SOFTWARE SECURITY

Windfall Recognized for Its Commitment to Data Security with Renewed SOC 2 Type 2 Certification

Windfall | September 02, 2022 | Read time : 02:50 min

Windfall
Today, Windfall Data, Inc. , the most trusted and accurate provider of insights and democratized intelligence on people, announced that it has once again successfully completed the Service Organization Control (SOC) 2 Type 2 audit. This certification validates the company’s ongoing commitment to data protection and security.

An industry recognized technical audit for technology & service organizations, SOC 2 Type 2 requires companies to establish and follow strict information security policies and procedures. The independent audit was conducted by Boulay PLLP, and has assessed internal controls involving security, availability, processing integrity, and confidentiality. The assessment applies to internal controls within the organization and encompasses the processing of data on behalf of its customers. As defined by the Trust Services Criteria set forth by the American Institute of Certified Public Accountants (AICPA), the SOC 2 Type 2 certification report is generally recognized as the gold standard for data security and re-validates Windfall’s commitment to protecting both company and customer data.

“Security and privacy have always been core company values at Windfall. “By re-completing our SOC 2 Type 2 certification, we are demonstrating to our customers that Windfall is accountable to the highest standards of data protection and requirements.”

Windfall CEO and Co-Founder, Arup Banerjee

Windfall analyzes vast amounts of data with advanced technologies like artificial intelligence and machine learning in order to give organizations deep insights into their data, and to activate those insights into business workflows. Because this data is sensitive, Windfall has top security measures in place to protect critical data from being lost or stolen and developed detailed policies to safeguard customer data, as demonstrated through SOC 2 Type 2 re-certification.

“We are intent on providing a platform that organizations can trust,” said Cory Tucker, CTO and Co-Founder of Windfall. “We’re excited to have achieved this security milestone for the second year in a row as it demonstrates the strength and seriousness of our commitment to privacy and security.”

ABOUT WINDFALL:
Windfall is a people intelligence and AI company that gives go-to-market teams actionable insights. By democratizing access to people data, organizations can intelligently prioritize go-to-market resources to drive greater business outcomes. Powered by best-in-class machine learning and propensity modeling, Windfall activates insights into workflows that engage the right people for each respective organization. More than 800 data-driven organizations use Windfall to power their business.

Spotlight

Dashlane Business supports login with single sign-on (SSO), using any SAML 2.0 enabled IdP. In a single-sign-on setup, the user doesn’t have to input UserMP . Instead, a random key is generated at account creation. This key (the data encryption key) is delivered to the Dashlane app after the user successfully logs in to the IdP, and it is used as a symmetric encryption key to encrypt and decrypt the user data.

Spotlight

Dashlane Business supports login with single sign-on (SSO), using any SAML 2.0 enabled IdP. In a single-sign-on setup, the user doesn’t have to input UserMP . Instead, a random key is generated at account creation. This key (the data encryption key) is delivered to the Dashlane app after the user successfully logs in to the IdP, and it is used as a symmetric encryption key to encrypt and decrypt the user data.

Related News

DATA SECURITY, ENTERPRISE SECURITY, SOFTWARE SECURITY

LastPass Security Dashboard With Dark Web Monitoring Capabilities Now Available to All Customers

Businesswire | April 10, 2023

LastPass announced the expanded availability of its Security Dashboard and associated dark web monitoring and alerting, making it the only password manager providing proactive credential monitoring for all customers, including those using the product for free. The Security Dashboard is the central hub where customers can monitor the overall security of all vault credentials, including exposure to the dark web, which allows customers to better protect themselves from potential breaches. “The Security Dashboard is an essential component of the partnership we have with our customers to help keep their data and private information secure,” said Christina Cho, Sr. Director of Product Management at LastPass. “We are committed to providing our customers with the knowledge and best practices necessary to make their password vault and digital presence as strong as possible.” The expanded rollout of the Security Dashboard comes as part of LastPass’ ongoing efforts to better educate customers on password and vault best practices. Using the Security Dashboard, all LastPass customers can now monitor, review and further secure their LastPass account and data within from one central location: Security Score: A customer’s security score is a score of 1% through 100% that analyzes use of LastPass’ security best practices, including the strength of vault passwords, use of multi-factor authentication, and dark web monitoring. List of At-Risk Passwords: Customers can see a list of passwords that are considered weak or are reused and can easily update them using the LastPass password generator to change them to strong and unique passwords. Enabling Multi-Factor Authentication: LastPass recommends customers enable multi-factor authentication to add an extra layer of protection to their LastPass vault. Dark Web Monitoring: Customers can enable dark web monitoring and receive real-time monitoring of email addresses saved to their vault against a database of compromised credentials from third-party breaches. If the email addresses are believed to be at risk, customers receive alerts immediately via email and within the Security Dashboard. In addition, when customers enable dark web monitoring, a one-time retroactive check for the previous 12 months is run against the list of email addresses. Customers who use LastPass for free and have selected their mobile phone as their device type can login via LastPass on a desktop web browser to view their Security Dashboard and turn on dark web monitoring. Customers can find more information about the LastPass Security Dashboard here. About LastPass LastPass is an award-winning password manager which helps millions of registered users organize and protect their online lives. For more than 100,000 businesses of all sizes, LastPass provides password and identity management solutions that are convenient, easy to manage and effortless to use. From enterprise password management and single sign-on to adaptive multi-factor authentication, LastPass for Business gives superior control to IT and frictionless access to users. For more information, visit https://lastpass.com. LastPass is trademarked in the U.S. and other countries.

Read More

DATA SECURITY, PLATFORM SECURITY, SOFTWARE SECURITY

AdaCore Launches RecordFlux

Businesswire | March 28, 2023

AdaCore, a trusted provider of software development and verification tools, today announced the launch of its new RecordFlux technology, designed to ease the development and security of binary communication protocols. The technology comprises a Domain Specific Language (DSL) to precisely describe complex binary data formats and communication protocols, and a toolset to verify specifications and generate provable SPARK code that can be executed on a target CPU. Through RecordFlux, users can define and implement complex communication protocols and prove security properties, such as memory safety, at much less cost and effort than would be possible with a manual approach. The precision of the RecordFlux DSL ensures that the specifications are unambiguous, the high-level nature of the DSL makes the specifications easily understandable by domain experts, and the expressive power of the DSL can capture the most complex real-world protocols. And since the RecordFlux code generator produces source code in the formal methods-based SPARK language, users can obtain automated proofs of a wide range of security properties in the resulting software. The net effect is more secure and reliable code, at lower cost. “Interaction between software components is governed by protocol and format specifications. Unfortunately, most specification documents are complex texts written in English which need to be translated to software implementations manually, leaving room for human error,” said Alex Senier, AdaCore’s RecordFlux Team Lead. “Logic errors and critical flaws are often poorly mitigated by the widespread use of unsafe programming languages, resulting in severe security vulnerabilities. With RecordFlux, we aim to provide a solution that saves time and money by automating provable code generation while ensuring the absence of low-level vulnerabilities like buffer overflows that attackers could exploit.” About RecordFlux RecordFlux is a toolset for creating high-assurance implementations of binary data formats and communication protocols. The technology includes a Domain Specific Language, a comprehensive toolset, and customized expert support. By using SPARK Pro, developers can take the SPARK code generated from RecordFlux specifications and automatically prove that the code is free of run-time errors and respects the original specification. Code generated by RecordFlux is also compatible with GNAT Pro Assurance, AdaCore’s complete solution for projects with the most stringent requirements for reliability, long-term maintenance, or certification. The compiler-hardening options provided by GNAT Pro Assurance can be used to mitigate further attacks on network-facing protocol-handling code. About AdaCore Founded in 1994, AdaCore supplies software development and verification tools for mission-critical, safety-critical, and security-critical systems. Over the years, customers have used AdaCore products to field and maintain a wide range of critical applications in domains such as commercial and military avionics, defense systems, automotive, railway, space, air traffic management/control, medical devices, and financial services.

Read More

ENTERPRISE SECURITY, PLATFORM SECURITY, SOFTWARE SECURITY

NordLocker introduces easier secure sharing option

Globenewswire | May 26, 2023

NordLocker has launched a new feature that allows users to securely share a password-protected locker, otherwise known as a folder, of files. In order to receive the sent files, the recipient doesn’t even need to be a NordLocker user. This convenient sharing feature is incredibly easy to use. The files are shared via a link, and the recipient needs a password to access the files. For security purposes, once the set expiration date passes, the link becomes inaccessible. Thanks to NordLocker’s end-to-end encryption, files are fully protected throughout their journey. “Whether it’s holiday videos or a client contract – here at NordLocker we believe that all files should be shared securely. With this new feature, we make secure sharing that much easier,” says Aivaras Vencevicius, head of product at NordLocker. Currently, this feature is available on NordLocker’s web application. Other improvements In addition, NordLocker has introduced biometrics on iOS, which allows a more convenient and quicker login. iOS users are now also able to download NordLocker application logs for more information on their app. As privacy is at NordLocker’s core, it’s worth noting that these activity logs are encrypted and stored on the customer’s side. NordLocker’s customer support can only see it if the user decides to share it with the NordLocker team. “With cybercrime rising every year, file encryption is becoming essential. We see that threats are becoming more sophisticated – phishing emails are becoming harder to detect, and malware is becoming more dangerous and advanced. Therefore I strongly recommend to treat your digital belongings just like you’d treat your physical assets – keep them locked up and secure,” says Aivaras Vencevicius, head of product at NordLocker. ABOUT NORDLOCKER NordLocker is the world’s first end-to-end file encryption tool with a private cloud. It was created by the cybersecurity experts behind NordVPN – one of the most advanced VPN service providers in the world. NordLocker is available for Windows, macOS, Android, iOS, supports all file types, offers a fast and intuitive interface, and guarantees secure sync between devices. With NordLocker, files are protected from hacking, surveillance, and data collection. For more information: nordlocker.com.

Read More