Quik! Achieves SOC 2 Compliance and Updates Its AWS Security Posture Under Compressed Timeline
Challenge
Quik! needed to prepare for an upcoming SOC 2 audit in a short period of time, which included implementing many new security processes and procedures.
Solution
ClearScale delivered an end-to-end SOC 2 readiness program that included a gap analysis, remediation, audit preparation, and live audit support.
Benefits
Quik! passed its SOC 2 audit and now has a much more robust set of security tools and processes for managing customer data.
AWS Services
AWS Control Tower Guardrails, Amazon Security Hub, Amazon Config, Amazon IAM Analyzer, Amazon GuardDuty, Amazon Detective
Executive Summary
Quik! is a SaaS provider of digital form automation solutions that makes it easy for companies to design and deploy custom forms online. Quik! has a massive library of more than 38,000 financial forms that organizations can quickly customize for their needs. On the delivery side, data moves seamlessly into and out of Quik! forms, allowing users to integrate new information into critical workflows with minimal effort.
By the end of 2022, Quik! wanted to achieve SOC 2 compliance across its existing AWS environment. ClearScale provided an in-depth SOC 2 readiness audit that included remediation and live audit support. As a result, Quik! passed its audit and now carries much less risk related to its management of customer data.
The Challenge
In order to achieve SOC 2 compliance, Quik! needed to a Type 2 report, which assesses the effectiveness of security processes and controls design over the course of three months. Meeting an end of year deadline for SOC 2 compliance meant getting started on the audit preparation immediately and then making necessary changes. This type of project would normally take nine months to finish. The client needed it done much faster than that.
Quik! also wanted to keep costs as low as possible. Any updates had to be implemented efficiently and effectively to preserve the client’s budget.
Quik! approached ClearScale about working together again for this particular project. After two prior successful engagements – an implementation of data management infrastructure and delivery of managed services on the AWS cloud – Quik! knew that ClearScale had the technical expertise and knowledge to help with the SOC 2 audit preparation.
The ClearScale Solution
ClearScale provided a comprehensive solution to Quik! for this project:
- SOC 2 gap analysis to identify possible improvements related to the company’s treatment of customer data. More specifically, ClearScale performed a deep security assessment of the client’s multi-account AWS environment
- SOC 2 gap remediation to fix problems related to how the company managed customer data. This included developing new policies and procedures, including updated security and IT operational processes, as well as deploying additional software and cloud security solutions to bring the environment up to SOC 2 standards
- SOC 2 audit preparation to minimize risk associated with the impending third-party audit. ClearScale helped Quik! engage the right auditor for their unique business model
- SOC 2 audit assistance to support the client throughout the audit process. ClearScale worked with the auditor directly and answered any security questions that came up as part of the evaluation
This end-to-end approach was essential for ensuring a worry-free SOC 2 audit. The ClearScale solution also included usage of several third-party services, including HIDS (open source) and CIS hardening of operating systems.
For the remediation step, ClearScale implemented a multitude of AWS services, including:
- AWS Control Tower Guardrails to create specific rules around Quik!’s multi-account AWS environment deployment
- Amazon Security Hub to provide Quik! with a complete view of its security data and posture
- Amazon Config to help Quik! continually evaluate its resource configurations
- Amazon IAM Analyzer to increase visibility over resources that are shared with external entities
- Amazon GuardDuty to provide ongoing threat detection across AWS accounts and workloads
- Amazon Detective to empower Quik!’s security team to discover security vulnerabilities faster and more accurately
These services were all instrumental in Quik!’s security upgrade.
The Benefits
Thanks to ClearScale’s guidance, Quik! passed its SOC 2 audit, and its customer data is now much more secure. The ClearScale team added vital policies and procedures to the client’s security protocols. ClearScale deployed new security and IT services and built internal operational processes to make it easier for internal IT staff to keep the company’s cloud environment safe. ClearScale delivered all of these updates under a compressed timeline, and was available during sessions with the third-party auditor to answer any questions.
At a time when cybersecurity threats are on the rise and consumers are growing increasingly sensitive to how their data is used, Quik! made valuable changes to bring its cloud environment and data processes in line with current cybersecurity best practices. The company is exposed to far less risk and is ready to grow in the age of big data.