InfluxData is SOC 2 Certified

What is SOC 2 compliance?

  • Type I: The report describes a vendor’s systems and whether their design is suitable to meet relevant trust principles.
  • Type II: Essentially, Type II is Type I over time; it includes a historical element that shows how controls were managed by a business over a minimum period of six months.

Why does SOC 2 compliance matter?

Customer trust

Customer compliance requirements

Foundation for additional certifications

What did our SOC 2 audit include?

  • Monitoring: In an upcoming post, we’ll describe how we use InfluxDB Cloud to monitor access to our own systems.
  • Auditing: We use InfluxDB Cloud to audit system access. Using a time series database, rather than a traditional SIEM, allows us to store many more events at a lower cost, since a time series database avoids the noisy data inherent in log files.
  • Alerting: InfluxDB Cloud supports a range of alerting options, which we use to become notified when we detect a potential breach.

Need to become SOC 2 compliant?

  • Use Single Sign-On (SSO) using Okta, Google Cloud Identity, or similar, to sign into your applications and VPN, and integrate multi-factor authentication (MFA) into your SSO.
  • Secure your repos by locking your deploy branch, requiring pull requests to merge to it, and using continuous integration / continuous deployment (CI/CD) to automate your deployment.
  • Centralize your logging, using a SIEM and/or a time series database.
  • Automate provisioning, using Terraform or similar, storing configs in GitHub or similar, in a secured repository.
  • Secure your cloud configurations, for instance by using CloudTrail and AssumeRole on AWS.
  • Vendor security, by tracking all the software that you use and understanding their security postures.
  • Secure admin consoles, by putting your admin consoles behind a VPN accessible only with SSO and thus MFA.

Conclusion

Occasional thoughts on tech, sailing, and San Francisco

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Creating your first gRPC .NET Core Client and Server App using Visual Studio or Visual Studio Code

From local storage To-do list to Fractal, Peer-to-Peer Habit Tracker

Project Ideas for the Raspberry Pi

No, you should not go to a coding bootcamp.

Cadence vs. Solidity

Garbage Collector

Comparing Heroku vs AWS EC2 when deploying your node js app w a database.

The Best Linux Distro To Learn Linux From Start To Finish.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Al Sargent

Al Sargent

Occasional thoughts on tech, sailing, and San Francisco

More from Medium

Empowering Developers with a Universal Cloud API: Our Investment in Upbound

Bassam Tabbara, Founder & CEO of Upbound

Big data under threat, new vulnerability in Apache Cassandra

History, Principles, and implementation of SRE

What is DevOps:The Bakery analogy.