits that reinforce confidence and demonstrate compliance. Velocity recognises that our customers trust us with their critical data and applications.
According to CIOs, CTOs, and CISOs, negligent insiders top the list of perceived security threats (51%), with malicious outsiders (43%) and compromised applications rounding out the top three (SANS Cyber Security Study, 2014). Symantec, Inc. reports 312 distinct breaches in 2014 with about 348 million identities exposed. Acute and determined attacks like advanced persistent threats and zero day vulnerabilities are becoming more frequent and complex. The top five zero days were actively exploited for 295 days before patches were available. Attackers are moving faster, frequency is increasing and threats are becoming more integrated - defences are not keeping pace.
No longer is the conventional “CIA Triad” of confidentiality, integrity, and availability sufficient to guarantee information security in the cloud. Information assurance attributes including privacy, non repudiation and accountability must be considered along with governance aspects like auditability and authenticity. Each of these is addressed and integrated in Velocity’s market offerings and by embracing fundamental and progressive design principles:
Forward Innovation – Velocity studies security trends and issues to proactively develop intellectual property that reduces risk. This composite set of tools and utilities forms the foundation of our security approach.
Secure by Design – Velocity security measures are built into the fabric of our architecture, resulting in a service delivery platform that is inherently more secure than typical industry add-ons or after thoughts.
Defense in Depth – Velocity engineers and deploys multiple layers of security encompassing people, process and technology.
Your business changes. Technology, systems and applications offer a distinct business benefit if they can be used to the fullest potential. Velocity engineers compliance into the cloud fabric, creating a tapestry of capabilities to meet the information security needs of today and tomorrow. The flexibility to manage payment card information for a new employee purchase program creates a significant challenge if implemented as an afterthought. Changing healthcare requirements require HIPAA protection for even the rudimentary benefits administration functions intrinsic to human capital management systems. Ever widening definitions of protected information and theoretical access require an innovative approach to ITAR and EAR access.
In the U.K., Velocity has 4 ISO quality certifications including:
Velocity assembles relevant certifications and attestations to design and validate our controls. In the U.K., we are N3 compliant allowing us to connect to the National Health Service (NHS) network.
Our third party certifications also include U.S. Standards of Attestations Engagements No 16 (SSAE 16) / AT Section 801, (SOC 1), AT Section 101 Report relevant to Security, Availability, and Confidentiality Principles (SOC 2), ISO 27001, Information Technology Infrastructure Library (ITIL) and Safe Harbor. We adhere to stringent risk mitigation and comprehensive compliance requirements. For additional information on Velocity’s compliance standards, please contact a Velocity representative.
Tools and technologies for best-in-class providers are resident in the Velocity Virtual Private Cloud. Network feeds are captured and replayed for analysis of attempted intrusion. Advanced and persistent vulnerability detection is “always on.” Intrusion detection, prevention and remediation insures access to the cloud services is made from trusted endpoints and groups. Advanced search and threat detection algorithms are deployed through cloud analytics for predictive and correlative threat elimination.
Velocity information security and processes are configurable for each customer and for each application, often to the data element. Data in the cloud must be accessible – but through appropriate means and by approved entities. Data blocking and ransomware behavior cannot be unintentional consequences of an overzealous information security approach.
The Velocity approach to information security ensures optimal protection and efficient data access for application and platform users. The human aspect – to include hardened change procedures, security reporting and transparent response – enhances our technologies and processes. Velocity Zoom® delivers self-service visibility to your environment to include security dashboard functionality that enhances the control of your piece of the Velocity Cloud.
Security, Availability & Confidentiality Principles for SOC 2
This means our services follow a standard process.
We have ITIL certified resources on staff.
Secure private cloud environment.
Visit our Resource Center.