Case Study

Bridg: Streamlining Compliance with SOC2 and SOX to Enhance Security and Trust

Home Bridg Case Study
Transform Your Organization with NimbusStack's AWS DevOps Solution

Bridg: Streamlining Compliance with SOC2 and SOX to Enhance Security and Trust

Industry
Data Analytics Technology
Goals
SOC2 and SOX compliance Enhance security Build trust with clients
Company Size
50-200 employees
Challenges
AWS IAM Restructure and cleanup Overhauling DB access control Address AWS Inspector findings and PEN test results
Bridg Logo
About Bridg
Bridg’s Customer Data Platform was built with a singular focus: help brick-and-mortar retailers and their CPG brand partners solve the anonymous in-store customer challenge. We identify individuals behind in-store transactions, create longitudinal, privacy-safe customer profiles, and power targeted marketing across virtually any digital channel with closed-loop measurement. The result? Endless opportunities to understand and engage unknown customers.
The Challenge
Bridg faced a series of action items provided by Big 4 auditors to achieve SOC2 and SOX compliance. The challenges included AWS IAM restructure and cleanup, overhauling DB access control, addressing AWS Inspector findings, and addressing PEN test results.
The Solution

Our team at NimbusStack worked with Bridg to address these issues by restructuring IAM, cleaning up unused IAM roles, creating roles in databases, updating passwords in application code, and tweaking web servers to support TLS 2.

By creating a pipeline for any permission change and cleaning up database access, NimbusStack enabled Bridg to satisfy their auditors and obtain SOC2 certification. The new team-based IAM model with privilege escalation per team reduced complexity and increased security. Bridg now has a more secure environment and greater confidence in its compliance posture.

The Results

After implementing the necessary changes to meet SOC2/SOX compliance standards, Bridg obtained certification and ensured the security and integrity of its customers’ data. With a streamlined IAM structure and improved DB access control, Bridg is now better equipped to handle the demands of its clients and provide them with a secure and reliable platform. Implementing Terraform and Github pipelines allowed for efficient tracking and management of permission changes, ensuring complete transparency for auditors and clients.

Ready to take control of your compliance needs as Bridg? Schedule a FREE consultation