- Nexo’s new CSA STAR Level 1 certificate is the latest step in fortifying our security infrastructure.
- The certificate provides third-party validation for the company’s security principles and their transparent application.
- Safeguarding client data is an utmost priority, as cloud computing services and security evolve.
In the rapidly evolving fintech landscape, where perpetual innovation meets financial convenience and independence, cybersecurity is paramount. Over the past two decades and more intensely in the past few years, the digital assets space has witnessed new challenges and transformations in its approach to safeguarding sensitive data and digital assets.
Nexo’s dedicated security teams continuously chart this territory and put their best efforts to evolve ahead of emerging cybersecurity threats. After attaining an independent SOC 2 Type 2 audit and completing the ISO 27 001 standardization, Nexo has achieved another milestone by securing our STAR Level 1 certification by the esteemed Cloud Security Alliance (CSA).
Through adopting CSA’s Cloud Controls Matrix (CCM) and GDPR Code of Conduct, Nexo has been able to demonstrate its robust security controls and strict adherence to prevailing regulations, standards, and frameworks. It’s the transparency our community and the wider crypto public deserves to access information about Nexo’s security practices through the publicly accessible STAR Registry.
This certificate is a determined step towards cementing Nexo’s security posture – here are the key advantages this certificate brings to our company and community:
- Applying Best Practices: CSA’s STAR certificate aligns Nexo with tech industry giants such as AWS, Google Maps, and VMWare, who also adopt these industry-recognized cloud security best practices.
- Third-Party Validation: The certification entails a meticulous 261-question self-assessment process for third-party validation, subsequently verified by an external authority through the CSA Cloud Controls Matrix.
- Improving Transparency: In the spirit of transparency, the verification is publicly available, thus reflecting our core belief – that our clients should have absolute confidence in our procedures and the safety of their assets.
- Leading by Example: Nexo’s CSA STAR Level 1 certification sets a high standard in the digital asset sector, aligning globally with accepted cloud security standards.
- Progressing Ahead: For Nexo, CSA STAR Level 1 compliance marks a milestone, not the finish line – it’s a process of continuously building on.
Yet it is important to understand why cloud security has become a topic of greater importance, not only for us at Nexo, but globally. A recent study brings an important reality-check for the need to invest in cloud security against the backdrop of globalization and the mass adoption of remote work across organizations.
The flexibility and cost savings offered by cloud adoption are unquestionable but the surge in its usage also exposes organizations to cyber threats. According to the State of Cloud Security Report 2022 linked above, almost half of breaches are cloud-based, with 80% of companies experiencing a cloud security incident in the past year. We’ve worked hard to keep Nexo’s track-record flawless and the report findings below will help you better understand why we emphasize our efforts:
- Key worries are data loss (69%) and data privacy (66%).
- Phishing attacks are common cloud security threats.
- The average cost of a data breach is $4.45 million.
- Worldwide cloud spending to reach $600 billion in 2023.
The findings show that the top concerns are data loss, data privacy, and credential exposure, while account takeover attacks, often via phishing, affect 82% of breaches (this is why we always remind you how to stay safe).
This transformation has given rise to a diverse range of threats, including supply chain attacks, IoT vulnerabilities, and the notorious ransomware attacks that have made headlines. The proliferation of cloud services and the omnipresence of data requires a distinct cybersecurity approach to stay ahead of the curve and tackle threats.
The Imperative of Trust
Some would point that this approach could be embodied by a Zero Trust strategy, an emerging concept in cybersecurity, that employs shifting away from traditional trust-based approaches like VPNs and firewalls. Instead, it treats every user and device as untrusted and requires verification for network access. This approach emphasizes visibility and control, enabling organizations to monitor and secure their networks effectively. It is seen as a key strategy to reduce cyber risks, and as organizations adopt it, they gain improved visibility and operational flexibility.
At Nexo, our efforts have been centered exactly around achieving a trustless security infrastructure since our inception in 2018. This is why we have been actively substantiating our work with security audits, certificates, and association memberships – it’s our deep understanding that instilling trust in our clients in today’s digital environment goes hand-in-hand with establishing a trustless fortress, behind which we safeguard data.
In conclusion, as the digital world faces an escalating cloud security challenge, Nexo remains resolute in our mission to protect client data and uphold trust in an increasingly interconnected era. Securing validation via SOC 2 Type 2 auditing, ISO 27 001 standardization, and STAR Level 1 certification from CSA are merely checkpoints in the perpetual process of safeguarding Nexo. It is how we see paving the way for a secure and innovative future in fintech.