Since implementing Conformity, XSOLIS has seen several business improvements. “As we grow and scale, it’s vital for us to be much more proactive, especially when it comes to the way we manage our AWS infrastructure,” said Evans. “The near real-time alerts we get, both through individual alerts and more generalized reporting, allow us to proactively identify areas of opportunity.” Further, since Conformity maps to the AWS Well-Architected Framework, it provides insight into how well XSOLIS rates on each of the framework’s five pillars (operational excellence, security, reliability, performance efficiency, and cost optimization). XSOLIS has seen anywhere from a five to fifteen percent increase in most of those areas, including a reduction in costs. There have been internal benefits as well. For example, when the XSOLIS team wants to conduct a risk assessment, they can now easily pull inventory from all their environments and print it out as a CSV file instead of having to go into each account and gather it manually, saving time and money. Conformity is also helping XSOLIS improve its infrastructure as it moves some legacy architecture into more modern frameworks.
While compliance and audits are a large part of every company’s journey, they’re particularly important for XSOLIS now as the company pursues HITRUST certification, which validates an organization’s compliance with HIPAA privacy and security standards. To achieve HITRUST certification, XSOLIS must comply with 462 controls, demonstrating on a regular basis, through documentation and processes, that it is actively monitoring and managing compliance. Conformity is an important component in achieving HITRUST certification, supporting documentation discovery, and monitoring and alerting enforcement of certain controls. XSOLIS also plans to add the Conformity Template Scanner, enabling the company to run Conformity Rules on its AWS CloudFormation templates, Conformity profiles, and accounts as an additional means of assessing risks, keeping risk levels low, and improving overall security posture.