Transform Your Organization with NimbusStack's AWS DevOps Solution
Bridg: Streamlining Compliance with SOC2 and SOX to Enhance Security and Trust
Industry
Data Analytics Technology
Goals
SOC2 and SOX compliance
Enhance security
Build trust with clients
Company Size
50-200
employees
Challenges
AWS IAM Restructure and cleanup
Overhauling DB access control
Address AWS Inspector findings and PEN test results
About Bridg
Bridg’s Customer Data Platform was built with a singular focus: help brick-and-mortar retailers and their CPG brand partners solve the anonymous in-store customer challenge. We identify individuals behind in-store transactions, create longitudinal, privacy-safe customer profiles, and power targeted marketing across virtually any digital channel with closed-loop measurement. The result? Endless opportunities to understand and engage unknown customers.
The Challenge
Bridg faced a series of action items provided by Big 4 auditors to achieve SOC2 and SOX compliance. The challenges included AWS IAM restructure and cleanup, overhauling DB access control, addressing AWS Inspector findings, and addressing PEN test results.
The Solution
Our team at NimbusStack worked with Bridg to address these issues by restructuring IAM, cleaning up unused IAM roles, creating roles in databases, updating passwords in application code, and tweaking web servers to support TLS 2.
By creating a pipeline for any permission change and cleaning up database access, NimbusStack enabled Bridg to satisfy their auditors and obtain SOC2 certification. The new team-based IAM model with privilege escalation per team reduced complexity and increased security. Bridg now has a more secure environment and greater confidence in its compliance posture.
Rony Sawdayi
Head of Platform, Bridg
Bridg's SOC2 certification is a testament to our commitment to security and compliance. With the help of the Nimbus Stack team, we successfully addressed the challenges posed by our auditors and have strengthened our trust in services
The Results
After implementing the necessary changes to meet SOC2/SOX compliance standards, Bridg obtained certification and ensured the security and integrity of its customers’ data. With a streamlined IAM structure and improved DB access control, Bridg is now better equipped to handle the demands of its clients and provide them with a secure and reliable platform.
Implementing Terraform and Github pipelines allowed for efficient tracking and management of permission changes, ensuring complete transparency for auditors and clients.