At a Glance
A leading data automation firm approached letsbloom with two key objectives: independent validation of their cloud infrastructure against NIST CSF and CIS frameworks to support their responses to customer questionnaires and external auditors for SOC 2 and ISO 27001 certifications.
letsbloom helped the firm demonstrate compliance against security standards mandated by their clients or required by certifications such as ISO 27001 and SOC 2. Our platform enabled them to effectively address relevant security issues and score highly on their audits and reports. As a result, they were able to achieve SOC and ISO certifications.
Client Background
The company offers AI-powered data control and automation solutions, enabling its clients in the financial industry to maintain data integrity and security. Their integrated platform manages the entire data lifecycle, including ETL, reconciliation, workflow, and reporting. With a focus on providing a low-code interface, they empower business operations users to perform data manipulations in a controlled and efficient manner. Additionally, their machine-learning capabilities enhance predictive analytics and anomaly detection.
The company targets a diverse range of clients within the financial industry, including capital markets, banks (investment and retail), fund administrators, investment managers, and real estate investment managers. Their business priorities revolve around maintaining the highest data security standards, ensuring compliance with relevant regulations, and providing independent validation of their infrastructure's compliance posture to meet client standards and certification requirements.
Client’s Cloud Infrastructure Overview
The company has deployed its microservices-based cloud-native product on an AWS infrastructure following AWS well-architected best practice. They utilize a range of Platform-as-a-Service (PaaS) services from AWS for most of the components, including EKS, RDS, Amazon MQ, ALB, WAF, EFS, and SFTP. High availability and cross-region replication were key considerations during the infrastructure setup to ensure business continuity and disaster recovery.
Business Challenges Faced by the Client
The company faced a critical challenge in independently validating the compliance of its complex cloud infrastructure with industry best practices, especially NIST, CSF, and CIS standards. They were also required to provide independent verification to their auditors to obtain SOC 2 and ISO 27001 certifications. Moreover, the company lacked comprehensive visibility into the compliance and security posture of its cloud infrastructure, making it challenging for it to address the security and compliance gaps.
letsbloom Solution
letsbloom provided a comprehensive platform to address the company's security and compliance challenges
- Continuous Compliance Observability: Provided continuous observability of the compliance posture of their cloud infrastructure against all relevant standards.
- Misconfiguration and Security Gap Detection: With letsbloom, the firm was able to identify and address all misconfigurations and security gaps, have a high-security score on audits, and get real-time reports.
- Reactive and Proactive Controls: The company utilized ad-hoc, periodic, and intra-day scans to reactively identify and address security gaps. Additionally, they leveraged letsbloom's proactive controls to review their IaC Terraform scripts to block any vulnerabilities during the development phase.
- Regular Assessments: The company’s DevOps and SaaS teams leveraged the letsbloom platform daily to scan their code and infrastructure to get an overview of their compliance and security posture. The real-time reports helped them validate compliance in their daily standups and undergo spot checks by managers.
Results Achieved
Enhanced Security and Compliance Posture
letsbloom provided the company with peace of mind, ensuring their cloud infrastructure met industry standards and exceeded auditors’ expectations.
Successful Audits and Certifications
With letsbloom, the company successfully cleared audits and obtained ISO 27001 and SOC 2 certifications, demonstrating their commitment to security and compliance.
Increased Delivery Velocity
letsbloom helped the company enhance their delivery velocity while maintaining quality and security standards by identifying and resolving security issues early in the development lifecycle so that they could focus on meeting their core business objectives.
Efficient Issue Management
letsbloom's comprehensive reports provided actionable insights, allowing the company to categorize and prioritize issues for quick resolution, particularly critical vulnerabilities.
Superior Customer Support
The letsbloom team offered prompt and proactive support, actively engaging with the company to address queries, provide enhancements, and solicit feedback, ensuring a positive user experience.
Conclusion
letsbloom played a pivotal role in strengthening the security and compliance posture of the company. By achieving successful audits and certifications, the company maintained high security and quality standards.
Want to fast-track your cloud security and compliance journey and get your infrastructure audit-ready?