Archive360 Security Statement Regarding Mimecast Security Breach Event
- January 15, 2021
On January 12, 2021, Mimecast issued a statement regarding a cyber-attack that has compromised one of its certificates required by customers to access their Microsoft accounts. In the statement, Mimecast stated that they learned of the incident from Microsoft and believe that a small number (approximately ten percent) of customers are affected.
In light of recent ransomware and cyber-attacks, including SolarWinds and the Mimecast breach, we encourage customers to review their infrastructure and information security protocols, especially as it relates to the archiving and management of their data and information.
Archive360 has prepared this short security statement to advise customers of the implications of this latest breach and what Archive360 is doing to ensure that our customers are never faced with a similar risk.
Security Risks of SaaS-based Solutions
The cyber-attack and resulting breach that Mimecast has experienced once again highlights the inherent vulnerability of SaaS-based products. SaaS products are developed and deployed using shared resources, including security certificates. Customers are obliged to adopt the security model offered by the vendor and have limited visibility into and control of the security environment protecting their data.
Archive360 Zero Trust Security Model
All Archive360 customers are deployed using our Zero Trust security model:
- Every customer is deployed as a PaaS, in their separate cloud tenant.
- Every customer environment is completely isolated.
- Every customer has their own dedicated infrastructure and security keys. Archive360 does not share any certificates between customers.
- Archive360 helps every customer build their own Secure Enclave.
- Every Archive360 implementation is configured to support the individual customer’s security protocols.
- Archive360’s security model is fully documented and shared with the customer and can be reviewed and audited by third parties.
- Archive360 adheres to Security Lifecycle Development (SDL) practices.
Prioritizing Security in 2021
Understandably, organizations are concerned about protecting their data stored in the cloud from external -and internal – threats. Throughout 2021 we will continue to work with our customers to help them leverage opportunities afforded by the cloud while minimizing the impact of a potential data breach.
Tibi Popp | Chief Technology Officer