Strategic Technology Solutions announced today that it has successfully completed the SSAE-21 SOC 2 Type II cybersecurity certification making them one of the only IT providers supporting law firms that hold this advanced security credential.
Strategic Technology Solutions (STS), a company that specializes in providing cybersecurity and managed IT services to the legal industry, announced today that it has successfully completed the SSAE-21 SOC 2 Type II cybersecurity certification. This makes STS one of the only managed service providers (MSPs) supporting law firms that hold this advanced security credential.
SSAE-21 SOC 2 Type II certification is a widely recognized auditing standard designed to assess and report on the effectiveness of a service organization’s internal controls over a period of time, particularly related to security, availability, processing integrity, confidentiality, and privacy.
STS has always endeavored to take an ethical and responsible approach to its business and pass this along to its clients, assuring them their valuable and confidential content is protected at the highest of levels.
“If we are not doing it at a high level, why should our clients?” explained James Waryck, CEO and co-founder at STS.
STS removes the “assumption” based aspect of understanding risk and outlines a clear picture and of what level of risk and exposure exists and how that risk would impact its clients’ law firms.
Security Risk
According to the International Legal Technology Association (ILTA), there were 1,860 data breaches in 2021, which was a record high. Eighty-one percent of them involved sensitive information (SSNs, birthdates, etc.).
Third-party vendor risk is a very real concern and understanding the vendors you’re working with is a critical aspect of a cybersecurity discipline. Law firms that are investing in securing their IT environment and mitigating risk to reduce the chances of exposure, should also be investigating the security of the third-party vendors to ensure they are doing the same.
If an IT vendor doesn’t have strong IT security controls in place, the law firm that is a client of theirs becomes an easy target through a supply-chain attack (where an attack of a vendor or supplier causes a breach for their clients).
Sam Sheth, who is the CIO and co-founder of STS noted, “How is an MSP going to protect your law firm data and do they have evidence to show these risks are being prevented? Many IT providers and vendors state they are certified, however, in our discovery they are not certified directly. They are claiming the use of an AWS or Azure-based environment is “secure or SOC2” so therefore they are too. That is an incorrect assumption, and that “secure” environment is based on AWS/Azure’s infrastructure, not the operating systems and tools that an MSP or vendor may utilize to conduct their own business operations.”
STS, and the MSP industry, are not required to be cybersecurity certified. No agency or organization holds MSPs to any type of standard (scary) currently. We believe it is the right thing to do!”
One of the early innovators within the managed IT services industry, STS began positioning the SMLA (Security Maturity Level Assessment) process, methodology, and approach early on as part of its sales and onboarding process. Very few, if any, especially those focused on the legal vertical, are doing this, in the company’s estimation.
Stringent Certification Process
The SSAE-21 SOC 2 Type II certification process is a grueling investment in time, resources, and money. However, obtaining this certification is critically important to the team at STS in proving its commitment to protecting its own and its clients’ sensitive information.
STS Commitment to Security
“We eat our own dog food,” stated Mr. Waryck. A core focus and unique aspect of its business is the foundation of cybersecurity. Guiding law firms through the journey of cybersecurity with them knowing that STS has already been through the process and continues to make the investment year over year gives clients a sense of relief and confidence.
Having experienced this process and achieving this level of certification over the last several years and being specialized and experienced, not only within the world of cybersecurity but also in the legal industry, provides STS with a sharp focus on helping its clients protect “their house.”
Security has generally been an afterthought within law firms. With STS, it is the basis for the foundation. The IT provider’s approach to cybersecurity outlines its client’s current cybersecurity maturity level, where the risks lie, the baseline, and how it can build from there. Its methods are backed with tangible evidence driven by the (Center for Internet Security) CIS 18 and (National Institute of Standards & Technology) NIST frameworks.
Mr. Waryck noted that it provides a “Vision backed by evidence to get the right information to the firm in order to make an educated and informed decision.”
Key Components of STS’s Cybersecurity Approach:
- Identifies gaps in cybersecurity programs across people, processes, and technology.
- Determines your current security maturity level base and desired level for your firm.
- Compares and contrasts your security maturity level with other firms facing similar challenges and risks.
- Recommends and prioritizes opportunities to improve your cybersecurity maturity level while reducing overall risk.
For more information on please visit Strategic Technology Solutions (STS) online.
About Strategic Technology Solutions
Strategic Technology Solutions has over 15 years of experience in the managed IT services space. It specializes in providing cybersecurity and managed IT services to the legal industry, and is proud to be one of the only providers that hold the SSAE-21 SOC 2 Type II certification.