PolarSeven partnered with Yarno, an Australian SaaS company specialising in microlearning, to achieve SOC 2 Type 2 certification and implement an AWS Well-Architected framework, enabling secure scaling and robust compliance with industry standards.

Client Situation

Yarno, a growing SaaS company in the microlearning space, recognised the need to strengthen its cloud infrastructure to meet industry security standards and customer expectations. Operating in a competitive landscape, Yarno needed to ensure robust compliance with SOC 2 standards while optimising scalability and reducing operational overhead.

Questions Answered:

  • Yarno’s IT infrastructure required more comprehensive security measures necessary to meet SOC 2 compliance.
  • Their cloud environment was managed without preventive guardrails, increasing the risk of non-compliance.
  • Yarno’s focus on innovation meant they needed a secure platform that would allow them to scale without diverting resources from their core business.

Their Challenge

As customer expectations for data security and privacy grew, Yarno faced the challenge of demonstrating compliance with stringent SOC 2 Type 2 standards. Their previous setup lacked account separation, efficient provisioning, and automated compliance monitoring, which introduced risks and inefficiencies. Additionally, Yarno sought to align their cloud environment with AWS best practices to create a scalable and secure platform.

What They Needed

Yarno required a solution that would:

  • Meet SOC 2 compliance criteria to build trust with their customers.
  • Implement AWS Well-Architected Security Pillar best practices to reduce vulnerabilities.
  • Enable automated monitoring and reporting for ongoing compliance efforts.
  • Provide account separation, secure access, and robust security guardrails to streamline cloud management.

What We Did

PolarSeven worked closely with Yarno, AssuranceLab, and Drata to deliver a comprehensive, security-focused solution:

  1. Landing Zone Deployment with AWS Control Tower:
    • Created separate accounts for production and development environments using AWS Organizations, adhering to the principle of least privilege.
  2. Account Factory Setup:
    • Implemented Account Factory to standardise account creation with pre-approved configurations, reducing manual effort.
  3. Single Sign-On Integration:
    • Centralised access management by integrating Yarno’s G Suite as the identity provider.
  4. Security Guardrails:
    • Deployed preventive and detective guardrails to monitor non-compliance and block unauthorised actions, with alerts routed to AWS Security Hub.
  5. Enhanced Security Features:
    • AWS Macie: Identified S3 bucket encryption and accessibility risks.
    • Amazon GuardDuty: Monitored for malicious activity.
    • AWS IAM Access Analyzer: Detected resources shared with external entities.
    • AWS Firewall Manager: Centralised firewall rule management.
    • Amazon Detective: Enabled rapid investigation of security incidents.

What Outcomes They Enjoyed

  1. SOC 2 Type 2 Certification:
    • Yarno achieved certification, demonstrating a strong commitment to data security and privacy.
  2. AWS Well-Architected Security Compliance:
    • PolarSeven ensured Yarno’s infrastructure aligned with AWS best practices, laying the groundwork for future growth.
  3. Scalable, Secure Cloud Platform:
    • Yarno now operates with a platform designed for both security and scalability, significantly reducing the time spent managing their cloud environment.
  4. Customer Confidence:
    • Achieving SOC 2 compliance improved customer trust, enabling Yarno to expand its client base with confidence.

Contact us

Phone: 1300 659 575
Email: hello@polarseven.com
Address: Level 2/13/15 Wentworth Ave, Sydney NSW 2000
Website: www.polarseven.com