Case Studies

Threat Stack SOC 2 Case Study v2

Issue link:

Contents of this Issue


Page 1 of 1

requests as well as build new tools for the SOC examina on process. Of major importance, we designed a new, automated change management process, and while it required a big li by our infrastructure engineers, it yielded incredible efficiencies that boosted speed and accuracy. As part of this process, we built our now famously named sockembot, an automated SOC 2 compliance checking bot, that impressively reviews every JIRA cket associated with a change to make sure that it is approved before the changes are pushed to produc on. Before we had sockembot, our release processes required a manual review of each cket, an unrealis c ask that was prone to human error and created costly delays in delivering customer value. Our new change management process required the engineering and product groups to agree on a uniform way to work in both JIRA and our source code management system. A cri cal but difficult factor in a aining success was delivering a single workflow with clear expecta ons, and being able to trace systems across every environment. Achieving referen al integrity between produc on, development, source code management, and JIRA was cri cal to building a reliable system and organiza on, but also for making SOC 2 field tes ng simple and intui ve for non-technical auditors. Good Ops = Good Security Building a strong SecOps culture that created a strong security prac ces baseline had been a priority for Threat Stack's security team long before we engaged in the SOC 2 examina on. Because of this, every team across the organiza on was prepared for the evalua on when the me came. Taking that baseline and further strengthening it under the parameters of SOC 2 also allowed Pete Cheslock "to bring be er prac ces to our so ware engineering team as we look to double the size of that group." In Pete's view, "The ming of the SOC 2 project ended up being a happy coincidence." Enabling Trust Through SOC 2 Passing the Type 2 SOC 2 examina on successfully on the first a empt was a powerful demonstra on of Threat Stack's commitment to strong security standards and procedures, further valida ng our security asser ons to the market and our customers alike. We have proven that moving fast and secure is be er than simply moving fast. While it's great to get something done as quickly as possible, strong security and opera ons prac ces should never be sacrificed just to get a project pushed out. When you have the right tools, standards, processes, and monitoring in place, moving securely at speed is both a ainable and maintainable. By passing its Type 2 SOC 2 examina on with zero excep ons, Threat Stack underscored its commitment to maintaining rigorous security standards and demonstrated that its pla orm, the people behind it, and the processes in place can be trusted to con nuously deliver the highest level of security and privacy for our customers. 55 Summer Street, Boston, MA 02110 1+ 617.337.4270 Threat Stack enables businesses of all sizes to securely leverage the benefits of cloud compu ng by iden fying and verifying insider threats, external a acks, and data loss in real me. Purpose built for today's infrastructure, Threat Stack's comprehensive intrusion detec on pla orm combines con nuous security monitoring and risk assessment to help companies gain an unparalleled level of visibility at the speed and scale of today's business. Located in Boston, Massachuse s, Threat Stack works with nearly 400 security-minded customers. For more informa on or to start a free trial, visit COPYRIGHT ©2018 THREAT STACK, INC. / TS-CASE-THREATSTACKSOC2-2018-2 " Type 2 SOC 2 compliance signals to the market that, on top of building a leading security platform, we hold ourselves to the highest standards to build trust with our users." SAM BISBEE, Chief Information Security Officer, Threat Stack

Articles in this issue

Links on this page

view archives of Case Studies - Threat Stack SOC 2 Case Study v2