One company, Whisker Labs, is leveraging data analytics from energy IoT devices to deliver home intelligence via energy savings and greater peace of mind. The company’s sensing and software technology mines the electrical network of the home, detecting electrical fire hazards. Energy management services intelligently manage and optimize thermostats for greater savings and comfort.
Whisker Labs takes the security of their customer’s data seriously. Since that data is kept in the cloud, Whisker Labs is required to provide proof of compliance with respect to SOC 1 and 2 to ensure consumers' data is protected. Any organization that stores customer data in the cloud must meet SOC 2 compliance requirements that establish controls for data security, availability, processing integrity, confidentiality, and privacy. It was established by The ASEC Trust Information Integrity Task Force. Because providing proof of compliance can be time consuming, the Whisker Labs team wanted to streamline the process to save time and resources.
That’s when the company turned to Fugue for help with this challenge. Fugue made it easy for Whisker Labs to document its AWS environment for auditors and to gain visibility into its infrastructure to optimize utilization. Additionally, Fugue’s “policy as code” enforces controls in the infrastructure configuration files ensuring that infrastructure cannot be deployed when there are policy violations. “The Fugue solution has helped us with SOC 2 Type 1 compliance and will form the foundation for ensuring controls remain continuously compliant as we transition to SOC 2 Type 2” according to Eric Weller, VP of Engineering.
By integrating Fugue into their DevOps processes, Whisker Labs has been able to ensure policy enforcement and ensure that sensitive data is not exposed due to misconfigurations. Read the full case study here.