![]() ![]() What Should I Know?īottom-line: SOC2 is a weak positive indicator of security maturity, in the same ballpark of significance as a penetration test report (but less significant than multiple pentest reports). Consumers, meanwhile, split down the middle between cynics who’re certain it’s worthless and true-believers who think it sets the standard for how security should work.Įverybody would be better off if they stopped believing what they believe about SOC2, and started believing what I believe about SOC2. Startups that would benefit from SOC2 are held back by the belief that it’s difficult and expensive to obtain. Having now project-managed Fly.io’s SOC2, I’d like to true that post up, since I’m officially a leading authority on the process. But also, a few years ago, I wrote a blog post about what startups need to do to gear up for SOC2. I have complicated feelings about SOC2, which you will soon share. ![]() SOC2 is the best-known infosec certification, and the only one routinely demanded by customers. Spoiler: the SOC2 Starting Seven post held up pretty well. The rest of you, though, I want to talk to you about what SOC2 is and how it works. If you’re off getting your app up and running on Fly.io and finding your checkbook, great! I won’t get in your way. We’ll come right to the point: if you were waiting for us to be SOC2-compliant before giving us all your money, well, we’re SOC2 now, so take us for a spin and make your checks payable to Kurt. 23 min Share this post on Twitter Share this post on Hacker News Share this post on Reddit SOC2: The Screenshots Will Continue Until Security Improves Author Name Thomas Ptacek Social Media View Twitter Profile Image by Annie Ruygtįly.io runs apps close to users by taking containers and upgrading them to full-fledged virtual machines running on our own hardware around the world. ![]()
0 Comments
Leave a Reply. |