Sister Company, CloudCover enables SOC2 compliant infrastructure for Zendesk  

Customer challenge 

Headquartered in California, Zendesk enables powerful, innovative customer experiences with its Customer Service Software. It serves over 100,000 customers across 160 markets. To democratize customer service software and make it easy to try, buy and use, Zendesk builds its product on an open and flexible platform that is quick to set up and fully customizable.  

Zendesk wanted to get their product certified for Systems and Organization Controls 2 (SOC2). They needed help with designing and setting up a highly available SOC 2 compliant infrastructure. This includes the migration of applications, as well as the management of infrastructure round the clock.

The environment has to be resilient and be able to respond quickly in the event of incident or disaster.

Proposed Solution

The CloudCover team first did a thorough assessment of Zendesk’s infrastructure to understand its pain points, needs, and requirements. Then, we helped Zendesk to design and implement controls, processes and infrastructure in a way that is SOC2 compliant. 

CloudCover also helped to migrate applications from their current AWS account to an SOC2 compliant AWS account. The team created end-to-end infrastructure and application deployment pipelines, and leverage Infrastructure as Code (IaC) modules to create and manage infrastructure with proper authorization mechanisms. This infrastructure is designed to be highly available and implements zonal redundancy to prevent zonal outage as part of disaster recovery solution. Uptime and service
availability are improved significantly by enabling end-to-end observability of their infrastructure. Security management processes were implemented to keep the vulnerabilities and patches updated.

CloudCover also helped Zendesk to document these processes and controls, as well as provide auditors with a walkthrough of the new SOC2 compliant infrastructure. Post-migration, CloudCover’s 24/7 support team actively monitors and manages Zendesk’s change requests and incidents.


Through this project, CloudCover created a SOC2 compliant infrastructure for SecureCloud for Zendesk, in addition to designing patterns and implementing pipelines for SecureCloud Infrastructure and Customer Application Instance deployment. AWS security services such as AWS Security Hub, GuardDuty CloudTrail, CloudWatch, and Config scan and discover the environment for any vulnerabilities and anomalies,
including providing auditable actions to the environment. Procedures for change management, patch management, code deployment, logging and monitoring, were also set in place.

The creation of various IaC modules enabled automated management of the infrastructure by leveraging AWS CodePipeline, enabling Zendesk to offload creation and management of SecureCloud infrastructure entirely to CloudCover. The automation also ensures the application readiness by performing performance and several types of automated testing. This allowed the Zendesk team to free up more time to focus on innovative tasks such as application development.

CloudCover delivers Site Reliability Engineering (SRE) practices to ensure the SLAs are not breached and the architecture keeps reliable and resilient. Zendesk retrieves regular reports of automation failure, ticket, and recommendation regarding performance, security, operational, and cost of the environment. Every ticket received will produce an incident or service request report which contains root cause, impact to any services, and resolution.


AWS Service: EC2, Auto Scaling, Aurora RDS, CodePipeline, Security Hub and Certificate Manager

3rd Party Services: Datadog, Pagerduty, Atlantis, Github Actions and ArgoCD