Opstream

Opstream revolutionizes the purchasing process for organizations through an intelligent intake and orchestration procurement platform. In order to gain customers’ trust in managing sensitive financial data, Opstream took a security-first approach from day one.

CHALLENGE

Technical expertise wasn’t enough

As CTO and Co-Founder at Opstream, Mor Cohen-Tal’s first priority was to build a product with a secure architecture that her customers could count on. Coming from the world of cloud architecture and cloud best practices, her technical knowledge was on point, but she soon realized that wasn’t the full picture. Opstream needed credible third-party evidence to demonstrate their security posture to prospective customers.

Mor determined that Opstream needed a SOC 2 Type 2 audit. Knowing time was their biggest resource, they wanted to do it as efficiently as possible, and contracted a vendor to help manage the process. Unfortunately, the first vendor they chose didn’t deliver on that efficiency. A year into the process, Mor made the difficult decision to switch providers.

SOLUTION

Partner with Thoropass for a seamless end-to-end compliance and audit experience 

With its holistic approach to security and compliance, a seamless platform, and hands-on support, Thoropass was the partner Opstream needed. Thoropass consolidated all aspects of the audit within its platform–from penetration testing to AWS connections to training. Best of all, Thoropass’s customer success and compliance experts kept Mor and her team on track.

RESULTS

Peace of mind and enhanced sales processes

Opstream passed their SOC 2 audit, giving Mor and her customers confidence in Opstream’s security stance. 

Those assurances have helped streamline Opstream’s sales process. When security questions arise, information security teams can easily review the reports in Thoropass and overcome that objection in seconds. 

FUTURE

An expanded view of compliance

Opstream continues to put security first, pursuing additional standards to meet customer demand like HIPAA and AI regulation. With Thoropass as a partner, Mor has expanded her view of compliance from a checkbox to a critical piece of her company’s brand. 

Partnership lightens the load: AWS

To build a truly comprehensive compliance program, it takes a village. Several solutions played a role in Opstream’s compliance journey, all from AWS. These include services like:

• EC2
• Elastic Beanstalk
• Aurora
• S3
• DynamoDB
• Lambda
• ALB
• WAF
• VPN
• Cloudwatch
• Cloudtrail
• Security Groups

The AWS Thoropass integration helps Opstream ensure that their systems are adhering to the best in class security standards on an ongoing basis. This not only helps them uphold their promise to customers, it reduces the need for periodical manual reviews which are both time consuming and insufficient.