CloudCheckr brings total compliance and cloud security to CloudChomp by continuously monitoring their Amazon Web Services (AWS) infrastructure for compliance with 35 major regulatory standards. The high level of assurance that CloudCheckr provides has enabled CloudChomp to grow its business by 300% and obtain two AWS competencies within a six-month period. CloudChomp is a cloud migration solutions provider that helps businesses execute right-sized, cost-effective migrations to AWS.
CloudChomp, Inc. is a cloud migration tools company that helps organizations take a bite out of 21st century computing and IT costs by turning bits and bytes into dollars and cents. The company began when the founders, two veteran software executives, recognized the need for simpler, more cost-effective migrations to Amazon Web Services (AWS). CloudChomp was founded with the explicit mission of accelerating right-sized migration to AWS and eliminating the waste associated with manual and expensive assessment processes.
With a background in regulatory compliance, co-founder and CEO David Pulaski knew the importance of having compliance tools built into CloudChomp’s infrastructure. CloudCheckr was the right choice for the job and has helped CloudChomp achieve several business objectives.
Building a Compliant & Secure Foundation
CloudChomp has incorporated CloudCheckr into its infrastructure since Day One. Before founding CloudChomp in 2016, Pulaski had worked in the regulatory compliance space for more than a decade through messaging and email archiving. From the start, he knew that compliance and security were “job one.”
When we originally built our infrastructure and application, which was born in the cloud and AWS, CloudCheckr and its security and compliance tools have been by our side.
Non-compliance poses a serious risk for businesses, especially those in highly regulated industries like finance and healthcare. If a data breach resulting from non-compliance occurs, the business stakeholders involved could face fines and, in some cases, end up in prison. The fines alone can be catastrophic, even for large global organizations. Some of the highest data breach fines and class action lawsuit settlements, according to CSO, include those for Uber ($148 million), British Airways ($230 million), and Equifax (at least $575 million). Using a solution that detects and fixes compliance vulnerabilities can provide reassurance and peace of mind for businesses in highly regulated industries.
CloudCheckr helps ensure that CloudChomp remains 100% compliant and that they can maintain that assurance. CloudCheckr’s Total Compliance module continuously monitors infrastructure for compliance with 35 major regulatory standards, including HIPAA, PCI DSS, CIS, NIST, SOC2, and more. If a problem arises, CloudCheckr Self-Healing Automation fixes the issue without the need for manual intervention. Users can then review a detailed log with historical details and remediation notes for third-party auditors.
Compliance, says Pulaski, is “a fundamental part of the requirements of our infrastructure” —not something to deal with later. CloudCheckr made maintaining compliance simpler and more cost-effective for CloudChomp.
The things that CloudCheckr is providing with compliance tooling, these are not optional tools
Native tools in AWS can give organizations what they need for compliance. However, says Pulaski, “it’s not always easy to figure out that you’ve actually done the work and that you’re maintaining that work. By using a tool like CloudCheckr, it gives us that ability to do that.”
“CloudCheckr is not just helping us meet the required needs of our customers but helping us stay ahead so that as we acquire new customers, they’re walking into an infrastructure that is already set and ready for us to conduct business.”
- David Pulaski, co-founder and CEO of CloudChomp
Serving Customers in Regulated Industries
CloudChomp’s customers operate in many highly regulated industries, including finance, insurance, government, healthcare, and energy. With such a broad range of compliance requirements to monitor, Pulaski says it would be “virtually impossible” to do so without a tool like CloudCheckr.
Over one-third of our business today is in strictly regulated industries. CloudCheckr gives us the ability to maintain compliance across all of those regulatory bodies through one expert tool.
Pulaski says it was the work with state and local governments, in particular, that kept total compliance top-of-mind for CloudChomp. Many states have their own requirements for information security and have created programs similar to FedRAMP, a federal program that standardizes cloud security. CloudChomp worked with the state government in Arizona after they went through their own program, AZRamp, to enhance data security. With CloudCheckr in place, CloudChomp can also monitor cloud security against standards from NIST, the Cloud Security Alliance, and other state and federal regulatory bodies.
The Challenges of a Growing Company
With 35 regulatory standards covered by CloudCheckr, CloudChomp’s leaders are confident that they can ensure compliance for new customers in other industries. This reassurance plays a key role in the company’s rapid growth over the past four years.
If we get a customer in a new industry, there’s a darn good chance that we’re already where we need to be,” Pulaski says. “CloudCheckr is not just helping us meet the required needs of our customers but helping us stay ahead so that as we acquire new customers, they’re walking into an infrastructure that is already set and ready for us to conduct business.
Cloud security and compliance, powered by CloudCheckr, are a trusted resource for CloudChomp’s DevOps team. Administrators use CloudCheckr to optimize spend and billing, manage AWS configuration across all regions, review CloudTrail logs, and set AWS Identity and Access Management (IAM) policies.
The latter is especially crucial, says Pulaski, because CloudChomp has seen annual growth of about 300% every year since the company was founded. Being able to develop granular user permissions and other identity-based policies is a key advantage in managing this growth.
Two AWS Competencies in Six Months
CloudChomp has been working toward earning AWS Competencies. Meeting these rigorous standards, guided by the AWS Well-Architected framework, is something that only a select number of cloud services companies have done. Within just six months, CloudChomp obtained two: the AWS Migrations Competency and the AWS Microsoft Workloads Competency.
Before 2019, Pulaski says, “we hadn’t acquired an AWS Competency, and within the last six months, we were able to gather two. A lot of that had to do with meeting the requirements of the Well-Architected Review, which would have been very difficult without CloudCheckr.”
Amazon’s framework is constantly evolving as their technology evolves, and it requires you to continually revisit CloudCheckr to continue to maintain a high standard for security and compliance.
These accomplishments are all part of CloudChomp’s strategy for growth. With tools like CloudCheckr in place, Pulaski explains, CloudChomp can avoid having to hire expensive consultants to make sure the fundamentals of security and compliance are met “because CloudCheckr does that for us.”
In addition, CloudCheckr total visibility cloud management has helped the company earn several AWS Competencies, which is why customers like CloudChomp depend on them.
Get Total Compliance with CloudCheckr
Where CloudChomp covers pre-migration planning, Pulaski says that they recommend CloudCheckr for customers looking for a post-migration solution.
There’s a clear leader in that space of post-migration right-sizing, tooling, security, and compliance and that’s CloudCheckr.