Amazon Web Services (AWS)  and its peers in the cloud market have transformed infrastructure hosting for companies of all sizes.  However, making the move to the cloud can be intimidating and overwhelming, and it may seem more work than it’s worth.  So why has AWS cloud hosting proven to be so successful?  

Having the first-mover advantage played a substantial role: Amazon entered the cloud infrastructure market before its competitors. AWS kicked off the cloud revolution two decades ago.  But being first wasn’t enough—the platform’s success stems from real-world AWS benefits that help businesses to build profitable products and services. 

The following years saw the introduction of EC2, S3, RDS, and a host of other storage and compute services. Today, AWS offers over 100 services in domains as diverse as database hosting, virtual networking, cloud security, and machine learning. AWS is by far the biggest cloud platform globally, with a 33% market share, compared to Microsoft Azure’s 21% and Google Cloud’s 10%. 

 We believe AWS cloud hosting could benefit your business in 5 distinct ways.   Let’s take a look at these beneficial reasons below: 

1. Reduced Infrastructure Cost with On-Demand Pricing

On-demand pricing is a significant benefit of AWS and other cloud services—you pay only for the resources you use. If you need a server, you can deploy one in minutes and only pay for the compute, storage, and network resources it consumes. AWS allows users to share the underlying hardware, reducing lead times and costs compared to bought or leased IT infrastructure.

2. Scalable Compute and Storage

In the pre-cloud era, businesses bought infrastructure to accommodate peak loads, which meant they paid for resources that were idle most of the time. In contrast, the cloud’s scalability allows businesses to scale up and down as demand changes. In a well-managed cloud environment, businesses make significant savings by not paying for idle infrastructure. 

3. Outsourced Infrastructure Management

Cloud platforms like AWS take care of the physical infrastructure and much of the virtual infrastructure. Cloud users are free to focus their IT resources where they generate the most value. Instead of monitoring and managing physical servers and their components, they can spin up virtual machines or take advantage of higher-level Platform-as-a-Service and Software-as-a-Service tools. Users don’t have to worry about the implementation details because they are outsourced to the cloud provider. 

4. A Diverse Array of Enterprise-Grade Services

The variety of enterprise-grade services AWS provides would be extremely costly for a business to build independently. For example, AWS makes it straightforward to build highly available cloud environments with redundant infrastructure distributed across availability zones, data centers, and even continents. These redundancy and availability features are baked into the platform, and they are available to all businesses, from sole traders to giant corporations. 

5. Best-in-Class AWS Security

AWS offers many services and tools to help businesses improve security and compliance. We’ve written extensively about AWS security services and best practices in previous articles, including:

In the early days of cloud computing, businesses worried moving to the cloud would increase security risks.  They thought giving up infrastructure and software control would lead to more security vulnerabilities. In fact, the opposite is the case. Most cloud security and compliance issues are the results of cloud user error and misconfiguration. 

AWS provides tools and services to help improve security, but it’s up to businesses to use them correctly. Another way of putting it is that businesses and AWS share responsibility for cloud security. The dividing line between the user’s responsibility and the platform’s responsibility is not always clear, and it can be challenging for businesses without cloud expertise to make the right decisions. 

KirkpatrickPrice is here to help make sure your transition to the cloud is smooth and secure. We provide a comprehensive array of cloud security services to empower businesses to make the most of AWS while maintaining excellent security and compliance, including:

To learn more about cloud security and compliance, check out our cloud security resources or contact a KirkpatrickPrice information security specialist.

Dallas, Texas – July 2022 – Trinity Real Estate Solutions, a leading national provider of construction lending services, specialty inspections and appraisals, announced the completion of its annual SOC 2 Type II audit for the fourth year in a row. Performed by KirkpatrickPrice, the attestation certifies Trinity’s ceaseless commitment to protecting its clients’ confidential data while confirming the highest level of standards, processes and controls for data privacy and security.

“Data security remains one of our top priorities, and we believe the amount of time and rigorous effort required to complete this attestation every year assures our customers of our dedication to standardizing and streamlining Trinity’s security practices, operational environment and policies and procedures,” explains Steve Fontaine, VP Services, Trinity. “With the increasing threats of ransomware attacks, data breaches, and IT outages, we are diligent to protecting our clients’ most critical assets and allowing them to focus on what they do best in their respective businesses”

“The SOC 2 audit is based on the Trust Services Criteria,” said Joseph Kirkpatrick, President of KirkpatrickPrice. “Trinity Real Estate Solutions delivers trust-based services to their clients, and by communicating the results of this audit, their clients can be assured of their reliance on Trinity Real Estate Solutions’ controls.”

A SOC 2 audit provides an independent, third-party validation of a service organization’s information security practices as required by the American Institute of Certified Public Accountants’ (AICPA.) During the audit, a service organization’s non-financial reporting controls are tested as they relate to security, availability, processing integrity, confidentiality, and privacy of a system. The SOC 2 report delivered by KirkpatrickPrice verifies the suitability of the design and operating effectiveness of Trinity’s controls to meet the standards for these criteria.

About Trinity Real Estate Solutions:

Trinity Real Estate Solutions®, Inc. is a national provider of residential and commercial construction lending services, including draw inspections, appraisals, and loan administration services. Its products are designed to mitigate risk and provide onsite assessments of properties. Trinity serves customers in the banking, mortgage lending, insurance, and credit-card industries, providing a comprehensive suite of solutions through five unified companies. Headquartered in Irving, Texas, Trinity partners with thousands of field appraisers, inspectors, contractors, engineers, architects, surveyors, and brokers across the country. They serve small, regional, and national customers. For more information, visit www.trinityonline.com or follow Trinity on LinkedIn.

About KirkpatrickPrice:

KirkpatrickPrice is a licensed CPA firm, PCI QSA, and a HITRUST CSF Assessor, registered with the PCAOB, providing assurance services to over a thousand clients in North America, South America, Asia, Europe, and Australia. The firm has more than a decade of experience in information security by performing assessments, audits, and tests that strengthen information security practices and internal controls. KirkpatrickPrice most commonly performs assessments on SOC 1, SOC 2, PCI DSS, HIPAA, HITRUST CSF, GDPR, ISO 27001, FISMA, and FERPA frameworks, as well as advanced-level penetration testing. For more information, visit www.kirkpatrickprice.com, follow KirkpatrickPrice on LinkedIn, or subscribe to our YouTube channel.

Cybersecurity firm KirkpatrickPrice announced the promotion of Stephanie Rodrigue to Chief Operating Officer and Maggie Austin to Vice President of Operations. These changes to KirkpatrickPrice’s operational leadership empower the team to ensure quality and assurance in all things.

As COO, Rodrigue is responsible for ensuring all aspects of daily operations run smoothly. Rodrigue oversees daily administrative and operational functions, reporting directly to the President & Founder, Joseph Kirkpatrick. Rodrigue joined KirkpatrickPrice in 2016 working in Sales before leading the Client Success Team as Vice President. Rodrigue has been an instrumental member of the executive leadership team by building a successful Client Success function and leading strategic initiatives across all areas of the company. Rodrigue demonstrates a vast knowledge of the KirkpatrickPrice mission, inspiring our clients to achieve greater levels of security and compliance assurance.

When asked about her new role, Rodrigue said, “I am proud to be a part of a team that is dedicated to helping our clients teach their security and compliance goals. I look forward to the continued service of our team members and clients as they work together to defend against cyber security threats.”

As the VP of Operations, Austin ensures quality in all operational practices, leading the Professional Writing, Quality Assurance, and Training departments. Austin joined KirkpatrickPrice in 2011 as a Professional Writer and within a year became the leader of that team as the Director of Professional Writing. Austin is known as an indispensable resource for every team at KirkpatrickPrice and is a trusted, strategic member of the leadership team.

“It has been an honor to grow alongside this amazing company for the past 11 years, and I look forward to the impact KirkpatrickPrice will continue to have in our industry,” Austin said.

Both the firm and its leader, Joseph Kirkpatrick, are thrilled to announce these promotions and to see the growth within its team.

“Stephanie and Maggie are the very best KirkpatrickPrice has to offer. Their experience and vision are based on a sincere desire to serve our clients and improve security and compliance for businesses worldwide. Their leadership allows us to scale and support our team members more effectively,” Kirkpatrick said.

About KirkpatrickPrice:
KirkpatrickPrice is the leader in cyber security and compliance audit reports. Our experienced auditors know audits are hard, so they take complicated audits such as SOC 1, SOC 2, PCI DSS, HIPAA, HITRUST, GDPR, and ISO 27001 and make them worth it. The firm has issued over 10,000 reports to over 1,200 clients worldwide, giving its clients trusted results and the assurance they deserve. Using its Online Audit Manager, the world’s first compliance platform, KirkpatrickPrice partners its clients with an expert to guide them through the entire audit process, from audit readiness to final report. For more information, visit https://kirkpatrickprice.com, follow KirkpatrickPrice on LinkedIn, or subscribe to our YouTube channel.

Independent Audit Verifies Uptake’s Internal Controls and Processes

CHICAGO –– May 31, 2022 –– Uptake, a leader in industrial intelligence, announced today that
it has completed its SOC 2 Type II audit, performed by KirkpatrickPrice. SOC 2 compliance
demonstrates that software-as-a-service (SaaS) applications have the necessary controls and
processes in place to protect data processed on their systems, and is a critical criterion for
evaluating the security of software vendors.

“The safety and cyber-security of industrial data and systems are critical for our customers and
partners, and they’re core to our products and services,” said Linda Bartman, President, Uptake.
“We’re committed to ensuring data entrusted to Uptake is secure and available for all of our
customers’ objectives –– from digital transformation to sustainability initiatives.”

A SOC 2 audit provides an independent, third-party validation that a service organization’s
information security practices meet industry standards stipulated by the AICPA. During the
audit, a service organization’s non-financial reporting controls, including security, availability,
processing integrity, confidentiality, and privacy, are tested. The SOC 2 report delivered by
KirkpatrickPrice verifies the suitability of the design and operating effectiveness of Uptake’s
controls to meet the standards for these criteria.

“The SOC 2 audit is based on the Trust Services Criteria,” said Joseph Kirkpatrick, President of
KirkpatrickPrice. “Uptake delivers trust-based services to their clients, and by communicating
the results of this audit, their clients can be assured of their reliance on Uptake’s controls.”
For more on Uptake’s commitment to cybersecurity, visit:

About Uptake:

Uptake provides industrial intelligence software-as-a-service (SaaS), translating data into
smarter operations. Driven by unified data management and industrial data science, Uptake
enables and delivers actionable insights that predict asset failure, advance ESG initiatives,
mitigate catastrophic risk, optimize maintenance strategy, and protect operator safety. With 48
patents and recognition by Gartner, Verdantix, the World Economic Forum, CNBC, and Forbes,
Uptake is based in Chicago, with an office in Mississauga, Ontario, and has a presence around
the world. To stay up-to-date on what we’re doing, visit us at www.uptake.com and follow us on
LinkedIn and Instagram.

About KirkpatrickPrice:

KirkpatrickPrice is a licensed CPA firm, PCI QSA, and a HITRUST CSF Assessor, registered
with the PCAOB, providing assurance services for over a thousand clients in North America,
South America, Asia, Europe, and Australia. The firm has more than a decade of experience in
information security by performing assessments, audits, and tests that strengthen information
security practices and internal controls. KirkpatrickPrice most commonly performs assessments
on SOC 1, SOC 2, PCI DSS, HIPAA, HITRUST CSF, GDPR, ISO 27001, FISMA, and FERPA

frameworks, as well as advanced-level penetration testing. For more information, visit
www.kirkpatrickprice.com, follow KirkPatrickPrice on LinkedIn, or subscribe to our Youtube
channel.

CONTACT
Uptake
press@uptake.com, + 1 312-242-2167

 The General Data Protection Regulation (GDPR) imposes security and privacy regulations that apply to businesses that store or process European Union residents’ personal data. It enacts a broad range of measures to give data subjects control over their data and protect them from unauthorized exposure.

 Encryption is a vital aspect of obtaining GDPR compliance. Encryption protects your organization so that in the event that data is lost, stolen, or compromised, there is a line of defense.  Adding encryption as a layer of protection for your data strengthens your organization’s ability to protect that data in a way that complies with the regulation and provides assurance to your clients. Businesses with EU users and customers need to know what GDPR encryption rules mean for their data security and privacy efforts.

What Does The GDPR Say About Encryption?

The GDPR does not mandate specific technologies or implementations, so no rule says, “you must encrypt personally identifiable data.”  However, GDPR Article 32 (1) states that data controllers and processors must implement appropriate technological and organizational measures to secure personal data. Encryption is suggested as a measure that can help businesses to achieve their GDPR compliance objectives.

Encryption is the best way to protect data, provided it’s used as part of a secure system. Encryption is often built into infrastructure hosting platforms, and effective encryption technology is available to all businesses at a minimal cost. 

Privacy audits can feel overwhelming.

Privacy laws and regulations are constantly changing, and the process feels overwhelming. This guide will help you feel more confident as you prepare for your next privacy audit.

Get the Guide

1. Assess Which Data Falls Under the GDPR

The first step is to discover which personal data your business stores, processes, or transmits. That includes knowing which data is in scope for the GDPR, where it’s stored, and the privacy and security measures the business uses to protect it. Ignorance isn’t a defense; businesses often breach the GDPR by failing to protect information they don’t realize contains personal data.

A Data Protection Impact Assessment (DPIA) can help businesses discover whether encryption is appropriate. A DPIA assesses data processed by an organization to determine whether it poses a risk under the GDPR. It considers the data’s nature, the level of risk, and the measures that could be taken to mitigate risk, including encryption.  GDPR provides a template that can guide your organization through this process.  

2. Develop GDPR Encryption Policies

Encryption policies should clearly describe how and when data processed by your organization is to be encrypted. Encryption policies help avoid mistakes caused by ad-hoc and inconsistent implementation. 

Encryption policies supported by the organization’s leadership have two main benefits: 

  • They provide a foundation on which specific procedures can be based, allowing the organization to develop consistent GDPR encryption practices to achieve compliance objectives while meeting the varied needs of different systems and data types.
  • They can mandate training requirements for relevant staff to ensure they know encryption policies, procedures, and responsibilities. Many data breaches occur because employees fail to follow encryption best practices by, for example, downloading personal data to an unencrypted portable drive or uploading it to an improperly configured cloud storage service

3. Encryption, GDPR, and Data in Transit

Data is said to be in transit when it is moved between systems or components of a system. For example, data in transit might be information submitted by a customer in a web browser or data delivered to a third-party processor by a business.  Data in transit is at particular risk as it travels over open networks outside the influence of the data controller or processor. Standard encryption measures to protect data in transit include virtual private networks (VPNs) or HTTPS encryption using TLS certificates. 

4. Encryption, GDPR, and Data At Rest

Data at rest is often considered a lower risk than data in transit because security measures should prevent an attacker from accessing internal storage devices. However, software vulnerabilities, insider threats, and phishing attacks may allow attackers to circumvent network border protections and steal unencrypted data. If data is encrypted at rest using securely managed keys, the attacker gets nothing of value. Encryption at rest is part of a layered approach to data protection and GDPR compliance. 

5. Understand GDPR Encryption Requirements

There are many ways to encrypt data, but some are more effective than others. As computing power increases and cryptography advances, older standards and algorithms become easier to crack. To comply with the GDPR,  use up-to-date, well-tested cryptographic tools that conform to reputable standards. While the GDPR doesn’t specify tools and standards, businesses typically rely on cryptographic security standards such as FIPS 140-2 and FIPS 197 in concert with broader information security standards such as ISO 27001 Annex A.10.1.

GDPR Compliance with KirkpatrickPrice

KirkpatrickPrice provides a range of services that can help your business comply with the GDPR and other information security regulations, including ISO 127001 audits, SOC 2 audits, and compliance audits for other regulations and standards. Businesses seeking to improve GDPR compliance also benefit from security awareness training, penetration testing, and remote access security testing.