Nightfall
HomeLoginDeveloper PlatformContact Us
Search…
Introduction
Why Cloud DLP?
Product Updates
Operationalizing DLP
Informing & Coaching Business Users
Running Historical Scans
Alert Management Guiding Principles
Integrating with Security Tools
Detection Engine
Getting Started
How Detection Works
Detectors
Detection Engine FAQs
Evaluating Detection
Nightfall for Slack
Nightfall for Slack: Demo Video
Getting Started
Alert Management
Remediation Guide
Nightfall for Slack Overview
FAQs
Nightfall for GitHub
Real-Time Scanning
Historical Scanning
Nightfall for GitHub Overview
Radar API Reference
Exporting Reports & Results
Integrating Webhook Endpoints
Integrating with Jira
Remediation Guide
Managed Services
FAQs
NIGHTFALL FOR GOOGLE DRIVE
Getting Started
Alert Management
Nightfall for Google Drive Overview
Remediation Guide
Historical Scanning
Demo Walkthrough Video
Nightfall for Confluence
FAQs
Getting Started
Real Time Scanning
Historical Scanning
Alert Management
Remediation Guide
Nightfall for Jira
Nightfall for Jira Overview
Jira Remediation Guide
Getting Started
Nightfall For Salesforce
Getting Started
FAQs
Account Management
User Administration
Authentication Options
Compliance
SOC 2 Compliance
HIPAA Compliance
PCI Compliance
Resources
FAQs
Login to Nightfall
Developer Platform
Platform Status
Contact Us
Powered By GitBook
SOC 2 Compliance
Learn more about SOC 2 compliance and how Nightfall helps with it.
Many companies seek to become SOC 2 compliant to showcase their strong security practices for safeguarding their company’s and their customer’s data.
During SOC 2 compliance audit periods, auditors review that security controls are in place, triggered, and responded to appropriately to assess the strength of an organization’s security posture. Auditors generally look for a number of controls, including the following:
  • Information security practices that are documented & managed on an ongoing basis
  • Data classification policies and protocols that detail the security and handling of customer data

Nightfall’s Customer Success team specializes in helping you leverage the platform to meet your compliance needs successfully.
  1. 1.
    Configure detection rules that detect sensitive data your business handles. Select from common templates in our library for out of the box coverage.
  2. 2.
    Enable real-time monitoring on business applications that house sensitive data such as Slack, Google Drive, Confluence, Jira, and GitHub.
  3. 3.
    Implement manual or automated workflows and processes to remediate any findings.
  4. 4.
    Run historical scans to search for sensitive data that exists in data silos today.
  5. 5.
    Visualize historical scan results in a custom Nightfall dashboard.
  6. 6.
    Engage Nightfall’s Managed Services team to facilitate bulk remediation of sensitive data at rest in cloud silos.
  7. 7.
    Review and export scan results should they be required in the event of an audit.
The following table lists security practices and policies that companies should implement for a strong security posture. A data classification & protection platform like Nightfall can help companies enforce and manage these controls.
POLICY
WHAT DOES IT DETAIL?
HOW DOES NIGHTFALL HELP?
Data Classification & Management
Company should have procedures to classify data in accordance with classification policies and periodically monitor/update such classifications. The company stores and disposes of sensitive data, in a manner that:
  • Reasonably safeguards data confidentiality
  • Protects against the unauthorized use or disclosure of the data
  • Secures or destroys the data
Sensitive data should be validated and protected against unauthorized disclosure or modification, when in use, stored, or transported, to ensure information security and to mitigate risk against attacks.
✓ Identifies if sensitive data exists in a system or when it enters into an application in real-time
✓ Leverages variables such as internal/external visibility and permissions to prioritize findings by risk level
✓ Provides remediation capabilities
✓ Fulfills auditor checks against controls for data classification and information security policies
✓ Managed services team monitors configuration and alerting to facilitate management/improvement of the classification
Data Retention & Disposal
Company should maintain a process designed to prevent sensitive data from being exposed to unauthorized individuals.
✓ Provides remediation capabilities for real-time scans
✓ Enables companies to operationalize a process to remove or obscure sensitive data
Password Security
Company should ensure passwords and credentials are not hard coded or embedded in static code.
✓ Proprietary detectors intelligently find secrets and credentials across applications, including code repositories
Account Management - Previous
Authentication Options
Next - Compliance
HIPAA Compliance
Last modified 1yr ago
Copy link