Greenlight Guru Optimizes its Regulatory Compliance on AWS with Lacework

Built on Amazon Web Services (AWS), Greenlight Guru provides quality management software as a service (SaaS) for medical device companies. To maintain high security standards for its customer data and keep pace with ever-changing regulations within the medical device industry, Greenlight Guru engaged AWS partner Lacework, a cloud-first, data-driven security platform that automates security at scale.

With a small team, a new round of seed funding, and a rapidly expanding customer base, Greenlight Guru needed to ensure that its internal information security system was operating optimally. After assessing its existing network/security monitoring and management systems, the company decided it was time to look for a better solution. These systems consisted mostly of network monitors, log watchers and support from some external partners, and while effective, they risked becoming increasingly inefficient, and difficult to maintain and monitor.

As a company operating within the medical device industry, additional concerns emerged about keeping up with the constant influx of new requirements from standards bodies and regulatory agencies so, Greenlight Guru decided to engage AWS Partner Lacework.

Following a smooth deployment that did not require any configuration, Greenlight Guru successfully replaced its multiple point security solutions with a single platform for cloud security and compliance across accounts, workloads, containers, and AWS environments. Greenlight Guru can better manage risk from vulnerabilities and misconfigurations while continuously monitoring cloud account activity and workload behavior. This powerful monitoring extends from build to runtime, enabling faster incident response, containment, and investigation. With Lacework, Greenlight Guru is empowered with actionable threat intelligence that identifies malicious activity and mitigates risk as it’s introduced into its environment.

Greenlight Guru Chief of Security David Odmark expounds on the process of transitioning to Lacework services and solutions on AWS, “Our transition to Lacework was super smooth. Lacework promises zero configuration and we found that to be the case. With any anomaly that we had, we had instant feedback on what went wrong and how to properly address it.”

Lacework has become essential to Greenlight Guru’s operations and performance for customers. The company also uses the Amazon EventBridge and the infrastructure as code services in its pipelines.

Lacework on AWS has provided Greenlight Guru with an approach to security and compliance management that is efficient, scalable, and seamlessly integrates into existing DevSecOps workflows.

Due to the nature of its industry, Greenlight Guru faces frequent site audits and must meet the highest standards for customer data security and protection. With its comprehensive approach to data security and breach prevention, Lacework has bolstered peace of mind for the Greenlight Guru team and its customers alike. With Lacework, Greenlight Guru can easily show its customers evidence trails, enabling them to quickly assuage concerns and effectively demonstrate the active presence of regulatory measures and security protocols for all client assets.

Lacework helps with audits by easily providing a comprehensive view of Greenlight Guru’s environment and mapping specific controls, like ISO 27001, to cloud security controls monitored by Lacework. The Greenlight Guru team can run reports at any time, over different periods of time, to review compliance against their environment. This informs their team of compliance drifts that need to be reviewed, investigated, and remedied. Greenlight Guru can prevent issues and reduce evidence gathering time before audits happen with a consolidated view from a single platform. Enhanced visibility for Greenlight Guru is also supported with AWS CloudTrail.

Odmark elaborates, “Lacework is set up with a regulatory environment in mind and it’s a very data-driven solution. We’re able to actually show our customers our responses to events in the environment in real time. It’s a tremendously important part of our data security toolkit.”

Lacework provides continuous monitoring throughout Greenlight Guru’s environment so it can detect and address risk to its business from build time through runtime. This helps the Greenlight Guru team remain alert to anomalous activity and respond quickly to events, without requiring excessive manual investigation. “Our security programs require measurement against a number of compliance systems, voluntary standards, and industry benchmarks. Lacework helps us manage these metrics in a central location alerting us to changes as they occur,” explains Odmark.

Greenlight Guru is armed with a layered approach to security that identifies attacks at the start and alerts the right team members when something falls out of compliance with the context-rich recommendations for effective remediation.

By categorizing events across the Greenlight Guru environment as high, medium, or low alerts, Polygraph® Data Platform from Lacework optimizes the security management process, allowing for a more efficient and productive workflow across the organization. The platform builds a baseline understanding of Greenlight Guru’s unique environment to determine what is normal behavior at any given time so that deviations can be detected, without a preset list of rules, and alerts can be sent to the team. These alerts empower Greenlight Guru to see and understand cloud changes at scale. Greenlight Guru has implemented internal policies and automation around these alerts, which also helps to standardize team security protocols and responses.

A team of three at Greenlight Guru can successfully run its security operations while tackling other responsibilities.

“The Lacework platform takes care of all the heavy lifting. This means that our team can concentrate on other important activities at our company and other aspects of security. This is hugely valuable,” says Odmark.