Sensitive Data Protection for HR Services Provider
An ISV that provides HR services and a hiring platform, operating predominantly in the North American market.
Our client needed to improve the security posture of its SaaS solution to satisfy investor and legal obligations on data protection—especially identifiable information (PII) in. As our client’s business grew, information security quickly became the key to further expansion.
Our client needed to:
- Enable business growth by leveling up security maturity of its platform to attract external investments
- Ensure that sensitive data is properly protected and business continuity is enabled
- Establish security guidelines for the cloud environment and development activities
- Become faster, more agile, and more standardized to gain a competitive advantage
- Become more efficient, and thus more profitable, by automating security operations
SoftServe performed a full-cloud infrastructure security assessment, an evaluation of current CI/CD practices and the related toolset from a security standpoint. We ensured that sensitive information and business operations are protected and transparent.
In addition to securing the cloud infrastructure, we also covered our client’s SDLC and CI/CD processes by implementing a security toolset for developers and by performing security trainings on various development aspects for the cloud.
- Security related costs were drastically reduced by adopting open-source tools and relying on CSP security services and components
- A detailed technical roadmap to further improve our client’s security posture
- Severe security risks were mitigated through the implementation of required technical controls
- Considerable improvements were made in infrastructure and data security, operational visibility, and service availability
- Personnel were trained on specific security controls and how to operate and customize them.
- Introduced security and SecOps experts to our client’s development and operational team to enable an agile approach to security
- Performed security assessments with the design and implementation of technical security controls to reduce time and effort
- Designed a security architecture and toolset primarily with open-source components, utilizing the “everything-as-a-code" concept to reduce costs
- Fully automated the most important day-to-day security operations using CSP-provided tools and services
- All detected gaps and risks were documented, prioritized, and communicated with the client
- SoftServe proposed technical approaches to risk mitigation, designed technical security controls, and implemented them in a production environment