ShareAbout Token SecurityWelcome! This is the inaugural episode of Token Security, our goal is to teach the core curriculum for modern devsecops. Each week we will go deep with an expert on a specific topic so you walk away with practical advice to apply to your team today. No fluff, no buzzwords.About This EpisodeThis episode we sit down with Peter Tormey, Head of Infrastructure at SoFi. The crew talks PII, security and what it takes to maintain privacy at-scale for the new model of finance. Peter leads the team that manages and develops a HA Postgres infrastructure using CoreOS utilizing K8s to orchestrate over 100 microservice databases. About The HostsMax SaltonstallMax Saltonstall loves to talk about security, collaboration and process improvement. He's on the Developer Advocacy team in Google Cloud, yelling at the internet full time. Since joining Google in 2011 Max has worked on video monetization products, internal change management,
Read more
With so much jargon in compliance, it's important to ask the fundamental questions: what is SOC 2 compliance?What is SOC 2 compliance?SOC 2 compliance is an audit framework designed to help service organizations demonstrate how they secure customer data stored in the cloud. Commonly adopted by software vendors, it establishes strict policies to secure and protect the privacy of customer data. SOC 2 is different from SOC 1, which reports on controls at a service organization relevant to financial reporting, and also different than SOC 3, which reports on the same information as SOC 2 but in a format intended for a more general audience. This blog post will focus on SOC 2 compliance (Service Organization Control 2).How to become SOC 2 compliantThe process to become SOC 2 compliant typically takes six months. To begin the process, first form a team to own the project. That team will be responsible
Read more
If you are new to compliance, it’s easy to confuse SOC 2 Type 1 and SOC 2 Type 2. SOC 2 Type 1 is different from Type 2 in that a Type 1 report assesses the design of security processes at a specific point in time, while a Type 2 report (also commonly written as “Type ii”) assesses how effective those controls are over time by observing operations for six months. If that weren’t confusing enough, SOC 2 is different than SOC 1, which focuses on an organization’s financial statements and financial reporting. It’s also different than SOC 3, which reports on the same information as SOC 2, but in a format intended for a more general audience. This blog post will focus specifically on SOC 2 Type 1. You will also need to determine which report types best fit the needs of your company and customers. For some background,
Read more
