Developers gonna develop. That’s why we’re developers. We want to set some implementation goal and then make that a reality. We like to stay heads down and focus on the immediate task at hand. Unfortunately, this can sometimes cause collateral damage. Secondary objectives can get ignored or even trampled in the race to meet the primary target. It’s also likely that other promising developments will get missed as they fall off the main path. Dealing with these issues is one of the many functions of compliance regulations.
Read more “SLDC, SOC 2, and Other Four Letter Words”
On April 24, I had a great conversation with Sam Smith, the Chief Architect for Sigstr, a fast-growing SaaS platform for email signature marketing. Sigstr’s infrastructure is hosted and managed on AWS and secured by Threat Stack. Every day, Sigstr consumes and processes employee contact information from HRIS systems, customer information from marketing automation platforms, and email behavior data — which makes cloud security and data privacy key concerns for both Sigstr and its customers.
Sam’s team is a great model of how to make security a top business differentiator and sales driver. Since many of Sigstr’s customers are enterprise companies with significant risk concerns, the team has consistently been responsive to questions such as:
- How does Sigstr access, store, and protect data?
- How is the application’s infrastructure monitored and secured?
- Had Sigstr undergone SOC 2 compliance or ISO 27001 compliance audits?
- How could Sigstr help them meet GDPR requirements?
During the webinar, he shared information on how the startup managed to be so responsive to its customers’ security needs, while still maintaining a rapid pace of growth. Read more “How Sigstr Built Customer Trust with Threat Stack and AWS Security — Webinar Recap”
Cloud compliance, like cloud security, is never a one-and-done activity. To be compliant, you need to demonstrate it continuously. Systems must be locked down properly, users must follow specific access policies, alerts must be working properly, and so on. If a server is spun up and unprotected, if a user gets too much privileged access, or if alerts are ignored, you can quickly become noncompliant.
So how do you maintain cloud compliance day-in and day-out amongst all your other priorities? In this post, we’ll outline several ways that you can ensure compliance organization-wide, even after the big audit is complete. Read more “What is Continuous Cloud Compliance & How Can I Achieve It?”