Protos Security revamped its IT infrastructure to become SOC 2 compliant
DATA SECURITY AND SOC 2 AUDITS
Protos Security has developed a unique business model that provides its clients with security officers and off-duty police officers from a network of more than four thousand well-vetted security services providers. Part software company, part security guard management company, Protos Security matches customers with providers based on individualized client and post requirements, the vendor’s track record, service rates, and more.
To continue growing, the company needed to expand its customer base to include those who require SOC 2 compliance. But first, Protos Security’s internal controls governing its services and data had to pass a SOC 2 audit. These controls are called the Trust Services Principles and include security, availability, processing integrity, confidentiality, and privacy, as outlined by the American Institute of Certified Public Accountants (AICPA).
“Since we collect customer data, it was critical that we achieve SOC 2 compliance,” said senior software engineer Robert Atherton. “To do that, we needed to make our data environment more secure than it was.”
Protos Security’s proprietary application and all of its data existed in the cloud. The company used Amazon Web Services (AWS) serverless templates. When it wanted to create new resources based on those templates, Protos Security had to manually connect with AWS’s cloud formation to make that request.
“The way our platform was originally built, it took time and effort to work within AWS. On top of that, we didn’t have the level of data security that we needed,” said Robert. “When the company was a lot smaller, this process was manageable. But now that we’ve grown, we need an IT infrastructure and more sophisticated tools that streamline processes and can scale with us.”
A PARTNERSHIP GROWS
Previously, Protos Security engaged North Labs to handle a project that involved database migration from SQL to MySQL. Since the company performed well on that project, Protos Security approached North Labs to help with its SOC 2 compliance issues.
“We knew we needed to have the right security controls when it came to the data we collect,” said Robert. “The problem was that we didn’t know what we didn’t know when it came to data infrastructure security. Thankfully, North Labs was there to help.”
TRANSFORMING THE AWS ENVIRONMENT
When the North Labs team turned their attention to SOC 2 compliance issues and examined the company’s AWS environment, they saw it had many misconfigurations, as well as resources that were created and then abandoned. This was unnecessarily costing Protos Security money each month.
Rather than mitigating a large number of minor problems, the team concluded that the best course of action was to create an entirely new AWS environment using best practices. That would put the company on a firm foundation and make it easier for Protos Security to pass a SOC 2 audit.
The North Labs team created Terraform modules and CI/CD pipelines for Protos Security’s services. They also developed the necessary supporting infrastructure to enable the company to securely and efficiently deploy and manage its resources in a repeatable and scalable manner. This work was done to obtain SOC 2 compliance from the start and prevent significant remediation. Once that work was completed, the team began assisting Protos Security with migrating all of its services from the old environment to the new SOC 2-compliant environment.
“The North Labs team demonstrated their professional skills and collaborative culture throughout the entire process. They were pivotal in helping us reach our goals,” said Robert. “We now have the confidence that we will have no major issues when we undergo the SOC 2 audit.”
DATA SECURITY AND SOC 2 AUDITS
Protos Security has developed a unique business model that provides its clients with security officers and off-duty police officers from a network of more than four thousand well-vetted security services providers. Part software company, part security guard management company, Protos Security matches customers with providers based on individualized client and post requirements, the vendor’s track record, service rates, and more.
To continue growing, the company needed to expand its customer base to include those who require SOC 2 compliance. But first, Protos Security’s internal controls governing its services and data had to pass a SOC 2 audit. These controls are called the Trust Services Principles and include security, availability, processing integrity, confidentiality, and privacy, as outlined by the American Institute of Certified Public Accountants (AICPA).
“Since we collect customer data, it was critical that we achieve SOC 2 compliance,” said senior software engineer Robert Atherton. “To do that, we needed to make our data environment more secure than it was.”
Protos Security’s proprietary application and all of its data existed in the cloud. The company used Amazon Web Services (AWS) serverless templates. When it wanted to create new resources based on those templates, Protos Security had to manually connect with AWS’s cloud formation to make that request.
“The way our platform was originally built, it took time and effort to work within AWS. On top of that, we didn’t have the level of data security that we needed,” said Robert. “When the company was a lot smaller, this process was manageable. But now that we’ve grown, we need an IT infrastructure and more sophisticated tools that streamline processes and can scale with us.”