Theta Lake – Video Compliance Tech Innovator Ensures Compliance of Its Own Software with Aqua

With the use of video marketing, video conferencing, video chat, and audio calls skyrocketing along with the intersecting increase in MiFID II, FCA, GDPR, FINRA, FFIEC, and similar regulatory requirements for communication compliance that include video monitoring and call recording, efficient communication compliance is increasing in complexity.

Theta Lake provides a purpose-built compliance product suite for automatic policy detection of regulatory risks, compliance workflow, and archiving for video marketing, video conferencing, and audio recordings. The Theta Lake suite detects risks in audio, visual, document, spoken, shown, and shared content in audio and video content.

As a technology vendor focusing on compliance, Theta Lake must itself comply with the highest standards of security and compliance. As a “born in the cloud” company, Theta Lake has based its development and architecture on containers and runs much of its service and AI processes on AWS cloud.

Theta Lake uses open source components in its container images, including OS packages, and wants to be sure its software supply chain is free of known vulnerabilities, while also ensuring that its CI/CD pipeline and registries are secure, enabling only trusted images to be used.

The company also wanted to continuously monitor the security posture of its container deployment, be alerted on any newly discovered vulnerabilities found in running containers, and attain a full audit trail of security and compliance events, such as vulnerabilities discovered, user access events, and security policy violations.

Having tested various commercial solutions and open-source tools, Theta Lake chose the Aqua Container Security Platform to secure its container image development pipeline and runtime environments.

Aqua’s compatibility and tight integration with many AWS container services were key considerations, as well as the solution’s availability on the AWS Marketplace and the ability to use it on demand.

By using the Aqua platform, Theta Lake was able to quickly integrate security into its container-based development pipeline, and at every stage from image build to container deployment and runtime:

• Scanning CI/CD builds for known vulnerabilities, embedded secrets, malware and open-source licensing issues
• Continuously scanning image registries for newly discovered vulnerabilities
• Image assurance policies that enable the use of trusted images and prevent risky or unknown images from running
• Real-time monitoring and audit events of any suspicious container activity, new vulnerabilities, host login attempts, and more.

Theta Lake manages its development on AWS, using Amazon ECR (Elastic Container Registry) and Amazon ECS (Elastic Container Service) to orchestrate and manage its workloads, as well as Amazon CloudWatch. 

Aqua’s offering on AWS Marketplace allowed Theta Lake to use Aqua on-demand and be billed via the company’s monthly AWS bill.

By using the Aqua platform, Theta Lake can ensure the compliance and security of its software, with real-time visibility into the status of its development pipeline posture, and quickly being alerted and fixing any issues that stem from vulnerabilities, misconfigured images, secrets exposure, and other issues. Benefits include:

• Continuously apply and enforce compliance and security policies
• Monitor and prevent unauthorized access to its containerized environment
• Document and report on its ongoing compliance to customers and auditors