Contact Sales

DevSecOps and Cybersecurity Compliance Automation: Microsoft

FalconRock-microsoft scaled 1

Background

Microsoft engaged StonyPoint to enhance its DevSecOps pipelines for Azure products and to automate compliance processes. The project aimed to improve software quality, manage software supply chain risks, and ensure compliance with Sarbanes-Oxley and NIST cybersecurity frameworks.

This engagement not only improved Microsoft’s DevSecOps and compliance processes but also demonstrated StonyPoint’s capability to deliver complex automation solutions, ensuring regulatory compliance and enhancing product quality.

Challenges

  • DevSecOps Integration: Automating the DevSecOps pipelines for Azure products, including DST scanning and software supply chain risk management.
  • Compliance Automation: Building an automated compliance model for Sarbanes-Oxley, managing over a trillion dollars in assets globally.
  • NIST Cybersecurity Compliance: Reverse mapping 1,700 security controls to ensure Microsoft Azure products met NIST cybersecurity standards.

Solution

Led implementing a comprehensive plan to address these challenges, including:

  • DevSecOps Automation: Implemented automated processes for bill acceptance, DST scanning, and software supply chain risk management using proprietary Microsoft tools.
  • Sarbanes-Oxley Compliance: Developed an automated tagging and remediation process for access certifications and attestations using Terraform and Python scripting. This ensured compliance within the required six-month window.
  • NIST Compliance Mapping: Conducted reverse engineering of 1,700 security controls to align Microsoft Azure products with NIST cybersecurity framework version 6.0. This involved identifying security gaps and formulating a product roadmap to address deficiencies.

Tangible Outcomes

  • Enhanced Software Quality: Delivered a solid software product through automated DevSecOps processes, improving overall quality and security.
  • Compliance Achievements: Successfully automated Sarbanes-Oxley compliance processes, ensuring timely access certifications and attestations.
  • NIST Compliance: Achieved compliance with NIST cybersecurity standards, resulting in significant product enhancements and feature updates for Microsoft Azure products.
  • Operational Efficiency: Streamlined compliance and security processes, reducing manual efforts and improving efficiency.