Overview A Good Problem to Have When the CARFAX Delivery Team doubled in just four…
AWS Well Architected Review Case Study
Company Size: 1,000 Employees
Location: CA, US
Tricentis Flood needed to achieve SOC 2 compliance as a service provider. In preperation for this upcoming audit, they wanted to review their existing practices to make sure they were up to practice standards.
Tricentis Leverages Cprime’s AWS Expertise to Achieve SOC 2 Compliance
About Tricentis Flood:
Tricentis Flood is a distributed, cloud load testing platform that helps teams test, analyze and improve the way their applications scale — with seamless integration across the DevOps pipeline. With Tricentis, you can achieve a continuous view of application performance and go live with confidence.
Tricentis adopted Cprime’s recommendations for performance improvements, including the following AWS Services:
Threat Detection: AWS GuardDuty – Ensures threat detection by continuously monitoring for malicious activity and unauthorized behavior.
Traceability: VPC Flow Logs – Provides traceability of network traffic within AWS Virtual Private Clouds.
Reliability: Application Load Balancers and Autoscaling Groups – Distributes traffic across multiple AWS availability zones to increase reliability and fault tolerance.
Disaster Recovery: Amazon S3 – Object storage with replication across regions to ensure disaster recovery.
Secure User Access: IAM – Manages user access credentials and programmatic access keys to AWS services.
Conducting a Technical Analysis for Guidance
As a service provider, Tricentis Flood needed to achieve SOC 2 compliance. In preparation for a SOC 2 audit, Tricentis wanted to review their existing practices and proactively apply necessary remediations. Beyond SOC 2 compliance preparation, Tricentis also desired a review of their Flood workload implementation relative to AWS architecture best practices.
Identifying & Implmeneting Improvements
Cprime conducted an AWS Well-Architected Review on the Tricentis Flood workload. This involved a technical analysis of the Flood AWS implementation followed by a structured consulting session with Tricentis technical and business stakeholders. Out of the review, Cprime identified a number of improvements in the areas of security, reliability, and operations. Tricentis immediately implemented many of the recommendations.
As a result of the Well-Architected Review and guidance provided by Cprime, Tricentis Flood achieved the following benefits in its architecture:
Improved Security Protection Against Potential Threats
The addition of intrusion detection and detailed network logging provides greater threat protection as well as enhanced forensic capability in the event of a security incident
High Availability in the Face of Data Center Outages
The distribution of compute and storage across AWS availability zones and regions ensures system availability in the event an AWS data center or region becomes disabled.
Reduced Exposure to Potential Compromised Security
Tightened controls on access credentials and stricter network configuration reduces points of potential exploit by security threats.Want to share with a colleague? Download the PDF