In today’s security conscious B2C and B2B markets, companies, especially those operating in high compliance industries like healthcare, have to be mindful of planning, implementing and maintaining good-practice security. This can quickly prove daunting for teams unfamiliar with the intricacies of interpreting regulations and frameworks like HIPAA, HITRUST and SOC 2 into meaningful implementation, maintenance and monitoring details in their software development lifecycle and infrastructure. Add to this the ever-changing security expectations of customers and auditors on what it means to be secure and compliant, and software engineers spend more time maintaining and proving their security posture and less time building value for their target market.
Aptible was built to solve just this, abstracting away infrastructure security considerations and providing a platform-as-a-service that allows teams to quickly launch containerized apps and databases that instantly comply with a wide variety of regulations and frameworks like HIPAA and HITRUST.
But we also recognize that a vast number of teams would benefit from not just having greater visibility into the security safeguards Aptible has in place across different aspects of the infrastructure, but do so in a way that helps them understand what they need to do to further improve their posture to reach a compliance goals, and provide them with any artifacts in the process to pass security audits.
To help with this, we’re excited to be showcasing the newest Aptible feature - the Compliance Visibility dashboard.
The Compliance Visibility dashboard provides a unified view of all the technical security controls in place Aptible fully enforces and manages on your behalf, as well as security configurations you have controls over in the platform.
Think of security controls as safeguards implemented to protect various forms of data and infrastructure, important both for compliance satisfaction as well as best-practice security.
The new Compliance Visibility dashboard is a welcome addition to gain an in-depth understanding of the different areas of infrastructure security that Aptible abstracts for us, as well as learn of other ways to improve the overall security of our hosted resources through tailored recommendations provided to us in the UI. We're going through a SOC 2 Type 2 audit at the moment, and are already starting to see the benefits of the dashboard, including the detailed, auditor-friendly descriptions provided for each security control, to efficiently gain the confidence of our auditors in our infrastructure security"
- Andrew Fisher, Director of Product at Perky
With this feature, Aptible customers can not only see in detail the many infrastructure security controls Aptible automatically enforces on their behalf, but also get actionable recommendations around safeguards they can configure on the platform (for example, enabling cross-region backup creation) to improve their overall security posture and accelerate compliance with frameworks like HIPAA and HITRUST. Apart from being visualized in the main Aptible dashboard, these controls along with their descriptions can be exported as a print-friendly PDF for sharing externally with prospects and auditors to gain their trust and confidence faster.
You can access the Compliance Visibility dashboard by clicking on the Security and Compliance tab in the navigation bar. Here’s documentation to learn more about using the dashboard in greater detail.
Video explaining what the dashboard is, and how to use it.
With the Compliance Visibility dashboard, Aptible customers can see efficiency-gains for the following outcomes.
The dashboard clearly outlines the various security controls in place across all of your environments. These security controls are grouped by different categories that pertain to various pieces of an organization’s overall security posture. These categories include:
Each control is continuously checked for how they’re performing against the resources in scope. Every security control is currently mapped to the required and addressable requirements of HIPAA, as well as the compliance requirements of the HITRUST-CSF framework. The dashboard provides you with compliance readiness scores for these frameworks based on how well all the controls are performing, providing you with a quick view of your current security posture.
Your security controls can be sorted to identify resources that aren’t meeting the expected implementation of the control. Clicking into each control should reveal to you and your teams what the control is checking for, the resources in scope, and any supporting documentation to help you implement the control correctly. This also helps you prioritize any configuration changes you have to make on your end in order to improve your security posture and accelerate compliance. For example, the Mulli-factor Authentication control tests for the activation and enforcement of MFA/2FA on the account level, whereas a control like Cross-region backups is applied on the Database level, testing whether or not you’ve enabled the auto-creation of geographically redundant copy of each Database backup for disaster recovery purposes.
You can also choose to ignore the control implementation, thereby no longer seeing the notification in the UI as well as ensuring it does not affect your overall compliance readiness score.
Each control comes with a description to give your teams an overview of what the safeguard entails, as well an auditor-friendly description to share externally during compliance audits. These descriptions can be quickly copied and shared in any vendor or auditor security questionnaires that come your way.
You can also generate a shareable PDF of your overall security and compliance posture based on the controls implemented. This allows you to quickly provide various internal stakeholders and external auditors and customers with an in-depth understanding of your infrastructure compliance posture, thereby building trust in your organization’s security early on in any compliance and security audit process.
The Compliance Visibility dashboard is your go-to resource to deeply understand the various safeguards Aptible has in place across the infrastructure, learn of controls that are in your wheelhouse to configure, and use this information to quickly pass audits.
All new security features Aptible will be releasing in the future, like managed Network Intrusion Detection and Remediation, will be appropriately visualized in the dashboard. If you have any pointed questions, do let us know.