How Sprinto helped Dassana launch a compliance program centered on visibility
Dassana is in the business of security observability. Focused on helping businesses make the most of their investment in various data security tools, their security data lake platform identifies missing tool coverage and provides centralized reporting on KPIs such as MTTR and SLAs to operationalize and optimize security programs. Large companies and enterprise businesses in sectors like retail, healthcare, and B2B SaaS use Dassana to drive visibility and fill vulnerability management chasms.
SOC 2
USA
3 sessions
Time to SOC 2 audit readiness using Sprinto
2 weeks
Time to complete audit post 3 months of SOC 2 observation
Ready to get started?
Challenge
The increase in security misconfiguration incidents for cloud-hosted applications has led to a mounting need for cloud observability platforms. “Every other week you hear about some breach. A poorly configured cloud resource or a vulnerability is often the culprit,” says Parth Shah, co-founder and head of product and engineering at Dassana. “We decided to build a security data lake that solved for [system] visibility and drove efficiencies at scale.”
As soon as Dassana’s product was market-ready, the team decided to bolster it with compliance reports and certifications. “The moment we wanted to start working with customers, we realized the importance of demonstrating compliance – it was a key initiative,” notes Parth. “Compliance opens doors,” he adds.
In his previous role as founding engineer at RedLock, a cloud infrastructure compliance company later acquired by Palo Alto Networks, Parth focused on tracing paths to visibility. “We had an API-first approach. Without it, it would be difficult to inspect systems, query them, and obtain data worth analyzing,” he notes. “When we discovered Sprinto, we found a similar approach at work,” Parth adds.
Having dealt with compliance in his previous role, Parth was wary of chasing down the traditional path again. He notes,
Traditional methods of compliance are rough. They are more expensive, time-consuming, and require more ‘pull’ than ‘push.’ You need to do the hard work of getting everyone to do their part.
Dassana chose Sprinto as its compliance automation partner due to its user-friendly design, affordability, and automated workflows. However, what appealed most was Sprinto’s continuous monitoring feature. “We wanted a solution that wasn’t just a one-time fix,” notes Parth.
Compliance is a must-have – it keeps the lights on. To move fast, continuous compliance is essential.
Solution
Dassana plugged into Sprinto to launch a SOC 2 compliance program.
After integrating their tech stack, the team only needed to perform attribution work. Parth recalls, “Because our team was small, assigning roles, responsibilities, and priorities were relatively easy.”
The implementation of the program was expedited by the fact that Dassana was already following compliant operational practices. Says Parth, “We were well-versed in how to set up cloud infrastructure for security. This way we could do 4 weeks’ worth of work in just 1 session. Then we only had to work on streamlining policies.”
Dassana began setting up automated compliance workflows and alerts – a one-time configuration. “Once activated, I received weekly alerts on issues, anomalies, and similar matters. Having these touchpoints was delightful,” Parth recounts.
Once set up, rest assured, Sprinto’s automation works.
Because Sprinto’s system is push-based, rather than pull-based, Parth felt assured that compliance tasks will be completed without him having to intervene constantly. “Instead of approaching people and asking for updates, which is the most manual part of compliance, a push-based system makes my life easy. I don’t have to take any action. The platform sends me status updates and triggers workflows for remediation on its own.”
The speed at which we were able to get to visibility, that instant gratification, nothing comes close to that.
To meet PEN testing requirements, Dassana picked a vendor from Sprinto’s partner network. “Sprinto pointed us to vetted vendors that matched our pricing needs. Sprinto just became a one-stop shop for compliance,” notes Parth.
Results
Dassana was SOC 2 audit ready in 2 weeks.
To complete their SOC 2 audit, they added an auditor from Sprinto’s partner network to the audit dashboard. “It was a smooth experience,” recounts Parth. “The auditor got access to Sprinto, they did their own [evidence] verification within the platform and 2 follow-ups later we were done.”
Throughout the process, you are constantly saving time. Because so much is automated, and done by tech, so there’s no scope for error or need for human verification.
Delighting in the consolidated nature of the platform, Parth underscores how Sprinto helps bridge trust between a business and its auditor. “When both you and your auditor know that the tech works, that there are no blind spots, it makes everyone’s life easy.”
Parth also rejoices in the fact that there is now a heightened awareness around compliance across the company. “By doing the training and given the fact that everyone is connected to Sprinto and can see compliance playing out org-wide, people have started to understand the why – why we are doing this, and how they play a role.”
With Sprinto owning and driving compliance visibility, Parth is confident in the organization’s ability to continue moving fast and innovating. “If a new GitHub repository is added, Sprinto’s protection rules kick in immediately. That’s the power of the platform. Compliance no longer gets in the way of our growth. We are growing in a compliant manner.”
Sprinto ensures overall visibility, making sure everyone is on top of compliance.