StackRox Enables Multi-Cloud Kubernetes Security and Compliance for YayPay

FinTech leader deploys StackRox Kubernetes Security Platform to enable SOC 2 compliance and secure its containerized SaaS application running in AWS and Azure

MOUNTAIN VIEW, Calif. — October 16, 2019 StackRox, the leader in security for containers and Kubernetes, today announced that YayPay, the accounts receivables (AR) automation software provider modernizing the finance back office, has deployed the StackRox Kubernetes Security Platform for security and compliance of its container and Kubernetes applications. YayPay runs its SaaS platform – which uses AI to simplify invoice, communications, and collection processes – across AWS and Azure, and the StackRox platform is the company’s security and compliance standard across both public cloud platforms. YayPay chose StackRox for its next-generation Kubernetes-native container security platform, which delivers unparalleled advantages across all critical use cases.

“Kubernetes has enabled us to standardize how we build, deploy, and operate services across multiple cloud platforms,” said Tom Bartolucci, vice president of engineering, YayPay. “Out of all the container security platforms we evaluated, we chose StackRox because of its focus on both containers and Kubernetes. It’s important to our software developers and DevOps engineers that all the controls we apply through StackRox are native to the infrastructure so the security is built into our code, not bolted on. This approach gives us better uptime and performance and enables our secure multi-cloud strategy.”

According to StackRox’s State of Container and Kubernetes Security Report, Spring 2019, multi-cloud deployments are becoming increasingly common as businesses adopt containers and Kubernetes for flexibility, scalability, and portability. YayPay uses the StackRox Kubernetes Security Platform to address several security and compliance use cases, including:

  • Threat Detection – StackRox provides a combination of rules, whitelists, and behavioral modeling to automatically detect and mitigate threats at run time.
  • Network Segmentation – StackRox secures inbound and outbound communications between containers.
  • Simplifying SOC 2 Audits – StackRox enables automated audits that provide a record of compliance with the most widely recognized external security compliance frameworks in the United States, providing certainty that customer data is being managed securely and ensuring customer privacy.
  • HIPAA Compliance – StackRox automates checks for HIPAA violations, identifies gaps or non-compliance with controls, provides clear and detailed remediation information, and exports evidence of compliance ahead of audits.
  • PCI DSS Compliance – StackRox provides continuous standard-specific checks for Payment Card Industry Data Security Standard controls to highlight where systems are failing to comply to improve policy enforcement and mitigate customer-facing financial data risks.

“SaaS innovators like YayPay must demonstrate the security of their platforms and meet various regulatory requirements to win the trust of their customers,” said Kamal Shah, CEO of StackRox. “Using StackRox to rapidly show compliance with SOC 2, HIPAA, and PCI helps our customers build their business. Our Kubernetes-native architecture ensures those controls are native to the infrastructure and never compromise availability or reliability of the service for their customers.”

StackRox recently introduced a number of enhancements in the StackRox Kubernetes Security Platform to improve the protection of Kubernetes applications and deployments and to broaden the integrations and environments the platform supports. The new deployment and runtime controls allow customers to improve threat detection, vulnerability management, network segmentation, and configuration management as they build and scale their containerized environments. Recently added integrations and extensions include support for eBPF and GCOS; integration with Azure Container Registry; availability on AWS, GCP, and Red Hat OpenShift marketplaces; integration with Splunk, Sumo Logic, and PagerDuty; and Istio coverage. For more information, please visit


About StackRox

StackRox helps enterprises secure their containers and Kubernetes environments at scale. StackRox delivers the industry’s first and only Kubernetes-native container security platform that enables security and DevOps teams to operationalize security and compliance policies across the entire container life cycle, from build to deploy to runtime. StackRox customers span cloud-native companies, Global 2000 enterprises, and government agencies. StackRox is privately held, with headquarters in Mountain View, CA. To learn more, visit and follow us on Facebook, LinkedIn and Twitter.