Vanta: Maintaining Security Standards with Christina Cacioppo

SOC 2 is a security audit to prove that SaaS companies have secured their company and customer data. It’s often considered the minimum audit necessary to sell software. HIPAA is a federal law regulating how sensitive medical information about patients must be handled. ISO 27001 is the global benchmark for demonstrating your information security management system. What do these things have in common?

They are all security standards that companies need to maintain and renew to be trustworthy to customers. They also take intense preparation with months of work, and hundreds of screenshots to prove compliance with auditors. The company Vanta provides automation tools to monitor your applications and maintain compliance. Fix items on your Vanta to-do list, and when you’re ready a Vanta-trained CPA will perform an audit with you. 

In this episode we talk with Christina Cacioppo, CEO at Vanta. We discuss the accreditation process and security needs for various companies and how Vanta is keeping companies in compliance.

Sponsorship inquiries: sponsor@softwareengineeringdaily.com

Transcript

Transcript provided by We Edit Podcasts. Software Engineering Daily listeners can go to weeditpodcasts.com to get 15% off the first three months of audio editing and transcription services with code: SED. Thanks to We Edit Podcasts for partnering with SE Daily. Please click here to view this show’s transcript.


Sponsors

WorkOS is a developer platform to make your app enterprise-ready. With a few simple APIs, you can immediately add common enterprise features like Single Sign-On, SAML, SCIM user provisioning, and more. Developers will find beautiful docs and SDKs that make integration a breeze. WorkOS is kind of like “Stripe for enterprise features.” WorkOS powers apps like Webflow, Hopin, Vercel, and more than 100 others. The platform is rock solid, fully SOC-2 compliant, and ready for even the largest enterprise environments. So what are you waiting for? Integrate WorkOS today and make your app enterprise-ready. To learn more and get started, go to softwareengineeringdaily.com/workos

Datadog is a cloud-scale monitoring platform that unifies metrics, logs, and traces from technologies like Istio, App Mesh, and Envoy. Plus, Datadog’s Service Map automatically plots out the dependencies in your microservices architecture for seamless, context-rich troubleshooting. With rich visualizations, algorithmic alerting, and more than 450 vendor-supported integrations, Datadog allows you to monitor your distributed applications in real time. Start a free 14-day trial today by visiting softwareengineeringdaily.com/datadog, and Datadog will send you a complimentary t-shirt.

ClickUp is no-code project management software that brings all of your engineering work into one place, and they guarantee to save you one day every week by consolidating your tools. Engineers use ClickUp to collaborate on code, docs, sprints, bug tracking, roadmaps, and chat. So code smarter, not harder with ClickUp. Try ClickUp for Free today at ClickUp.com/sedaily and use code SED to get 30% off Unlimited and 15% off Business plans.

CockroachDB is a distributed SQL database that makes it simple to build resilient, scalable applications quickly. CockroachDB is Postgres compatible, giving the same familiar SQL interface database developers have used for years. CockroachDB is resilient, adaptable to any environment, and Kubernetes-native. Host it on prem, run it in a hybrid cloud, and even deploy it across multiple clouds. Sign up for your forever-free database and get a free t-shirt at cockroachlabs.com/sedaily.

If you have several PostgreSQL or MySQL databases running behind NAT, check out Teleport, an open source identity-aware access proxy. Teleport provides secure access to anything running behind NAT, such as SSH servers or Kubernetes clusters and – new in this release! – database instances, including AWS RDS. Teleport gives MySQL and Postgres users superpowers. Teleport ensures best security practices like role-based access, preventing data exfiltration, providing visibility and ensuring compliance. Download Teleport at softwareengineeringdaily.com/teleport 

Software Daily

Software Daily

 
Subscribe to Software Daily, a curated newsletter featuring the best and newest from the software engineering community.