Case Study
Compliance is easier with automation.
Learn how an F-500 company’s audit requirements were achieved in 2 weeks
1 min read
To achieve SOC2 certification requirements without downtime.
Regular security updates to Linux kernels without interruption.
The Client
Efinity is a software consultancy and development company with hubs in the US and the UK. They provide Quote & Bind systems for more than 20 insurance product lines.
Efinity deals with clients in 14 countries. This means that the system has to deal with a lot of data; much of it is personal data. The system must be watertight.
1,500+ enterprises trust TuxCare with their systems - see the list
The Problem
Efinity kept getting compliance questions from their customers in the light of big data breaches: did they have SOC2 certification?
Efinity knew they had to find a solution to a big problem to get certified and prove their excellent governance to their customers. Although they use clusters at the application level, their gateway and database nodes can’t be clustered. They run on CentOS, which requires around two or three critical kernel updates per month.
Top Obstacle
To get their SOC2 certification, Efinity would have to apply each update as soon as it was available, which would mean downtime for their customers because of reboots. They had no idea Linux kernels could be updated without rebooting, and they did not have the bandwidth to invest in more system admin resources. Still, they needed their servers to be compliant.
Result
Efinity reached out to TuxCare Live Pathing Services experts who helped them install KernelCare Enterprise. After a successful testing phase, they rolled this out to their production servers.
Two years on, Efinity remains fully compliant with SOC2. A considerable amount of risk and downtime was avoided by having KernelCare Enterprise installed during the emergence of the Zombieload and Spectre Linux vulnerabilities.
Click here for the full Case Study
© 2022 TuxCare, All Rights Reserved. TuxCare is a registered trademark of CloudLinux Software, Inc. and its subsidiaries in the United States and/or other countries