Great take! However, I wonder how you differentiate from platforms like Vanta? They already provide the monitoring and compliance framework you'll need anyway at some point.
Frankly (and I don't want to sound too negative here) I doubt that a "one click compliant infrastructure" can work without knowing anything about the use case / application / dependencies of a company. Remember, it's not just about your system, its also about the stack you're building with, so it's quite a complex problem to solve.
selinkocalar|2 years ago
We provide a similar compliance checklist to Vanta, as well as HIPAA-compliant infrastructure and technical configurations. We’ll set up your application on compliant infrastructure deployed in your cloud, integrate CI/CD pipelines, and provide real-time logging/monitoring. Providing the technical piece that's compliant out of the box lets you save weeks of manual work configuring it yourself and having Vanta's API integration/AWS audit manager check it.
We use terraform to automate the infrastructure deployment process in a modular fashion. When you deploy with us, we take a dockerfile and basic information about your infrastructure setup, such as your availability region, RDS configs, instance sizes, etc. to deploy your application. This lets us support a variety of use cases and needs.