Unfortunately for devops teams everywhere, auditors are starting to catch onto how applications are made and deployed rapidly in the cloud. If you're like me, you can remember the first time you fully grasped how overwhelming an audit was about to be. I was handed a 250 row spreadsheet of controls and asked by our compliance team, "do we do these things and could you send screenshots for them?" To make things worse, our legal team preemptively hired a consultant to provide pointless commentary every step of the way. This event drives us to create Control. We want to automate the auditors out of the way, so you can get back to the cool stuff.

First, let’s start with something you may not realize: Achieving real and conscionable security through SOC 2 compliance has likely never been easier. Thousands of businesses are already turning security into a competitive differentiator. Getting SOC 2-certified is a meaningful way for businesses to establish trust and reassure their clients and partners that their sensitive information is secure. For this reason, and several others we'll dive into, organizations obtain SOC 2 reports earlier in their lifecycle than in previous years.

No one starts a business out of a passion for security audits. Learn how to get started with security and compliance, for free.

Prioritizing security as a startup feels overwhelming. There are as many suggestions as there are consultants to provide them: should your first hire be a CISO, security engineer, or compliance officer? Should you bring on a consultant or a managed service provider? Should you pursue SOC 2, ISO 27001, or NIST first? What about setting up a SIEM, MDM, or container scanning?

In the context of data protection, modern digital businesses realize the dangers that come with using sensitive information in its raw form. Figuring out a way to collect and use the original data without putting it at risk remains a challenge, and organizations must channel a lot of their resources into IT security that protects their users’ sensitive data like credit card numbers and other cardholder information.

With so many highly-publicized data breaches hitting newspaper headlines in recent years, including a massive Capital One data breach in 2019, it has become more important than ever to protect sensitive consumer data and limit its exposure to data leaks.

We’re excited to announce that we’ve partnered with our friends at Netlify to develop an add-on that effortlessly and securely collects data via webforms.

Today, we’re happy to announce the introduction of our new Compliance Academy, a resource where you can learn all about compliances and regulations such as PCI, SOC2, GDPR and CCPA.

In the last 2 years at VGS we’ve seen a significant uptick in interest regarding regulation. Every day we field multiple questions from people trying to understand if their company is “in scope” and if so, what they need to do about it. There are a number of reasons for this interest but primarily it appears to be driven by uncertainty. Both startups and established companies alike face the prospect of a world with increased regulation and significantly stiffer penalties for failure to comply.