Tag Archive for: Audits

Fintech startup passes SOC 2 audits with serverless security

/in


A startup providing AI-based cloud services to financial customers favors serverless computing for security, despite the challenges of translating ISO and SOC 2 audit requirements for the cloud-native architecture.

CrossBorder Solutions began to seek certification under the American Institute of CPAs’ Service Organization Control (SOC) 2 and the Information Organization for Standardization (ISO) 27001 programs for its cloud-based products in 2019. While it isn’t required by law to demonstrate compliance with these programs, the company saw a business advantage in demonstrating to its highly regulated customers that it was compliant with those standards.

“We did the certifications to help clients understand that we’re safe to do business with,” said James Ford, who served as the company’s chief security architect from 2019 until October 2021. “SOC requires [them] to do vendor risk management, [which is] basically making sure all your vendors … are more or less doing ISO and SOC.”

The problem with this, at first, was that the company also ported its entire IT environment in early 2020 to AWS, which provides services that don’t require IT teams to manage virtual machine resources — also known as serverless computing. These include AWS Lambda function as a service, along with the AWS Fargate managed container service, Aurora database as a service, application load balancers and CloudFront CDN.

“Serverless does not equate to infrastructure-less,” Ford said. “What it really makes difficult is trying to explain to the auditor what you don’t do and what you don’t have control of.”

ISO, SOC 2 audits require people and policy plans

Ford said he believes CrossBorder was among the first companies to receive SOC 2 certification in a fully serverless environment, but the process ultimately involved more of a focus on people and process issues than technological problems.

James Ford, former chief security architect, CrossBorder SolutionsJames Ford

First, there was the work required to help IT compliance auditors understand cloud services that didn’t fit what ISO and SOC 2 controls were originally designed to describe: private data centers that contain servers.

“It’s a lot of talking to the auditor and talking them off the ledge at some…

Source…

Experts warn of dangers from breach of voter systems due to GOP ‘audits’

/in


CHRISTINA A. CASSIDY

FILE - In this Jan. 4, 2021, file photo a worker passes a Dominion Voting ballot scanner while setting up a polling location at an elementary school in Gwinnett County, Ga., outside of Atlanta. Republican efforts to question the results of the 2020 election have led to two significant breaches of voting software that have alarmed election security experts who say they have increased the risk to elections in jurisdictions that use the equipment. (AP Photo/Ben Gray, File)

ATLANTA — Republican efforts questioning the outcome of the 2020 presidential race have led to voting system breaches that election security experts say pose a heightened risk to future elections.

Copies of the Dominion Voting Systems software used to manage elections — from designing ballots to configuring voting machines and tallying results — were distributed at an event this month in South Dakota organized by MyPillow CEO Mike Lindell, an ally of former President Donald Trump who has made unsubstantiated claims about last year’s election.

“It’s a game-changer in that the environment we have talked about existing now is a reality,” said Matt Masterson, a former top election security official in the Trump administration. “We told election officials, essentially, that you should assume this information is already out there. Now we know it is, and we don’t know what they are going to do with it.”

Source…

Audits and reports warned of IRS computer safety risks – USA TODAY

/in

USA TODAY

Audits and reports warned of IRS computer safety risks
USA TODAY
Government monitors repeatedly warned of IRS computer security risks long before Tuesday's disclosure that identity thieves had stolen tax agency data for roughly 100,000 U.S. households. At least seven federal audits and other reports from 2007 to
Sources: IRS believes massive data theft originated in RussiaCNN
IRS Data Breach Draws Capitol Hill ScrutinyWall Street Journal
IRS Hack Shows Government Safeguards Not Up-to-DateGovernment Technology
We Live Security (blog)
all 1,129 news articles »

“computer security” – read more