Data breaches and cybersecurity risk looms large in today’s high-tech landscape, with digital security threats becoming more prevalent and sophisticated. A recent MIT Sloan report identified three main reasons for the rise of emerging risk and exposure to data theft: the “misconfiguration of cloud environments, the emergence of new and more dangerous types of ransomware, and increased exploitation of vendor systems.” These areas of vulnerability are presented globally but are certainly relevant to mortgage servicing susceptibility to cybersecurity threats. In light of these threats to the servicing digital ecosystem, staying ahead in your cybersecurity practices is not merely an option, it is a necessity.
Recognizing the critical importance of robust security measures, processes, and certifications has become paramount to successfully conducting a secure business, especially in a cloud-based Software as a Service (SaaS) environment. Clarifire understands this importance and has invested heavily in secure processes, including a rigorous commitment to achieving Security Trust Assurance and Risk (STAR) attestation. This is a new standard of security and further reflects our alignment with the growing cloud-based offerings that are becoming available to enhance industry security. Currently pioneering the implementation of Shared Security Responsibilities Model (SSRM) for cloud-based SaaS applications, Clarifire is poised to become one of the first in our industry to adopt this advanced standard and take a proactive approach to what matters to the industry and our clients.
At Clarifire, we are dedicated to enhancing our already robust cloud security standards to ensure we’re out ahead of the obstacles, whether it’s maintaining properly configured cloud environments, warding off ransomware attacks, or ensuring our strategic focus is clearly set on achieving the Cloud Security Alliance's STAR attestation. Our commitment is not just to elevate our security protocols but to deliver a secure cloud environment collaboratively with our clients.
Achieving Cloud Security Alliance STAR Level One
This year, our primary concentration is on obtaining the STAR Level One certification from the Cloud Security Alliance (CSA). This certification is foundational, providing assurance that we adhere to key principles of transparency, rigorous auditing, and harmonization of standards in cloud security. Achieving this level of certification signifies our commitment to maintaining and evolving superior security and privacy standards, as well as laying the groundwork for more advanced certifications.
Goal for STAR Level Two Attestation by 2025
Looking ahead, our ambition is to achieve STAR Level Two Attestation by 2025. This attestation goes a step further by requiring comprehensive third-party assessments of our security controls. The Level Two Attestation will demonstrate our ongoing commitment to cloud security excellence and provide our clients with a higher degree of confidence in our security practices.
.
Implementing a Shared Security Responsibility Model (SSRM)
To support these certification goals, we are rolling out a Shared Security Responsibility Model (SSRM). This model is designed to clearly outline the security responsibilities of Clarifire and our clients. It is an integral part of our approach to collaborative security, ensuring that all parties know their roles and contributions towards securing and protecting data. Starting immediately, all new clients will find the SSRM included in their Main Services Agreement. This inclusion ensures that every client is aware of and agrees to their part in securing the shared cloud environment from the onset of our partnership.
SSRM Categories of Responsibilities
With cloud computing, the traditional boundaries of security responsibilities often blur, leading to potential vulnerabilities. An SSRM addresses this issue by explicitly defining responsibilities, ensuring all parties know their roles, facilitating collaboration, and therefore becoming better equipped to protect against threats. This clarity, crucial for maintaining the integrity and security of data and services, can be categorized into three areas of security responsibilities.
- Client-Specific Responsibilities:
Clients are primarily responsible for ensuring data input accuracy and integrity, compliance with terms of service, integration with their systems, fraud detection, and adherence to the Office of Foreign Assets Control (OFAC) compliance.
- Clarifire-Specific Responsibilities:
Our responsibilities include managing the infrastructure, securing the platform, conducting software development and updates, ensuring system availability and reliability, adhering to compliance and regulatory standards, and managing changes effectively.
- Shared Responsibilities:
Both Clarifire and our clients create a commitment to collaborate and share responsibilities for crucial areas such as data security and privacy, identity and access management, security monitoring, reporting and managing security incidents, disaster recovery, and enhancing communication and collaboration. Additionally, we jointly focus on training and performance monitoring to ensure continual improvement.
Commitment to Continuous Improvement
Clarifire believes that security is a dynamic landscape that requires ongoing effort and constant vigilance. Our pursuit of CSA STAR certifications and the implementation of the SSRM are part of our broader strategy to not just improve our security posture, but also to actively involve our clients in the security process. This collaborative approach enhances our security frameworks and builds a stronger, more resilient security ecosystem.
We look forward to achieving these milestones and setting new standards in cloud security, with our clients and partners. At Clarifire, we are committed to leading the way, ensuring our clients can trust and rely on our services in a secure cloud environment. To learn more about our commitment to security, STAR attestation, SSRM certification, and the future benefits of shared responsibilities, contact us directly at 866.222.3370 or visit us at eClarifire.com. Find out why CLARIFIRE® is Truly BRIGHTER AUTOMATION®
Jane has applied her vast experience (over 25 years) operating process-driven businesses to successfully redefine client-focused service. Jane has worked with expert programmers to apply cutting-edge web-based technology to automate complex processes in industries such as Financial Services, Healthcare and enterprise workflow. Her vision confirms Clarifire's trajectory as a successful, scaling, Software-as-a-Service (SaaS) provider. A University of South Florida graduate, Jane has received many awards related to her entrepreneurial skills.
Like this article? Feel free to share this with a friend or colleague!
