Cloud Security for a Hosted Service Provider
What was the problem/objective?
A 150-member platform as a service provider contacted Careful Security to help them become SOC2 and ISO 27001 Compliant so that they can provide evidence to their customers who’ve been asking them for it.
What was the solution?
We identified gaps in their current processes e.g. lack of change management, lack of secure SDLC, logging, and security monitoring. We identified for them the required security vendors that were essential in building up a security-compliant platform in the cloud. We worked with these vendors to ensure that their AWS and Azure clouds were configured as a well-managed environment that can pass muster with demanding customers especially those in the government space.
What are some of the other benefits?
The organization is in its second year of ISO 27001 and SOC2 certification. Their security processes have developed tremendously and we continue to help them with regular risk assessments, penetration tests, security policies, and procedures, and vCISO advisory services.