Skip to content

Scale Computing Named to Prestigious 2024 MES Midmarket 100 List

Edge Computing Solution Provider Recognized for the Third Consecutive Year for its Forward-Thinking Technology and Positive Impact on Midsize Business Partners

INDIANAPOLIS — July 15, 2024 — Scale Computing, a market leader in edge computing, virtualization, and hyperconverged solutions, today announced that MES Computing, a brand of The Channel Company, has recognized Scale Computing on its 2024 MES Midmarket 100 list. The list recognizes top vendors that have proven themselves to be forward-thinking technology providers offering products and services that support midmarket organizations and drive growth and innovation for those customers.

Scale Computing was named to the list for its award-winning solutions that power the growth of its midmarket business partners. Scale Computing Platform (SC//Platform) brings together simplicity and scalability, replacing existing infrastructure and providing high availability for running workloads in a single, easy-to-manage solution. Eliminating complexity, reducing costs, and decreasing management time, SC//Platform delivers faster time to value than competing solutions and enables midsize organizations to run applications in a unified environment that scales from 1 to 50,000 servers.

“We are thrilled to be named to the exclusive MES Midmarket 100 list, as it reinforces our commitment to our midsize business partners,” said Jeff Ready, CEO and co-founder of Scale Computing. “Scale Computing provides organizations of any size the ability to scale quickly and affordably, without sacrificing cloud-like ease of use, scalability, and availability. We continue to be dedicated to driving growth and supporting innovation among our partners, allowing them to do more profitable and productive work. Our inclusion on the MES Midmarket 100 list clearly demonstrates our dedication to that mission.”

Winners were selected based on their go-to-market strategy, how they serve the midmarket, and the strength of their midmarket product portfolios. MES Computing defines the midmarket as those organizations with an annual revenue of $50 million to $2 billion and/or 100 to 2500 total supported users/seats.

“The MES Computing Midmarket 100 list recognizes the industry’s key vendors that are invested in meeting the technology needs of midmarket organizations. The products and services offered by these manufacturers are helping midmarket businesses innovate, grow and thrive,” said Samara Lynn, senior editor, MES Computing, The Channel Company. “Midmarket businesses are a critical driver of the U.S. economy, and we look forward to seeing how our Midmarket 100 honorees continue to serve this vital market segment.”

The MES Computing Midmarket 100 list is featured online at mescomputing.com/midmarket100.

About Version 2 Digital

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Scale Computing 
Scale Computing is a leader in edge computing, virtualization, and hyperconverged solutions. Scale Computing HC3 software eliminates the need for traditional virtualization software, disaster recovery software, servers, and shared storage, replacing these with a fully integrated, highly available system for running applications. Using patented HyperCore™ technology, the HC3 self-healing platform automatically identifies, mitigates, and corrects infrastructure problems in real-time, enabling applications to achieve maximum uptime. When ease-of-use, high availability, and TCO matter, Scale Computing HC3 is the ideal infrastructure platform. Read what our customers have to say on Gartner Peer Insights, Spiceworks, TechValidate and TrustRadius.

How SOC 2 Compliance Can Make or Break Your Business

With data breaches becoming more frequent and damaging, businesses must prioritize data security to maintain customer trust. SOC 2 (Service Organization Control) offers a comprehensive framework to ensure organizations manage and protect customer data effectively.

Developed by the American Institute of Certified Public Accountants (AICPA), SOC 2 is an auditing framework designed to evaluate and ensure that organizations manage customer data securely and responsibly. 

Achieving SOC 2 compliance is not just about ticking boxes; it is about building trust with your customers. When a company meets SOC 2 standards, it assures customers that their data is being protected with the highest security measures. This assurance is crucial in gaining and maintaining customer trust, which is a significant competitive advantage in today’s market. Furthermore, SOC 2 compliance helps companies meet various regulatory standards, showcasing a commitment to data protection that is increasingly demanded by both customers and regulators.

In essence, SOC 2 is more than just a certification; it is a testament to an organization’s dedication to maintaining high standards of data security and integrity. 

For companies looking to distinguish themselves in a crowded marketplace, SOC 2 compliance is a powerful tool that demonstrates a commitment to protecting customer data and meeting stringent regulatory requirements.

What are the Requirements and Criteria of SOC 2?

The Trust Service Criteria are a set of principles used in the SOC 2 framework to ensure the secure management and handling of customer data. 

There are five main criteria, defined by the AICPA:

  1. Security

The SOC 2 security principle ensures that sensitive information, including intellectual property, financial data, and personally identifiable information (PII), is securely controlled and protected. 

This involves validating access controls, utilizing Multi-Factor Authentication (MFA), implementing intrusion detection systems, and employing robust threat protection measures. By focusing on these areas, SOC 2 ensures that data security is maintained at the highest standard.

  1. Availability

The availability principle examines whether service providers can keep their systems fully operational, ensuring continuous service delivery. 

This involves assessing performance monitoring tools and processes to respond to security incidents promptly and effectively. By doing so, organizations can maintain high availability and reliability of their services, meeting customer expectations.

  1. Privacy

The privacy principle evaluates how an application or service processes personal information in line with the AICPA Generally Accepted Privacy Principles (GAPP). 

This includes ensuring that adequate access controls are in place to prevent unauthorized access and privileges. Verifying user identities, validating devices, and limiting privileged access are crucial steps in maintaining privacy and protecting personal data.

  1. Confidentiality

Organizations must ensure that their confidential or sensitive data is effectively protected against unauthorized access. 

The SOC 2 confidentiality principle validates these protections through the implementation of access controls, data encryption, and firewalls. These measures are essential in safeguarding sensitive information and maintaining trust with customers.

  1. Processing integrity

The processing integrity principle focuses on the accuracy and reliability of data processing. 

Through quality assurance and monitoring controls, service providers can ensure that their processes for storing, delivering, modifying, and retaining data are secure and effective. Organizations must be prepared to implement and manage these controls to protect customer data and maintain the integrity of their services.

How Does a SOC 2 Audit Work?

A SOC 2 audit is a comprehensive evaluation process that assesses an organization’s controls and processes related to security, availability, processing integrity, confidentiality, and privacy. 

There are 2 types of SOC 2 audits:

  1. Type I Audit

A Type I SOC 2 audit evaluates the suitability of the design of an organization’s controls at a specific point in time. It provides an independent assessment that the controls are appropriately designed to meet the selected trust service criteria (security, availability, processing integrity, confidentiality, and privacy). The Type I report details the organization’s systems and the effectiveness of the controls based on their design.

Type I is useful for organizations looking to provide initial assurance of their control design and readiness for future operations.

  1. Type II Audit

A Type II SOC 2 audit goes beyond the design evaluation and also assesses the operational effectiveness of these controls over a period of time, typically over a minimum period of six months. The Type II report provides a more comprehensive view by verifying whether the controls are not only designed effectively but are also operating as intended during the audit period. This includes testing the controls and reviewing evidence of their implementation and effectiveness.

Type II is preferred for organizations seeking comprehensive assurance and demonstrating an ongoing commitment to maintaining effective controls.

Both Type I and Type II audits are valuable for organizations aiming to achieve SOC 2 compliance, depending on their specific needs and the level of assurance required by clients and stakeholders regarding the security and integrity of their systems and data handling practices.

How Important is SOC 2 for Businesses?

SOC 2 (Service Organization Control 2) is critically important for businesses, especially those involved in technology, cloud services, and data management. 

Achieving SOC 2 compliance signifies that an organization adheres to rigorous standards in managing and protecting customer data. This certification not only enhances credibility but also builds trust with clients and partners by demonstrating a commitment to data security and privacy. 

The SOC 2 report holds significant importance for companies that use services from providers. Because these services are crucial, it’s essential to audit and validate them for internal controls, particularly concerning information security, processing integrity, and data reliability.

In today’s regulatory environment, SOC 2 compliance is often a requirement for doing business, as it helps companies meet industry-specific regulations and contractual obligations. Moreover, SOC 2 provides a competitive edge by assuring potential clients that their data will be handled securely, thereby reducing the risk of data breaches and associated liabilities. 

How to Get SOC 2 Compliance

Obtaining a SOC 2 report involves several essential steps that require collaboration between the organization and an independent auditor. These ensure that organizations meet the stringent standards set forth by the AICPA for managing and protecting customer data. 

Here’s a detailed guide on how to obtain SOC 2 compliance:

  1. Define the Scope and Objectives

First, define the scope of your SOC 2 compliance effort. This involves identifying the systems and services that will be included in the audit. Determine which of the five trust service criteria (security, availability, processing integrity, confidentiality, and privacy) are relevant to your organization’s operations and client expectations.

  1. Perform a Gap Analysis

Conduct a thorough gap analysis to identify any existing controls and processes that do not meet SOC 2 requirements. This assessment helps pinpoint areas that need improvement or additional controls to ensure compliance. Document all findings from the gap analysis as they will guide your compliance efforts.

  1. Implement Necessary Controls

Based on the gap analysis, implement or enhance controls and processes to meet SOC 2 requirements. This may include:

  • Security Controls: Implementing access controls, encryption measures, and intrusion detection systems.
  • Availability Controls: Ensuring redundancy and failover mechanisms to maintain service availability.
  • Processing Integrity Controls: Implementing data validation and error handling processes.
  • Confidentiality Controls: Implementing measures to protect sensitive data from unauthorized access.
  • Privacy Controls: Implementing procedures for handling personal data in accordance with privacy policies and regulations.

  1. Document Policies and Procedures

Create and document policies and procedures that outline how each control is implemented, monitored, and maintained. This documentation is crucial as it provides evidence to auditors that your organization has established and follows effective controls.

  1. Conduct Internal Testing and Audits

Before undergoing a formal SOC 2 audit, conduct internal testing and audits to verify that the implemented controls are operating effectively. This step helps identify and address any deficiencies or gaps in controls before the official audit.

  1. Select an Independent Auditor

Choose an independent CPA firm with SOC 2 expertise to conduct the audit. Ensure that the auditor understands your organization’s operations, the scope of the audit, and the relevant trust service criteria.

  1. Undergo the SOC 2 Audit

During the audit, the auditor will review your documentation, interview personnel, and test the effectiveness of controls. For a Type I audit, the focus is on the design of controls at a specific point in time. For a Type II audit, the auditor will assess both the design and operational effectiveness of controls over a specified period.

  1. Receive the SOC 2 Report

After completing the audit, the auditor will issue a SOC 2 report. This report includes:

  • A description of your organization’s systems and services.
  • The auditor’s opinion on whether the controls are suitably designed and, for Type II audits, whether they are operating effectively.
  • Details of any control deficiencies or areas for improvement.

  1. Address any Findings

If the audit identifies deficiencies or areas for improvement, address these findings promptly. Implement corrective actions and remediate any issues to enhance your controls and ensure ongoing compliance.

  1. Maintain Ongoing Compliance

SOC 2 compliance is not a one-time achievement but an ongoing commitment. Continuously monitor and update your controls to adapt to changes in technology, regulations, and business operations. Conduct regular internal audits and assessments to ensure that your organization maintains SOC 2 compliance over time.

By following these steps and committing to robust data security and management practices, organizations can achieve and maintain SOC 2 compliance, demonstrating to clients and partners a commitment to protecting their data and meeting industry standards.

How does senhasegura help companies obtain SOC 2?

Our comprehensive suite of features ensures that companies efficiently and effectively meet the stringent regulations necessary to obtain SOC 2 certification. 

By leveraging senhasegura, organizations can securely protect and manage their data, thereby consolidating regulatory compliance and fostering trust among stakeholders.

Here are the key features senhasegura uses to help companies meet SOC 2 regulations:

  • Access control: senhasegura allows only authorized individuals to access critical systems and information, aligning seamlessly with SOC 2’s security principles.
  • Monitoring and auditing: Our platform monitors and records all activities of privileged users, facilitating thorough review and auditing of access and modifications—a critical requirement for SOC 2 compliance.
  • Credential management: senhasegura securely creates, renews, and stores passwords, minimizing the risk of credential exposure and preventing unauthorized use.
  • Multifactor authentication: We enforce MFA to add an extra layer of security, requiring multiple forms of verification before granting access.
  • Secure remote session: Administrators can securely access remote systems without knowing passwords, enhancing security and traceability.

Commitment to Compliance and Security

At senhasegura, we conduct rigorous independent audits to ensure the integrity and reliability of our security, privacy, and compliance controls. These audits are instrumental in helping our clients achieve their information security objectives and comply with the most stringent regulatory standards.

Industry-Leading Certifications

In addition to SOC 2 and SOC 3 reports, senhasegura holds prestigious certifications that underscore our commitment to excellence in digital security:

  • ISO 27001: This international standard validates our implementation of a robust Information Security Management System (ISMS), ensuring comprehensive protection against threats.

  • GPDR Compliance: We adhere strictly to the General Data Protection Regulation, safeguarding the security, privacy, and integrity of users’ personal data through stringent processing and protection protocols.

Transparency and Trust

All our certifications and reports are accessible in our Trust Center, underscoring our dedication to transparency and security in every operation. These credentials affirm senhasegura’s position as a leader in digital security, prioritizing the protection and success of our valued customers.

Conclusion

As data breaches continue to pose significant risks, businesses must prioritize robust data security measures to reassure customers and adhere to regulatory standards. SOC 2 offers a structured framework for evaluating how organizations manage and protect sensitive data. 

Achieving SOC 2 compliance isn’t just about meeting regulatory checkboxes; it’s about demonstrating a steadfast commitment to data security and privacy. By adhering to the stringent criteria of security, availability, processing integrity, confidentiality, and privacy, companies not only mitigate risks but also enhance their credibility in the marketplace. 

SOC 2 compliance not only safeguards data but also empowers organizations to thrive in an environment where trust and transparency are more important than ever. Top-rated PAM solutions like senhasegura can make compliance easy.

About Segura®
Segura® strive to ensure the sovereignty of companies over actions and privileged information. To this end, we work against data theft through traceability of administrator actions on networks, servers, databases and a multitude of devices. In addition, we pursue compliance with auditing requirements and the most demanding standards, including PCI DSS, Sarbanes-Oxley, ISO 27001 and HIPAA.

About Version 2 Digital

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

How to find PKIX-SSH services on your network

What is PKIX-SSH?

PKIX-SSH is a fork of OpenSSH which has been modified to support X.509 v3 certificate authentication. runZero often sees this on network management devices and baseband management controllers.

Latest PKIX-SSH vulnerability: regreSSHion

On July 1, 2024 the OpenSSH team released version 9.8p1 to address 2 vulnerabilities. The most critical of the two allows Remote Code Execution (RCE) by unauthenticated attackers under certain situations. This vulnerability was discovered by Qualys and dubbed “regreSSHion“.

For more details and guidance for locating OpenSSH please see our prior OpenSSH Rapid Response post.

On July 6, 2024 PKIX-SSH version 15.1 was released to address the regreSSHion vulnerability which impacted versions 13.3.2 to 15.0.

Are updates or workarounds available?

Version 15.1 was released to address the vulnerability.

How to find potentially vulnerable PKIX-SSH systems with runZero

For locating assets with the impacted PKIX versions go the Software Inventory and use the following query:

name:"Roumen Petrov PKIX-SSH" (version:>13.3.1 AND version:<15.1)

Specific services can be found using the Service Inventory and the following query which will remove some of the versions known to be patched or otherwise not impacted:

protocol:ssh ( _service.product:="Roumen Petrov:PKIX-SSH:13.%" OR _service.product:="Roumen Petrov:PKIX-SSH:14.%" OR _service.product:="Roumen Petrov:PKIX-SSH:15.0" )  NOT  (os:OpenBSD OR banner:"PKIX[13.2" )

We have a canned query named “Rapid Response: OpenSSH regreSSHion RCE – PKIX-SSH” that can be used to locate potentially impacted systems.

About Version 2 Digital

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About runZero
runZero, a network discovery and asset inventory solution, was founded in 2018 by HD Moore, the creator of Metasploit. HD envisioned a modern active discovery solution that could find and identify everything on a network–without credentials. As a security researcher and penetration tester, he often employed benign ways to get information leaks and piece them together to build device profiles. Eventually, this work led him to leverage applied research and the discovery techniques developed for security and penetration testing to create runZero.

What to do if a scammer has your email address

Can you tell who has your email address?

Initially just a method for sending letter-like messages across the internet, email has now become an integral part of everyone’s digital lives. We use it when signing up for services, creating app accounts, sharing files with our friends and colleagues, shopping online, and more – essentially making email a virtual equivalent of an ID card.

Given its various applications, it’s easy to lose track of who has our email address. Most users wouldn’t be able to name everyone who knows their email if asked. Consequently, many people may not realize that their email address has fallen into the hands of someone who might exploit it for personal gain.

If you’re concerned, let us help you find out if your email address has been compromised and understand why it might have been.

How to tell if a scammer has your email

If you trust your observational skills, there are key signs you should watch for that could indicate a scammer has gained access to your email address. These signs often include:

  1. You get many scam emails

    Have you noticed an increase in emails asking for your personal information or claiming urgent action is needed? This could indicate that a scammer has your email address and is using phishing tactics to coerce you into exposing sensitive data.

  2. You receive unexpected 2FA requests

    If you get unexpected two-factor authentication requests for services you haven’t accessed, it could mean someone is trying to gain unauthorized access to your account using your email.

  3. You have problems logging into your online accounts

    Are you experiencing difficulties accessing your online accounts, even with the correct credentials? If so, then it is very likely that someone has used your email to gain access and changed your login information, effectively locking you out of your accounts.

  4. Your contacts received messages from your email address that you haven’t sent

    If your friends or colleagues mention receiving suspicious emails that appear to be from you, it could be that your email account has been compromised. The attacker might be using your account to deceive your contacts into sharing sensitive information that could be used against them.

Bear in mind, however, that today’s hackers know how to cover their tracks and operate discreetly to minimize any signs of wrongdoing. This is to say that finding out whether a scammer has exploited your email address can often be ambiguous and may require more than just keeping your eyes peeled.

Fortunately, there are digital tools available today that can help you find out if a breach has occurred. Take NordPass’ Data Breach Scanner, for example – a tool that scans the dark web for any mentions of your email address. With this solution, you can quickly check if your email address has been compromised and take the necessary action without having to monitor for signs of unusual behavior on your device.

 

What scammers can do with your email address

Although we’ve touched on this topic in the previous section, it’s crucial to take a closer look at the potential dangers posed by scammers who want to exploit your email address. First of all, malicious actors may use phishing tactics to trick you into revealing sensitive personal information, or they might distribute malware via deceptive emails in an attempt to compromise your device’s security.

Moreover, if hackers gain unauthorized access to your email account, they can commit identity theft and financial fraud, as well as take over your online accounts, and access other linked services and sensitive information stored in your email. All these risks highlight the urgent need for you to protect your email address and respond immediately to any signs of data compromise.

What you can do if a scammer has your email

Depending on the timing in the “a scammer got my email” scenario—whether it’s before or after they’ve used the email address for nefarious purposes—there are different actions you can (and should) take. Let’s explore both scenarios and discuss steps to protect your data.

If a scammer only has your email address

At this point, nothing critical has happened yet, but you should stay vigilant, as phishing attempts could arrive at any moment. This means you need to be extra aware that someone might try to use your email to gain access to your digital belongings.

To secure your account, first ensure your email password is complex (consisting of letters, numbers, and symbols arranged randomly) and at least 12 characters long to resist brute-force attacks. Consider using a robust password manager like NordPass to generate and store strong passwords for all your accounts—including email—so you can avoid creating weak passwords and stop relying on your memory for storage.

Second, enable multi-factor authentication (MFA) on your email account to make it extra difficult for cybercriminals to gain access. Additionally, regularly review your email account activity and set up alerts for unusual login behavior to catch any unauthorized access attempts early.

If a scammer has already gained access to your email account

Things get really serious when someone gains access to your email account and starts using it to wreak havoc. However, this doesn’t mean you have to stand by and watch a cyberattacker carry out their malicious activities. If your email account has been compromised, you can and should act quickly.

Firstly, if you still have access to your account, go to your email settings and change your password immediately. Then, request the platform to log you out of all sessions after the password change to block the hacker’s access and regain control. Also, if you haven’t already, enable multi-factor authentication (MFA) to prevent similar security incidents in the future.

If you cannot access your account because the hacker has changed your login credentials, contact your email provider as soon as possible to report the security breach. Inform them about your situation so that their customer support team can help you restore access, reset your password, and lock out any unauthorized parties.

Once you’re certain that access to your email account is secure again, run antivirus or antimalware tools to thoroughly scan your device for any lingering malicious software that may still pose a threat. Additionally, review your account activity to identify any unauthorized changes made by the attacker while they had access.

How to protect your email account

Whether you must react to an unauthorized account takeover or aim to prevent such incidents altogether, you have several options to safeguard your email account. We’ve already discussed some: using a data breach scanner to monitor if your email address has been compromised, strengthening passwords against brute force attacks, and enabling multi-factor authentication so that a password alone isn’t sufficient for access.

Another option we touched on earlier, but will expand on now, is using a password manager like NordPass to protect your email account. With NordPass, you can generate highly secure passwords for your email and all your other accounts, and store them all in an encrypted vault accessible only to you. You can also use NordPass as an authenticator app to provide two-factor authentication codes for enhanced security.

Additionally, NordPass comes with two major features that can help you significantly enhance your email account’s security. The first is the Data Breach Scanner feature, which, as you already know, scans the dark web to check if your email has been compromised. The other feature is Email Masking, which lets you create an artificial email address when you sign up for newsletters or online services, ensuring that you can avoid exposing your real email address if you choose not to.

NordPass offers all these features to help you elevate the security of your email account and more. Given its value, it would be a missed opportunity not to try it out in its 14-day trial, wouldn’t it? The choice is yours.

About Version 2 Digital

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About NordPass
NordPass is developed by Nord Security, a company leading the global market of cybersecurity products.

The web has become a chaotic space where safety and trust have been compromised by cybercrime and data protection issues. Therefore, our team has a global mission to shape a more trusted and peaceful online future for people everywhere.

×

Hello!

Click one of our contacts below to chat on WhatsApp

Social Chat is free, download and try it now here!

×