Case Study - Security Analysis for AI-Based Monitoring Solution - Fama Technologies
Fama Technologies Inc. is an AI-based social media monitoring solution used to assist Human Resources departments in evaluating candidates. Fama operates in a highly regulated market with very sensitive data, where they aim to provide the most secure and compliant operating environment for their applications. In an effort to achieve their SOC2 certification, Fama engaged Stratus10 to perform an in-depth security assessment of their cloud resources and assist them in meeting their compliance goals. Findings included results of multiple security scans and recommendations to implement AWS security best practices, including critical items to address.
Stratus10 evaluated all components of the Fama AWS environment, covering:
- Existing infrastructure
- Infrastructure delivery
- Application delivery/DevOps
- Identity and access management
- Cloud application architecture
These domains were checked against multiple frameworks to ensure the highest security requirements and best practices are met. Frameworks checked included:
- CIS AWS Foundations Benchmark
- AWS Well-Architected Framework
- SOC2 Framework
- AWS Shared Responsibility Model
Results of the report were delivered alongside detailed steps for remediation.
About the Customer
Fama Technologies is a California-based SaaS platform company that uses their proprietary artificial intelligence solution to screen applicants’ digital footprints for negative behaviors like sexual harassment, bigotry, violence, and more. Their solutions help companies build better, more diverse, and inclusive workplaces and to protect their brand.
Fama Technologies needed assistance ensuring that their AWS cloud infrastructure and software met required standards to achieve SOC2 certification, which is a compliance standard specifying how organizations manage customer data in terms of security, availability, processing integrity, confidentiality, and privacy.
Through an audit of Fama’s solutions and infrastructure, they could effectively meet security benchmarks of SOC2 and pursue security-related certifications of their software. Meeting SOC2 compliance is critical to their business strategy or they run the risk of negative impacts on sales and eroding trust among existing customers.
Why AWS and Stratus10
Fama Technologies’ artificial intelligence and machine learning solutions within AWS aggregate massive amounts of data from multiple 3rd party social media platforms. Without the scalability, elasticity, and access to hosted cutting edge technologies that AWS provides, Fama Technologies would not be able to deliver the compute and storage solutions necessary to provide a highly-available platform ingesting the amount of data they do.
Stratus10’s team of cloud engineers and cloud security experts possess both infrastructure, security, and DevOps expertise, enabling Stratus10 to evaluate Fama's cloud resources from multiple perspectives and provide clear and concise recommendations. By employing tools from technology partners such as Trend Micro, AlertLogic and Armor, Stratus10 gives its clients access to enterprise-grade services that would otherwise be too costly or complex to run.
Stratus10 provided a detailed audit of Fama's AWS environments with a focus on security and vulnerability. A team consisting of cloud infrastructure specialists, AWS solution architects, DevOps professionals, and software engineers evaluated Fama accounts and resources. A variety of automated tools from Trend Micro and AlertLogic were also employed to scan resources for known vulnerabilities and for violations of best practices.
Stratus10 compiled the automated and manual audits of the resources, risk-scored them, and provided a detailed remediation plan not only identifying and describing every finding, but providing Fama with the information necessary to remediate each of them.
Finally, the Stratus10 team met with Fama’s project team to deliver the report, review findings, and explain resolution tactics.
Stratus10 provided results addressing the security best practices in the following areas:
- Landing Zone and Account Organization
- Use IAM Roles and Groups for access to resources
- Access to Amazon S3 buckets
- Databases and data tier applications
- Multi-Factor Authentication for all users
- Credentials and keys
- Setup of metrics and alarms for anomalous activity with established response tactics
- CloudWatch alarms configured for high-risk actions
- AWS Shared Responsibility Model
Results and Benefits
Fama Technologies received an in-depth analysis of their AWS environments against several security frameworks and best practices benchmarks. The results were risk-scored, clearly documented, and then reviewed with the Fama team. Fama was able to identify incremental changes they can make to their infrastructure, applications, and delivery processes that will enhance the security posture of the organization and prepare them for security and compliance audits in the near future.
With this audit Fama was able to project the work needed to complete their certification. It also provided detailed information about the vulnerabilities of their environment and best practices they should implement to create a more secure operating environment for their applications and ensure SOC2 certification.
After the initial analysis was delivered, Fama engaged with Stratus10 to assist with the remediation of the findings from the audit. Stratus10 will work with Fama to improve their security posture and prepare for the environment certifications they have planned for later this year. As needed, Stratus10 will bring in additional security tools to further enhance their protective measures going forward, including proactive monitoring and predictive models including anomaly detection.
Stratus10 is an Advanced AWS Partner Network (APN) Consulting Partner helping companies migrate to the cloud or implement best practices if they're already on AWS. With Managed Security Services, we implement and manage the security of your data and infrastructure. We also specialize in DevOps, application modernization, migration, and cost optimization to help our clients take full advantage of the latest technologies AWS has to offer.
Use case: Security
Client: Fama Technologies
Date: April 2022