Keebo Achieves SOC 2 Type II Certification

Type 2 certification demonstrates Keebo’s commitment to secure design and operations so you can try it with confidence.

Introduction

In 2022, there were 1,802 data compromises in the USA alone, affecting over 400 million individuals. It is natural, then, that when you are considering a B2B SaaS product, you should not only investigate its design, but also demand independent auditing as well. At Keebo, we are ready for you to examine both our design and our certifications. Let’s start by discussing SOC 2 compliance and what it means for you.

SOC 2 Type II Compliance

The American Institute of Certified Public Accountants (AICPA) has instituted System and Organization Controls (SOC) as a voluntary and open standard for security and privacy. SOC is the ideal certification for SaaS companies that handle the data of other companies because of its focus on trust criteria and internal controls. SOC 1 focuses on an organization’s internal financial controls and reporting, while SOC 2, which is more relevant for SaaS companies, is all about the trustworthiness of an organization when handling customer data. SOC 2 Type II should really be considered “table stakes” for evaluating any SaaS product.

There are hundreds of articles on the web about SOC 2, so I won’t cover it here. But as a summary, SOC 2 considers 64 criteria in 5 overlapping categories:

1. Security: firewalls, intrusion detection, and authentication.
2. Availability: performance monitoring, disaster recovery, incident handling.
3. Confidentiality: encryption, access controls, firewalls.
4. Processing integrity: quality assurance, process monitoring, adherence to principle.
5. Privacy: access control, multi-factor authentication, encryption.

In addition, there are 2 types of SOC 2 compliance:

• Type I: Certifies that an organization’s systems actually meet the relevant criteria at a specific point in time. 
• Type II: Certifies the actual effectiveness of the organization by auditing them on regular intervals.

Type II is more difficult to achieve because it requires expensive, regularly-occurring audits. This gives you confidence that Keebo not only has the standards and processes to be SOC 2 compliant, but that we actually live up to those standards and processes over the long term. We didn’t simply pass a one-time test, but proved our ongoing capability and trustworthiness.

When you approach your organization’s security team about our free trial, you can not only feel good about our security capabilities but you can save a lot of time since our standards and practices are known and audited. You can view our SOC 2 summary on our website (the full version requires an NDA–ask your Keebo account rep for access).

Keebo Security Principles for Warehouse Optimization

You can see for yourself how Keebo’s Warehouse Optimization works and is managed, including security, with our detailed evaluation guide. But while I’ve got you here, let’s summarize our security principles for our popular Warehouse Optimization for Snowflake.

• Access only usage metadata (76 fields total), never user data. This is perhaps the most important point: you don’t need to give Keebo access to user data for Warehouse Optimization. Even metadata fields that could be sensitive, such as query text, are encrypted in the customer’s environment before Keebo sees them. You can see the exact fields we access in our security setup document.
• Run within dedicated instances, separating each customer’s queries and models.
• Encrypt all communications during transit and at rest (TLS1.2, Google KMS using FIPS 140-2 Level 3).
• Automated monitoring of code with every release, plus regular 3rd-party penetration testing.
• All computations carried out inside DB.

Start a Free Trial

We like to say that our products are fully-automated, fast, and friendly. Our security principles–backed by SOC 2 Type II certification–make these more than just taglines. Our customers consistently mention how easy it was for them to get started saving money with Keebo. Please let us know if you’d like to discuss a free trial for your organization.