What Is SSO and Why Does It Matter?

SSO allows users to access multiple applications or services with one set of credentials, such as a single username and password. Instead of juggling different logins for each tool or platform, you (or your employees) gain seamless, secure access to Waterly’s application.

This simple feature is more than just a convenience—it’s an important step for security. Here’s why:

• Fewer Passwords = Reduced Risk: Stolen passwords account for over 61% of breaches (Verizon DBIR). With SSO, users need to remember only one strong password, dramatically lowering the likelihood of weak or reused credentials.

• Centralized Access Control: By managing access through one secure system, your organization can quickly update permissions, enforce policies, and revoke access when necessary.

• Improved User Experience: No more multiple logins. Users enjoy faster, easier access, leading to higher satisfaction and loyalty.

The Business Case for SSO

Investing in SSO isn’t just about security; it’s also about improving your bottom line. Consider these benefits:

1. Improved Security: Logins are managed thru your organization’s identity provider and eliminates the need for end users to create separate accounts not managed by your organization..

2. Reduced Support Costs: Gartner estimates that 20–50% of IT help desk tickets are password-related issues. SSO cuts these costs by eliminating password resets for multiple systems.

3. Enhanced Productivity: Employees using SSO save an average of 10 hours annually by skipping repetitive logins, allowing them to focus on more meaningful work.

Managing Expectations for SSO Implementation

At Waterly, we’re excited to bring you the enhanced security and convenience of Single Sign-On (SSO). We understand that implementing new technology can raise questions, so we’re here to ensure a smooth and straightforward transition. Here’s how we’re supporting you:

• Clear Communication: We’ll provide step-by-step instructions on how to set up and use SSO. Our goal is to make the process as simple and intuitive as possible, so you can start enjoying the benefits right away.

• Your Security Is Our Priority: SSO is designed to streamline access while enhancing security. We strongly encourage users follow best practices with regards to using password vaults, creating a strong, unique passwords and enable multi-factor authentication (MFA) for added protection. If you need assistance, our team is here to help.

• Dedicated Support: Our support team is ready to assist you with any questions or challenges you might face during the setup process. Whether it’s troubleshooting or guidance, we’re committed to ensuring your experience is seamless.

At Waterly, we value your trust and are dedicated to delivering secure, efficient solutions that meet your needs. If you have any concerns or need assistance, please don’t hesitate to reach out to our support team—we’re here for you every step of the way.

Safeguarding Trust and Security in the Water Utility Industry

At Waterly, security, confidentiality, and trust form the foundation of our commitment to serving the water and wastewater industry. Achieving SOC 2 compliance underscores this dedication, setting a new benchmark and a higher standard for protecting sensitive data and ensuring operational integrity. In light of increasing cybersecurity risks and regulatory pressures, as highlighted in the EPA Office of Inspector General (OIG) report and supported by resources from CISA’s Water Sector, Waterly has taken proactive steps to address critical challenges facing utilities today.

The water utility sector faces unique cybersecurity challenges, as emphasized by recent national cybersecurity events, which heightened awareness of significant gaps in preparedness across the industry. These vulnerabilities not only endanger public safety but also erode trust in critical infrastructure. By partnering with SOC 2-compliant vendors like Waterly, utilities can address these risks head-on. SOC 2 compliance demonstrates that Waterly has undergone rigorous audits to protect sensitive data, uphold system confidentiality, and ensure operational resilience. This is especially critical as federal agencies, including CISA and the EPA, advocate for stricter security practices to protect water systems from emerging threats.

The Role of Federal Oversight and Proposed Legislation

Federal oversight has become increasingly focused on the security of water systems. The Environmental Protection Agency (EPA), through initiatives such as their cybersecurity assessment programs, has reinforced the need for utility providers to adopt robust security measures. The proposed Water and Wastewater Resilience and Oversight (WWRO) Bill aims to further enhance resilience and risk management across the water sector. This legislation would mandate advanced cybersecurity standards and regular vulnerability assessments for utilities, ensuring compliance with both federal and state regulations.

The proposed WWRO Bill emphasizes the critical role of partnerships with vendors like Waterly, whose SOC 2 compliance meets and exceeds these proposed standards. By staying ahead of legislative requirements, utilities can proactively align with the evolving regulatory landscape while demonstrating their commitment to securing vital infrastructure.

Resonating Security & Resilience Through SOC 2 Compliance

As outlined in the EPA OIG report, federal mandates like those proposed in the WWRO Bill and supported by CISA’s guidelines, water utilities must enhance their cybersecurity measures to align with evolving regulations. SOC 2 compliance positions Waterly as a leader in meeting these heightened standards, ensuring that sensitive data remains secure, operational continuity is maintained, and risk management is proactive. Regular assessments and updates address vulnerabilities before they escalate into threats, giving utilities peace of mind that their systems are well-protected.

Working with SOC 2-compliant partners offers utilities critical advantages in today’s increasingly scrutinized industry. This compliance fosters trust among ratepayers, stakeholders, and regulatory bodies, highlighting your commitment to security and operational excellence. Vendor evaluations during audits become streamlined with SOC 2-compliant partners, community confidence is enhanced by showing your dedication to safeguarding water infrastructure, and resilience against cyber threats aligns with recommendations from CISA’s Water Sector Cybersecurity resources.

Building the Future Together

The insights from the EPA OIG report, CISA’s Water Sector initiatives, and the proposed WWRO Bill makes one thing clear: the water industry must prepare for rising standards in cybersecurity and risk management. By partnering with Waterly, utilities can ensure compliance, secure operations, and position themselves as leaders in adapting to the evolving regulatory landscape.

SOC 2 compliance isn’t just a certification—it’s a vital step toward safeguarding the water utility industry against the challenges of today and tomorrow. Waterly stands ready to help utilities secure their operations, build resilience, and earn the trust of their communities. Together, we can protect the future of water utilities and our superheroes of water.

References

• EPA OIG report - Environmental Protection Agency, Nov 2024

• CISA – America’s Cyber Defense Agency, Latest

• Proposed WWRO Bill – CyberSolarium, March 2023

• Water System Threat Preparedness and Resilience Act of 2023 - United States Congress, 2023

Security First

• Data Encryption: All data is encrypted in transit (TLS 1.2+) and at rest using strong AES-256 encryption.

• Continuous Monitoring: Through Drata, we track compliance posture and system health 24/7.

• Cybersecurity Training: 100% of our employees undergo regular security awareness programs.

Backup & Recovery

• Data Retention: Your data is yours—we retain indefinitely unless you request deletion.

• Restore Options: Data can be restored to any point in the past 30 days. We support single-customer rollback without downtime.

• Availability: Hosted in Microsoft Azure (East US 2) with multi-zone redundancy and a self-healing architecture.

Identity & Access

• MFA & SSO: Multi-Factor Authentication is supported via internal login or your Identity Provider (OIDC now; SAML coming soon).

• Access Logging: All access and changes are logged and reviewed bi-weekly.

• Least Privilege Access: Employees access only what they need—and nothing more.

Incident Response

• Response Protocol: Events are triaged by our ISM within 48 hours and classified by severity.

• Customer Notification: If data is ever affected, you’ll be notified quickly via email—and a phone call for high-severity issues.

Compliance & Certification

• SOC 2 Type 1: Complete!

• SOC 2 Type 2: In the works!

• Audits & Pen Testing: Regular automated scans, with 3rd-party penetration testing scheduled.

• Compliance Foundation: Built to align with HIPAA, PCI, and SOC 2 best practices.

Uptime & Monitoring

• System Status: status.waterlyapp.com

• Uptime: Fewer than 5 hours of unplanned downtime in 3 years.

• Maintenance: Mondays after 9 PM CT.

💼 Legal & Insurance

• Cyber Liability

• Professional/General Liability

• Terms & SLA

🧹 Data Destruction

• Data is securely deleted following industry standards. Internal devices follow Waterly’s internal secure data handling policies.

📚 Documentation Library (Available Upon Request)

• Incident Response Plan

• Business Continuity & Disaster Recovery Plans

• Data Protection, Retention & Encryption Policies

• Vendor, Asset, and Risk Management Policies

• Logging, Access, and Security Protocols