Case Study: Enhancing Compliance and Security for Formpiper with Blue Sentry Cloud

Lee Hylton / May 2, 2024

Introduction

Formpiper, a company specializing in automating paperwork processes for various industries, faced significant challenges in maintaining compliance with stringent security standards, including SOC2. To address these challenges, Formpiper engaged Blue Sentry Cloud (BSC) to manage its AWS cloud infrastructure with a strong focus on security and compliance.

Objectives

Formpiper’s primary goals with BSC’s managed services included:

Ensuring compliance with SOC2 and other relevant security standards.
Maintaining a secure and robust cloud infrastructure to protect sensitive data.
Achieving and maintaining a high standard of operational security to instill trust among clients and stakeholders.

Solution Design

BSC designed a comprehensive solution using AWS services that are specifically tailored for security and compliance management:

AWS Control Tower: Deployed to automate the setup and governance of a secure, multi-account AWS environment based on best practices. Control Tower enabled Formpiper to streamline account management, governance, and data security across their AWS accounts.
AWS GuardDuty: Implemented as a threat detection service that continuously monitors for malicious activity and unauthorized behavior. GuardDuty helped in identifying potential security threats using machine learning and known threat signatures.
AWS Inspector: Utilized to automatically assess applications for exposure, vulnerabilities, and deviations from best practices. Inspector was crucial for vulnerability scanning and providing security assessments relevant to SOC2 compliance.
AWS Config: Deployed to track AWS resource configurations and changes, enabling compliance auditing and security analysis. AWS Config provided a detailed view of the configuration history and changes, aiding in ensuring continuous compliance and security governance.

Implementation Process

The implementation by BSC involved several key steps:

Infrastructure Assessment and Optimization: Initially, BSC conducted a thorough assessment of Formpiper’s existing AWS setup. This assessment helped identify areas for improvement in security and compliance.
Security and Compliance Framework Setup: BSC set up and configured the AWS services like Control Tower, GuardDuty, Inspector, and Config to create a robust framework that automatically enforces and monitors compliance rules.

Continuous Monitoring and Incident Response: BSC implemented continuous monitoring using GuardDuty and AWS Inspector. They also established an incident response plan that included automated alerts and rapid response mechanisms to mitigate risks promptly.
Compliance Audits and Reporting: Regular compliance audits were conducted using the data and insights gathered from AWS Config and Inspector. These audits were crucial in preparing for and passing SOC2 audits.
Training and Documentation: BSC provided comprehensive training to Formpiper’s team on compliance best practices and the use of AWS security tools. Detailed documentation was also provided to ensure that Formpiper could maintain and manage their compliance and security standards internally.

Results

The collaboration with Blue Sentry Cloud led to significant improvements in Formpiper’s compliance and security posture:

Successful SOC2 Certification: Formpiper passed their SOC2 audits, largely due to the robust security measures implemented and managed by BSC.
Enhanced Security Measures: The continuous monitoring and proactive incident response significantly reduced the risk of security breaches and data leaks.
Improved Compliance Management: Automated tools and detailed compliance reports enabled Formpiper to maintain ongoing compliance with not only SOC2 but also other regulatory requirements.

Conclusion

Blue Sentry Cloud’s expertise in managing AWS security and compliance tools has been instrumental in helping Formpiper achieve and maintain SOC2 compliance. The security infrastructure and practices put in place have not only supported compliance efforts but have also fortified Formpiper’s reputation as a secure and reliable service provider in the industry. This case study underscores the critical role of specialized managed services in achieving high standards of compliance and security in the cloud.

Cookie	Duration	Description
cookielawinfo-checbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.