Keepit 成功取得 SOC 2 鑑證

Keepit 很榮幸地宣布,我們已成功取得 SOC 2 Type 1 鑑證。此項重大的里程碑經由獨立稽核機構德勤(Deloitte) 的驗證,確認了我們的安全控制措施在設計與執行上均符合最高行業標準,以保護客戶資料。此項鑑證為我們的客戶和合作夥伴,提供了關於我們內部控制措施的獨立驗證評估,其範疇涵蓋由美國註冊會計師協會(AICPA)所定義的信賴服務準則,包括安全性、可用性、機密性及私隱性

這對我們的客戶意味著什麼

對於將資料託付給 Keepit 的企業而言,此項 SOC 2 鑑證能提供實質效益:

  • 經獨立驗證的安全性:它提供了正式的保證,證明我們保護資料的政策與程序不僅僅是口頭聲明,而是經過頂尖第三方稽核機構的審查與驗證。
  • 簡化的盡職調查:SOC 2 報告能簡化您的供應商風險評估與盡職調查流程,讓您能更輕易地確認 Keepit 符合您組織的合規要求。
  • 對透明度的承諾:此項成就展現了我們對透明度和持續改進的堅定承諾,鞏固了我們與每一位客戶建立的信任基礎。

此里程碑與我們現有的 ISO/IEC 27001 認證相輔相成,並強化了我們作為安全、可靠資料保護領域領導者的地位。

深入了解我們的 SOC 2 稽核

SOC 2 Type 1 稽核提供了一個特定時間點的快照,評估一個組織的安全控制措施是否經過妥善設計以達成其目標。由德勤執行的嚴謹稽核流程,包含了對 Keepit 108 項獨立內部控制措施的驗證。這些控制措施的評估橫跨多個業務職能和領域,包括:

  • 安全與維運:漏洞管理、網絡監控及修補。
  • 開發與品質保證:安全軟件開發生命週期(SDLC)實踐。
  • 資料與私隱:根據我們已發布的私隱政策處理個人資料的程序。
  • 人力資源:安全的員工入職、離職和培訓協定。
  • 實體安全:保護所有設施和系統存取安全的控制措施。

為了驗證每一項控制措施,我們的團隊提供了廣泛的證據,包括正式政策、書面程序和技術實施範例。

我們邁向 SOC 2 Type 2 的旅程

取得 SOC 2 Type 1 是一個關鍵的步驟,而非最終目的地。我們已經在為我們的 SOC 2 Type 2 評估做準備。Type 1 報告評估的是在特定時間點控制措施的設計,而 Type 2 報告則是評估這些控制措施在一段持續期間(通常為 6-12 個月)內的營運有效性。下一階段將驗證我們的控制措施不僅設計精良,並且能如預期般持續有效運作。這一進程反映了我們對問責制和營運韌性的承諾。

信任的基石

成功取得 SOC 2 Type 1 鑑證,是整個 Keepit 團隊辛勤努力的證明。它向我們的客戶和合作夥伴表明,我們已為資料保護建立了一個強大且可驗證的基準。我們將持續致力於維護最嚴格的安全標準,以保護客戶的資料並確保其業務連續性。

關於 Keepit

Keepit 立足於為雲端時代提供新世代的 SaaS 資料保護。其核心理念是透過獨立於應用程式供應商的雲端儲存,為企業關鍵應用加上一道安全鎖,不僅強化網路韌性,更實現前瞻性的資料保護策略。其獨特、分隔且不可變的資料儲存設計,不涉及任何次級處理器,確保符合各地法規,有效抵禦勒索軟體等威脅,並保證關鍵資料隨時可存取、業務不中斷,以及快速高效的災難復原能力。總部位於丹麥哥本哈根的 Keepit,其辦公室與資料中心遍及全球,已贏得超過 15,000 家企業的深度信賴,客戶普遍讚譽其平台的直覺易用性,以及輕鬆、可靠的雲端資料備份與復原體驗。

關於Version 2

Version 2 Digital 是立足亞洲的增值代理商及IT開發者。公司在網絡安全、雲端、數據保護、終端設備、基礎設施、系統監控、存儲、網絡管理、商業生產力和通信產品等各個領域代理發展各種 IT 產品。透過公司龐大的網絡、通路、銷售點、分銷商及合作夥伴,Version 2 提供廣被市場讚賞的產品及服務。Version 2 的銷售網絡包括台灣、香港、澳門、中國大陸、新加坡、馬來西亞等各亞太地區,客戶來自各行各業,包括全球 1000 大跨國企業、上市公司、公用事業、醫療、金融、教育機構、政府部門、無數成功的中小企及來自亞洲各城市的消費市場客戶。

安全入侵剖析:一份不可變備份如何阻止一場 5 分鐘的攻擊

安全入侵剖析:一份不可變備份如何阻止一場 5 分鐘的攻擊

現代的網絡攻擊是以分鐘,而非天數來計算。一道事故能否被控制、或演變成一場災難,其界線往往在資安團隊收到第一個警報前就已劃定。在近期一場 Black Hat 網絡研討會上,我們剖析了一次真實世界的安全入侵事件,其中高階攻擊者(後來被證實為威脅組織「絲綢颱風」Silk Typhoon)在數分鐘內攻陷了一個網絡。他們的攻擊迅速、無聲且有效 —— 直到他們撞上了一道無法攻破的防線:不可變性(Immutability)

入侵時間軸

第 0-1 分鐘:初始入侵 事件始於一位支援部門的管理員點擊了一個欺騙性連結。該釣魚頁面悄悄地竊取了一個有效的會話權杖(Session Token),讓攻擊者得以像合法使用者一樣,繞過多重要素驗證和條件式存取策略。邊界防線在 60 秒內失守。

第 2 分鐘:權限提升 憑藉竊取的權杖,攻擊者利用一個零時差漏洞,在一個 Azure 叢集內的 Kubernetes Pod 中部署了網站後門。僅用一個指令,他們就竊取了 Microsoft 365 服務主體密鑰,立即獲得了橫跨數十個租戶的委派管理權限。整個過程沒有觸發任何警報。

攻擊者的劇本:摧毀安全網

在取得高階憑證後,攻擊者啟動了典型的反鑑識策略,旨在讓復原變得不可能。他們深知只要備份存在,受害者就有機會恢復。他們的目標簡單而殘酷:

  • 清除稽核日誌:抹去他們活動的任何痕跡。
  • 刪除備份:發送大量刪除指令,以清除所有還原點。

透過移除證據和安全網,他們的目標是讓該組織別無選擇,只能進行談判。

轉捩點:不可變之牆

大約在第五分鐘,攻擊行動宣告瓦解。當攻擊者以高權限下達的刪除指令觸及備份儲存庫時,系統的回應並非遵從指令,而是一個強制停止的訊息:錯誤 403,物件已鎖定(Error 403, Object Locked)

該備份儲存層被設定了「一次寫入、多次讀取」(WORM)的不可變性,且在資料寫入的當下即被套用。這意味著一旦備份被寫入,在預設的保留期限到期前,任何人都無法對其進行修改或刪除 —— 無論其管理權限有多高。

攻擊者竊取的憑證變得毫無用處。他們就像撞上了一堵數位高牆,完全拒絕執行他們的指令。

事後結果:時間的恩賜

攻擊者無法摧毀備份,成為了這次攻擊鏈的關鍵斷點。雖然初始入侵以機器般的速度進行,但不可變性卻將事故應變的窗口從幾分鐘延長到了數天。在網絡安全領域,這猶如一生之久。

這份時間的恩賜,讓防禦方得以:

  • 在沒有壓力的情況下調查入侵事件。
  • 輪換所有被洩露的密鑰。
  • 有信心地控制事故的影響範圍。
  • 還原乾淨的資料並恢復商業營運。

團隊不再需要在洩密網站上與攻擊者談判,而是執行了一次受控的復原作業。

給資安領導者的關鍵啟示

這個案例研究提供了一個明確的教訓:您的備份是主要攻擊目標。一個意志堅決的攻擊者不會止步於您的邊界防線;他們會優先攻擊您的最後一道防線。

當備份真正具備不可變性時,即使是最強大的被盜憑證也無法將其摧毀。在這個真實世界的場景中,控制與災難之間的區別,完全取決於不可變性,這就是決定性的關鍵。

關於 Keepit

Keepit 立足於為雲端時代提供新世代的 SaaS 資料保護。其核心理念是透過獨立於應用程式供應商的雲端儲存,為企業關鍵應用加上一道安全鎖,不僅強化網路韌性,更實現前瞻性的資料保護策略。其獨特、分隔且不可變的資料儲存設計,不涉及任何次級處理器,確保符合各地法規,有效抵禦勒索軟體等威脅,並保證關鍵資料隨時可存取、業務不中斷,以及快速高效的災難復原能力。總部位於丹麥哥本哈根的 Keepit,其辦公室與資料中心遍及全球,已贏得超過 15,000 家企業的深度信賴,客戶普遍讚譽其平台的直覺易用性,以及輕鬆、可靠的雲端資料備份與復原體驗。

關於Version 2

Version 2 Digital 是立足亞洲的增值代理商及IT開發者。公司在網絡安全、雲端、數據保護、終端設備、基礎設施、系統監控、存儲、網絡管理、商業生產力和通信產品等各個領域代理發展各種 IT 產品。透過公司龐大的網絡、通路、銷售點、分銷商及合作夥伴,Version 2 提供廣被市場讚賞的產品及服務。Version 2 的銷售網絡包括台灣、香港、澳門、中國大陸、新加坡、馬來西亞等各亞太地區,客戶來自各行各業,包括全球 1000 大跨國企業、上市公司、公用事業、醫療、金融、教育機構、政府部門、無數成功的中小企及來自亞洲各城市的消費市場客戶。

CIO MarketPulse Survey: State of SaaS Data Protection

Key insights into how senior IT leaders are managing cloud data security.

A new survey of over 300 senior IT decision-makers in the US, Europe, and Asia-Pacific reveals significant gaps in how organizations are protecting their data in the cloud. The findings highlight the need for more robust, independent backup solutions to ensure business continuity in an increasingly complex threat environment.

Over-reliance on Native Backup

The survey found that **37% of respondents** rely solely on the native backup capabilities of their SaaS applications. This approach leaves them vulnerable to data loss and service disruptions, as native backups often have limitations.

Long Recovery Times

A staggering **11% of respondents** reported that it would take them a month or longer to recover data after a loss event—or that they might not be able to fully recover at all. This highlights a critical risk to business operations and continuity.

Recent Data Loss Events

Almost half of the organizations surveyed, specifically **49% of respondents**, have experienced a major data loss event in the past year, underscoring the real and immediate threat facing businesses today.

The Demand for Segregated Storage

Senior IT decision-makers are recognizing the need for independent backup solutions. **61% of respondents** stated that physically segregated storage is a key requirement for modern SaaS backup, showing a clear shift in industry priorities toward greater data security and control.

The survey results confirm that many businesses are at risk due to inadequate cloud data protection strategies. The findings strongly suggest that an independent, immutable, and physically segregated backup solution is essential for securing business continuity and mitigating data loss.

Download the report

 

Defining data governance and data classification

So, what is data governance and how does it relate to cyber resilience?

Existing under the broad umbrella of data management, data governance is a program — implemented via policies and standards — intended to ensure the availability, quality, and security of an organization’s data in accordance with applicable regulations and obligations (e.g., adhering to industry standards, fulfilling requirements for certifications, etc.).

Within data governance, data classification is the process of separating and organizing data into relevant groups (“classes”) based on their shared characteristics, such as the level of sensitivity, risks they present, and the compliance regulations that protect them.

Data governance underpins cyber resilience plans

An intelligent data governance program delivers several beneficial outcomes for organizations:

  • It helps to ensure the availability, quality, and security of an organization’s data, making it a foundational pillar of business continuity.
  • Data governance helps improve overall data accuracy and impacts outcomes based on that data — which can range from comparatively simple day-to-day business decisions and operations to more complex, forward-looking initiatives including AI-focused programs.
  • It helps to support organizational efforts to comply with regulations and other obligations, making it a cornerstone of compliance.
  • An effective data governance program also permeates the entire organization, increasing data literacy, data accessibility, and data scalability.

Do you know where your data is?

Of course, disaster recovery planning cannot start without a clear understanding and mapping of your data and its significance to your business. What data is crucial for us to continue running our operations? Who needs access to which data to do their job? Where do we store all of this critical data?

Knowing the answers to these questions will start your journey towards ensuring continuity in cases of data loss or cyberattacks. This is achieved through an efficient and effective data governance framework.

I hope that, with our new report in hand, CISOs and CIOs will be able to future-proof their modern, data-driven enterprises through effective data governance.

About Keepit’s new report, “Intelligent data governance: Why taking control of your data is key for operational continuity and innovation.”

Our report takes a practical approach to data governance by offering a resource to organizations for creating or adopting a framework that works best for them.

Key takeaways from the report:

-Major trends shaping enterprise IT

-The importance of “always-on” data

-Resilience against data loss and corruption

-Data governance as an investment

-A practical approach to data governance

-10 questions for board discussions

Get the full report

Data governanceCyber resilienceData protectionIT leadership

About Keepit
At Keepit, we believe in a digital future where all software is delivered as a service. Keepit’s mission is to protect data in the cloud Keepit is a software company specializing in Cloud-to-Cloud data backup and recovery. Deriving from +20 year experience in building best-in-class data protection and hosting services, Keepit is pioneering the way to secure and protect cloud data at scale.

About Version 2 Digital

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

Keepit continues momentum with 2025 TrustRadius Top Rated Award

Keepit has been recognized as a leader among SaaS Backup, Data Loss Prevention, Disaster Recovery, and Enterprise Backup categories.

 

Copenhagen, Denmark – June 10, 2025 – Keepit, a global leader in SaaS data backup and recovery, today announced that it has been recognized as TrustRadius Top Rated in four categories: SaaS Backup, Data Loss Prevention, Disaster Recovery, and Enterprise Backup. This recognition comes directly from customers, underscoring Keepit’s commitment to providing an intelligent and secure backup and recovery platform.

“Earning a Top Rated award on TrustRadius is a reflection of how well a product is meeting the needs of its customers,” says Allyson Havener, CMO, TrustRadius. “Keepit’s recognition is based entirely on customer feedback—real users who value the platform’s reliability, performance, and support.”

Since 2016, the TrustRadius Top Rated Awards have become the B2B’s industry standard for unbiased recognition of excellent technology products. Based entirely on customer feedback, they have never been influenced by analyst opinion or status as a TrustRadius customer. Here is a detailed  criteria breakdown of the methodology and scoring that TrustRadius uses to determine Top Rated winners.

Keepit provides independent backup to over 18,000 customers worldwide

Keepit backup and recovery solutions are currently available for eight workloads, such as Microsoft 365, Microsoft Entra ID, Google Workspace and Salesforce. The company will expand its offering in 2025 to include applications such as Jira, Bamboo, Okta and Confluence.

Keepit’s unique, intelligent, and cloud-native platform enables customers to safely secure their SaaS applications, ensuring full control of data regardless of unforeseen events such as outages, malicious attacks, or human error.

“SaaS backup has become an increasingly crucial part of risk management and business continuity planning. We are thrilled that our customers rely on Keepit to safeguard critical data and value their continued feedback and support. Accolades such as the Top Rated Award mean a lot to us as a company and further validate that our solutions meet our customers’ needs,” says Michele Hayes, CMO at Keepit.

Hear from verified users on how much they value Keepit: Keepit reviews on Trustradius.

 

Download the report

 

Defining data governance and data classification

So, what is data governance and how does it relate to cyber resilience?

Existing under the broad umbrella of data management, data governance is a program — implemented via policies and standards — intended to ensure the availability, quality, and security of an organization’s data in accordance with applicable regulations and obligations (e.g., adhering to industry standards, fulfilling requirements for certifications, etc.).

Within data governance, data classification is the process of separating and organizing data into relevant groups (“classes”) based on their shared characteristics, such as the level of sensitivity, risks they present, and the compliance regulations that protect them.

Data governance underpins cyber resilience plans

An intelligent data governance program delivers several beneficial outcomes for organizations:

  • It helps to ensure the availability, quality, and security of an organization’s data, making it a foundational pillar of business continuity.
  • Data governance helps improve overall data accuracy and impacts outcomes based on that data — which can range from comparatively simple day-to-day business decisions and operations to more complex, forward-looking initiatives including AI-focused programs.
  • It helps to support organizational efforts to comply with regulations and other obligations, making it a cornerstone of compliance.
  • An effective data governance program also permeates the entire organization, increasing data literacy, data accessibility, and data scalability.

Do you know where your data is?

Of course, disaster recovery planning cannot start without a clear understanding and mapping of your data and its significance to your business. What data is crucial for us to continue running our operations? Who needs access to which data to do their job? Where do we store all of this critical data?

Knowing the answers to these questions will start your journey towards ensuring continuity in cases of data loss or cyberattacks. This is achieved through an efficient and effective data governance framework.

I hope that, with our new report in hand, CISOs and CIOs will be able to future-proof their modern, data-driven enterprises through effective data governance.

About Keepit’s new report, “Intelligent data governance: Why taking control of your data is key for operational continuity and innovation.”

Our report takes a practical approach to data governance by offering a resource to organizations for creating or adopting a framework that works best for them.

Key takeaways from the report:

-Major trends shaping enterprise IT

-The importance of “always-on” data

-Resilience against data loss and corruption

-Data governance as an investment

-A practical approach to data governance

-10 questions for board discussions

Get the full report

Data governanceCyber resilienceData protectionIT leadership

About Keepit
At Keepit, we believe in a digital future where all software is delivered as a service. Keepit’s mission is to protect data in the cloud Keepit is a software company specializing in Cloud-to-Cloud data backup and recovery. Deriving from +20 year experience in building best-in-class data protection and hosting services, Keepit is pioneering the way to secure and protect cloud data at scale.

About Version 2 Digital

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

Keepit recognized for excellence at the Cloud Security Awards 2025

Keepit named “Best Security Solution for Data Management/Data Protection” for the second year in a row

Copenhagen, Denmark – May 8, 2025 – Keepit, a global provider of a comprehensive cloud backup and recovery platform, today announced its win at the Cloud Security Awards. Keepit secured the title of “Best Security Solution for Data Management / Data Protection” for the second year running, underscoring its position as a leader in cloud data protection. Keepit was also a finalist in the “Best SaaS Security Solution” category.

Headquartered in Copenhagen, Denmark, with offices in the US, Germany, France and the UK, Keepit provides leading data protection to over fifteen thousand companies across the globe.

“We’re proud to receive recognition for Keepit’s leading data protection platform. The continued move to store and secure data in the cloud has resulted in huge amounts of business-critical cloud data that is vulnerable to human error, ransomware attacks, or service provider downtime. Securing data in our vendor-independent cloud ensures uninterrupted access to your company’s most critical asset – data,” says Michele Hayes, CMO at Keepit.

Key benefits of the Keepit platform include:

  • Data protection for all major SaaS applications in a single platform, including Azure DevOps, Dynamics 365, Microsoft Entra ID, Google Workspace, Microsoft 365, Power Platform, Salesforce, and Zendesk.
  • Vendor-independent cloud: Keepit ensures backup data is stored separately from the production data, on its independent cloud, meaning data is always accessible even if a SaaS vendor has downtime.
  • Data sovereignty: with seven isolated data center regions, Keepit’s customers can always be 100% certain that they can customize their backups to comply with local regulatory requirements.
  • Instant recovery: fast, easy, and granular search and restore features means data can be located, previewed, and retrieved with just a few clicks.
  • Certified, cloud-native design: Keepit is ISO/IEC 27001:2013 and ISAE 3402-II certified. Unique security and ransomware protection keeps data available and immutable by default.
  • Predictable costs: customers pay one flat fee per user which includes unlimited data storage, ingress/egress, and retention.
  • Simple and intuitive software: the simple interface and API-first architecture of the Keepit Platform requires no training, and can easily be integrated into existing systems, meaning customers can get up and running in minutes.

 

CEO of The Cloud Awards, James Williams, said: “We’re extremely proud to reveal the winners of The 2025 Security Awards. Cybersecurity is becoming more and more prevalent within the consciousness of people everywhere, not just within businesses. These awards provide a platform for those organizations that help keep our data safe and secure to celebrate their outstanding work.

 

Keepit has proven to amongst the very best in the industry at what they do – impressing our judging panel throughout the awards program with their ingenuity, and dedication to great security practice. We offer them huge congratulations on their deserved victory in what was a tightly-contested program. We look forward to seeing how they build on this success in the months and years to come.”

 

Download the report

 

Defining data governance and data classification

So, what is data governance and how does it relate to cyber resilience?

Existing under the broad umbrella of data management, data governance is a program — implemented via policies and standards — intended to ensure the availability, quality, and security of an organization’s data in accordance with applicable regulations and obligations (e.g., adhering to industry standards, fulfilling requirements for certifications, etc.).

Within data governance, data classification is the process of separating and organizing data into relevant groups (“classes”) based on their shared characteristics, such as the level of sensitivity, risks they present, and the compliance regulations that protect them.

Data governance underpins cyber resilience plans

An intelligent data governance program delivers several beneficial outcomes for organizations:

  • It helps to ensure the availability, quality, and security of an organization’s data, making it a foundational pillar of business continuity.
  • Data governance helps improve overall data accuracy and impacts outcomes based on that data — which can range from comparatively simple day-to-day business decisions and operations to more complex, forward-looking initiatives including AI-focused programs.
  • It helps to support organizational efforts to comply with regulations and other obligations, making it a cornerstone of compliance.
  • An effective data governance program also permeates the entire organization, increasing data literacy, data accessibility, and data scalability.

Do you know where your data is?

Of course, disaster recovery planning cannot start without a clear understanding and mapping of your data and its significance to your business. What data is crucial for us to continue running our operations? Who needs access to which data to do their job? Where do we store all of this critical data?

Knowing the answers to these questions will start your journey towards ensuring continuity in cases of data loss or cyberattacks. This is achieved through an efficient and effective data governance framework.

I hope that, with our new report in hand, CISOs and CIOs will be able to future-proof their modern, data-driven enterprises through effective data governance.

About Keepit’s new report, “Intelligent data governance: Why taking control of your data is key for operational continuity and innovation.”

Our report takes a practical approach to data governance by offering a resource to organizations for creating or adopting a framework that works best for them.

Key takeaways from the report:

-Major trends shaping enterprise IT

-The importance of “always-on” data

-Resilience against data loss and corruption

-Data governance as an investment

-A practical approach to data governance

-10 questions for board discussions

Get the full report

Data governanceCyber resilienceData protectionIT leadership

About Keepit
At Keepit, we believe in a digital future where all software is delivered as a service. Keepit’s mission is to protect data in the cloud Keepit is a software company specializing in Cloud-to-Cloud data backup and recovery. Deriving from +20 year experience in building best-in-class data protection and hosting services, Keepit is pioneering the way to secure and protect cloud data at scale.

About Version 2 Digital

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.