Case Study - Security Analysis for AI-Based Monitoring Solution - Fama Technologies

Security Analysis for AI-Based Monitoring Solution
Cloud security - hand typing on tablet

Executive Summary

Fama Technologies Inc. is an AI-based social media monitoring solution used to assist Human Resources departments in evaluating candidates. Fama operates in a highly regulated market with very sensitive data, where they aim to provide the most secure and compliant operating environment for their applications. In an effort to achieve their SOC2 certification, Fama engaged Stratus10 to perform an in-depth security assessment of their cloud resources and assist them in meeting their compliance goals. Findings included results of multiple security scans and recommendations to implement AWS security best practices, including critical items to address.


 

Highlights

Stratus10 evaluated all components of the Fama AWS environment, covering: 

  • Existing infrastructure
  • Infrastructure delivery
  • Application delivery/DevOps
  • Identity and access management
  • Cloud application architecture

These domains were checked against multiple frameworks  to ensure the highest security requirements and best practices are met. Frameworks checked included: 

Results of the report were delivered alongside detailed steps for remediation.

 

About the Customer

URL: https://fama.io

Fama Technologies is a California-based SaaS platform company that uses their proprietary artificial intelligence solution to screen applicants’ digital footprints for negative behaviors like sexual harassment, bigotry, violence, and more. Their solutions help companies build better, more diverse, and inclusive workplaces and to protect their brand.

 

Challenge

Fama Technologies needed assistance ensuring that their AWS cloud infrastructure and software met required standards to achieve SOC2 certification, which is a compliance standard specifying how organizations manage customer data in terms of security, availability, processing integrity, confidentiality, and privacy. 

Through an audit of Fama’s solutions and infrastructure, they could effectively meet security benchmarks of SOC2 and pursue security-related certifications of their software. Meeting SOC2 compliance is critical to their business strategy or they run the risk of negative impacts on sales and eroding trust among existing customers. 

 

Why AWS and Stratus10

Fama Technologies’ artificial intelligence and machine learning solutions within AWS aggregate massive amounts of data from multiple 3rd party social media platforms. Without the scalability, elasticity, and access to hosted cutting edge technologies that AWS provides, Fama Technologies would not be able to deliver the compute and storage solutions necessary to provide a highly-available platform ingesting the amount of data they do. 

Stratus10’s team of cloud engineers and cloud security experts possess both infrastructure, security, and DevOps expertise, enabling Stratus10 to evaluate Fama's cloud resources from multiple perspectives and provide clear and concise recommendations. By employing tools from technology partners such as Trend Micro, AlertLogic and Armor, Stratus10 gives its clients access to enterprise-grade services that would otherwise be too costly or complex to run.

 

Solution

Stratus10 provided a detailed audit of Fama's AWS environments with a focus on security and vulnerability. A team consisting of cloud infrastructure specialists, AWS solution architects, DevOps professionals, and software engineers evaluated Fama accounts and resources. A variety of automated tools from Trend Micro and AlertLogic were also employed to scan resources for known vulnerabilities and for violations of best practices. 

Stratus10 compiled the automated and manual audits of the resources, risk-scored them, and provided a detailed remediation plan not only identifying and describing every finding, but providing Fama with the information necessary to remediate each of them. 

Finally, the Stratus10 team met with Fama’s project team to deliver the report, review findings, and explain resolution tactics.

 

Services Delivered

Stratus10 provided results addressing the security best practices in the following areas:

  • Landing Zone and Account Organization
  • Use IAM Roles and Groups for access to resources
  • Access to Amazon S3 buckets 
  • Databases and data tier applications 
  • Multi-Factor Authentication for all users
  • Credentials and keys 
  • Setup of metrics and alarms for anomalous activity with established response tactics
  • CloudWatch alarms configured for high-risk actions
  • Encryption 
  • AWS Shared Responsibility Model 

Graphic of AWS shared responsibility model

 

Results and Benefits

Fama Technologies received an in-depth analysis of their AWS environments against several security frameworks and best practices benchmarks. The results were risk-scored, clearly documented, and then reviewed with the Fama team. Fama was able to identify incremental changes they can make to their infrastructure, applications, and delivery processes that will enhance the security posture of the organization and prepare them for security and compliance audits in the near future. 

With this audit Fama was able to project the work needed to complete their certification. It also provided detailed information about the vulnerabilities of their environment and best practices they should implement to create a more secure operating environment for their applications and ensure SOC2 certification.

In-depth Analysis
Magnifying glass

Aligned to security frameworks and best practices, Fama’s in-depth audit provided scored vulnerabilities as well as implementation steps.

 

Shared Responsibility Model
Settings gear

Adherence to AWS’ shared responsibility model ensures customers maintain security in the cloud while AWS ensures security of the cloud.

Compliance with SOC2
Chart, arrow, and checkmark

The security analysis gives Fama insight into the actions needed to achieve their security goals and SOC2 certification.

 

Implementation Partner
Two people

With Stratus10 acting as an extension of Fama’s team, Fama has a partner ready to implement the necessary security measures.

 

Next Steps

After the initial analysis was delivered, Fama engaged with Stratus10 to assist with the remediation of the findings from the audit. Stratus10 will work with Fama to improve their security posture and prepare for the environment certifications they have planned for later this year. As needed, Stratus10 will bring in additional security tools to further enhance their protective measures going forward, including proactive monitoring and predictive models including anomaly detection.

About Stratus10

Stratus10 is an Advanced AWS Partner Network (APN) Consulting Partner helping companies migrate to the cloud or implement best practices if they're already on AWS. With Managed Security Services, we implement and manage the security of your data and infrastructure. We also specialize in DevOps, application modernization, migration, and cost optimization to help our clients take full advantage of the latest technologies AWS has to offer. 

 

Use case: Security

Client: Fama Technologies

Date: April 2022

Category: Security

Get in Touch

Got questions about security? Talk to one of our representatives today and let us help answer all your cloud security questions!