Aerohive Achieves ISO/IEC 27001 Certification for HiveManager Cloud Platform
When we ended 2018, we looked at some of our major accomplishments for the year. One of the things we promised for early 2019 was to finish the ISO/IEC 27001 certification for our Information Security Management Systems (ISMS). We take information security very seriously at Aerohive, and we’re proud to announce that we’ve just received our ISO/IEC 27001 certification.
“ISO/IEC 27001 certification of Aerohive’s cloud platform differentiates us once again, as it confirms our commitment to security and the strength and effectiveness of the processes and measures we have put in place to ensure a secure and safe networking experience for our enterprise customers,” said David Flynn, chief executive officer, Aerohive Networks. “This is in marked contrast with our leading competitors who use marketing sleight-of-hand, highlighting that they use ISO 27001 certified data centers, even though their cloud management platforms are not actually ISO/IEC 27001.”
There are very few ISO/IEC 27001 certified vendors in the enterprise WLAN industry, and Aerohive is proud to be one of them.
What Does ISO/IEC 27001 Certification Mean For Aerohive Customers?
We’ve developed and implemented a company-wide information security management system that complies with the requirements of the ISO/IEC 27001 certification standard. It’s one of our main goals to provide solutions to our customers that meet all of their information security requirements. By adopting the ISO/IEC 27001 certification, we will be following a worldwide standard for security. This certification will communicate to our customers that security is a core trait of life at Aerohive.
Our compliance will be regularly monitored through internal and external audits to ensure continuous improvement and to maintain security integrity for our customers.
The Facts About ISO 27001:2013 Certification
ISO/IEC 27001, an information security management system standard published by the International Organization for Standardization (ISO), the world’s largest developer of voluntary international standards, and the International Electrotechnical Commission (IEC). Aerohive’s certification was issued by A-lign, an independent and accredited certification body based in the United States on successful completion of a formal audit process.
ISO/IEC 27001 defines a process for establishing, implementing, maintaining and continually improving Information Security Management Systems in an organization. It also defines security controls covering personnel, physical security, logical security, security systems and business continuity. Accredited auditors perform an assessment of the organization’s ISMS to confirm compliance with the ISO/IEC 27001 requirements before a certificate can be issued.
Difference Between ISO/IEC 27001 Certified Companies vs. Non-Certified Companies:
Below is additional information about the differences between ISO/IEC 27001 certified companies and non-certified companies. When considering future network upgrades, ISO/IEC 27001 certification is something that should be required on your RFP, and be sure to ask for a copy of it.
|Aerohive||Non-ISO/IEC 27001-certified company|
|Keeps confidential data secure||Invests in an ISMS, securing critical customer data. Prioritizes investment in infosec best practices
|No ISMS, hoping for the best — but risking customer data. Without a proper ISMS, the system can be a “leaky bucket”|
|Enables secure info exchange||Audited, secure communication channels||No way to tell if it’s secure|
|Ensures meeting legal obligations (EU GDPR)||ISO 27001 prepares organizations for GDPR’s strict rules||It only takes one exposure to get slapped with hefty GDPR fines: up to 2% of annual worldwide turnover.|
|Helps company comply with other regulations (PCI DSS)||Similar security standards makes it easy to comply with PCI DSS’s credit card security regulations||If not compliant, companies must begin a lengthy, costly investment in securing systems|
|Ensures consistent service delivery||ISO 27001’s requirements ensure no disruptions in workflow||Without proper controls, there may be disruptions|
|Builds a corporate security culture||All staff is trained and tested in info security and data protection to ensure every interaction is handled with maximum security measures||The human factor is the weakest link in any organization; not intentionally, but through ignorance of sound IT protocol. Non-accredited companies don’t find out about these errors til months, or even years go by, because too often, the culprits are “trustworthy” staff, who’ve gotten undeserved permission to handle sensitive data|
|Manages and minimizes risk exposure||Because ISO 27001 takes a risk-based approach, it forecasts potential risks and ensures we are prepared to handle them||With no formal process in place, these companies could be headed for a breach|