Zipstack strengthens Infosec posture management through GRC automation

Zipstack, a Cloud Data Mesh platform, helps both data engineers and business users to create HyperTables, which are zero DataOps and zero ETL data products employing powerful low-code/no-code tools. HyperTables are searchable and discoverable, making it easy for data-driven teams in organizations of all sizes to find, share, and re-use data with both internal and external customers. Zipstack ships with ready-to-use connectors to 150 different sources, including SaaS applications.

Filtering through the millions of relational and non-relational data sources to govern, manage, learn and analyze what is relevant to your organization is a task. The work Zipstack is doing to simplify data operations by automating it is very pertinent and applicable to various industry use cases. However, when there is an inflow of complicated data every day, the risk exposure, both for the organization and the clients, is naturally exponential. 

Zipstack is onboarding clients operating in several industries, which creates a complicated cloud asset inventory. However, ensuring that proper risk management measures are being taken is a no-brainer. To tackle the issue in a secure manner, Zipstack decided to pursue compliance towards SOC 2, ISO 27001, GDPR and HIPAA. 

Given the multiple standards Zipstack needs to manage and the complexity of the cloud environment, they deployed Scrut’s Cloud Security to detect potential misconfigurattions across 200+ controls that would put their compliance at risk. 

The decision to shift their compliance left helped them not only establish a robust information security management system but also arrest potential misconfigurations at the very early stages of the development lifecycle. It also helped them establish a continuous compliance posture towards 4 of the industry leading frameworks, ensuring that they are always audit-ready, and reducing the overhead that comes with each audit.