Why HelloSign Chose Threat Stack to Accelerate Security Responses and Simplify Compliance

“We really appreciate Threat Stack’s great customer support and its Oversight team. Threat Stack takes feedback seriously and ensures that the customer’s voice is always heard. At HelloSign we are committed to making our users awesome, and we were pleased to see that Threat Stack shares the same belief.”Raaghav Srinivasan, Security Engineer at HelloSign

HelloSign is powering the future of intelligent business. The company’s software platform — which includes eSignature, digital workflow, and electronic fax solutions — converts process to revenue for over 50,000 companies around the world with HelloSign, HelloWorks, and HelloFax.  When HelloSign needed to strengthen its security posture, accelerate security responses, and simplify compliance as it continued to scale, they chose Threat Stack.

The Challenge

HelloSign offers secure and legally binding eSignature solutions to companies across all industries — which means they’re handling very sensitive customer data, including contracts, patient data, financial statements, and more. To protect this data, HelloSign is beholden to compliance requirements such as HIPAA and SOC 2, but over and above compliance, HelloSign’s business relies on having a strong security posture that enables customers to trust them with their sensitive documents.

HelloSign wanted a way to gain visibility into their infrastructure to detect security incidents and track vulnerable packages in their production environment. The team was feeling the pressure that often comes when using manual processes to handle important security tasks. And as their organization and infrastructure requirements continued to grow, the manual approach just wasn’t going to cut it.

The Solution: Threat Stack

To gain deep visibility into their infrastructure and to automate processes, HelloSign chose Threat Stack for incident response, vulnerability and patch management, and cloud security auditing. Threat Stack has enabled HelloSign to:

  • Reduce Response Time to Incidents With Threat Stack and PagerDuty

HelloSign knew they needed to automate their manual processes in order to scale. They integrated Threat Stack and PagerDuty so they would receive real-time alerts the same way they receive all their other Ops alerts. This enabled the team to immediately respond to alerts and take necessary steps.

  • Reduce Effort and Time to Discover Vulnerability and Manage Patches

The daily vulnerability report provided by Threat Stack gives a holistic view of all the vulnerable packages across HelloSign’s infrastructure and considerably reduces the effort required to manually check each server. HelloSign uses the findings from Threat Stack, triages them further internally, and then follows their in-house Vulnerability and Patch Management process.

  • Audit Cloud Configuration

HelloSign uses Threat Stack Audit to gain visibility into their AWS configurations. Its simple, easy-to-use dashboards enable them to quickly and easily compare their settings to CIS benchmarks and AWS security guidelines — significantly strengthening their security posture.

“We love the visibility that Audit provides into the AWS configurations and how it makes it easy for us to compare our settings with CIS benchmarks and AWS security guidelines. Config Audit has helped us significantly strengthen our AWS security.” Raaghav Srinivasan, Security Engineer at HelloSign

The Results

Using Threat Stack, HelloSign is able to meet its security and compliance requirements as the company continues to scale. Thanks to Configuration Audit, the company’s basic security posture is stronger and, using the Threat Stack platform, the company is now able to track vulnerabilities more quickly and accurately (including the number and type of packages that were patched), manage incident response with greater speed, and provide all the evidence needed to support compliance audits, including SOC 2 and HIPAA.

Final Words . . .

To learn more about what’s involved in creating a comprehensive security posture on the cloud, best practices for AWS security, what AWS’ role is in your security stack, and how Threat Stack can help you figure it all out, download a copy of the free eBook: 10 Best Practices for Securing Your Workloads on AWS.