Knowledge Tree
Back to Blog
2026-04-24Knowledge Tree Team9 min readProduct

SOC 2 Compliance Automation: How Knowledge Tree Keeps Your Infrastructure Audit-Ready

soc2compliancesecurityaudit

The Compliance Tax

SOC 2 compliance is expensive. Not the audit itself — the preparation. The real cost is the weeks of engineer time spent collecting evidence, documenting controls, and proving to auditors that your infrastructure is configured correctly.

A typical SOC 2 Type II audit cycle looks like this:

  1. Quarter 1: "We should start preparing for the audit." Nothing happens.
  2. Quarter 2: Panic begins. Engineers are pulled from feature work to document infrastructure.
  3. Quarter 3: The actual audit. Evidence requests arrive with 48-hour turnaround times.
  4. Quarter 4: Audit finishes. Documentation is immediately abandoned until next year.

The average company spends 3 months per year on compliance-related documentation. For a team of 5 infrastructure engineers, that's $225,000 in loaded cost — every year.

The Problem: Infrastructure Documentation Is Always Stale

SOC 2 auditors need to verify five trust service criteria:

  • Security: Are resources properly configured and access-controlled?
  • Availability: Is infrastructure resilient and monitored?
  • Processing Integrity: Are workloads running correctly?
  • Confidentiality: Is sensitive data protected?
  • Privacy: Are privacy controls in place?

Each of these requires evidence that your infrastructure configuration matches your documented policies. The problem is that documentation is a point-in-time artifact and your infrastructure changes continuously.

An EC2 security group updated on Monday makes your SOC 2 documentation from last week inaccurate. A new Kubernetes deployment without proper labels creates a gap. A developer who opens SSH to the world creates an instant control failure.

How Knowledge Tree Automates SOC 2 Compliance

Knowledge Tree's SOC 2 module transforms compliance from a periodic crisis into a continuous process.

Continuous Evidence Collection

Instead of manually collecting screenshots and configuration exports before an audit, Knowledge Tree continuously captures evidence from your infrastructure:

AWS Evidence:

  • VPC flow logs configuration per account
  • Security group rules and their last modification timestamps
  • S3 bucket policies and public access settings
  • IAM roles and their attached policies
  • CloudTrail enablement across all regions
  • KMS key rotation status

Azure Evidence:

  • NSG rules and effective security configurations
  • Azure Policy assignments and compliance state
  • RBAC role assignments for critical subscriptions
  • Key Vault access policies and soft-delete configuration
  • Network Watcher flow log settings

GCP Evidence:

  • VPC firewall rules and their targets
  • IAM policy bindings at project and resource level
  • Cloud Audit Logs configuration
  • VPC Service Controls perimeter configuration
  • Secret Manager rotation policies

Kubernetes Evidence:

  • Pod Security Standards (PSS) enforcement
  • Network policy coverage across namespaces
  • RBAC ClusterRole and Role bindings
  • Secrets encryption at rest (KMS provider)
  • Pod resource limits and requests

Real-Time Gap Analysis

The compliance module continuously compares your actual infrastructure against your declared controls. When a gap is detected, it's surfaced immediately:

$ kt-discover compliance check --framework soc2
Checking SOC 2 controls...

  [PASS] Access Control (CC6.1) - MFA enabled on 100% of accounts
  [PASS] Encryption at Rest (CC6.7) - EBS volumes: 100% encrypted
  [FAIL] Network Segmentation (CC6.6) - sg-web-prod allows SSH from 0.0.0.0/0
  [PASS] Change Management (CC8.1) - CloudTrail enabled in all regions
  [WARN] Data Retention (CC6.4) - 37 RDS snapshots > 90 days old
  [FAIL] Vulnerability Management (CC7.1) - 12 ECR images not scanned in 30 days

2 failures, 1 warning found. Remediation recommendations available.

Auto-Generated Audit Reports

When audit time comes, the report generates in minutes, not weeks:

reports/
  soc2-type-ii/
    access-controls.md         – IAM, SSO, MFA, RBAC configurations
    network-security.md        – Security groups, firewalls, network policies
    data-protection.md         – Encryption, key management, backup policies
    change-management.md       – Infrastructure change history and approvals
    incident-response.md       – Detected incidents and remediation timeline
    evidence-index.md          – Complete index with timestamps and resource IDs

Each report includes timestamps, resource IDs, and direct links to the evidence in your infrastructure — exactly what auditors need.

Mapping to SOC 2 Trust Service Criteria

Knowledge Tree maps discovered resources and configurations to specific SOC 2 criteria:

SOC 2 CriterionWhat Knowledge Tree Verifies
CC6.1 (Logical Access)IAM roles, security groups, network policies, RBAC bindings
CC6.6 (Network Security)VPC configurations, firewall rules, ingress/egress restrictions
CC6.7 (Data Encryption)EBS/EFS/S3/RDS encryption, KMS key rotation, TLS termination
CC7.1 (Vulnerability Management)Image scanning, patch levels, dependency versions
CC8.1 (Change Management)Resource modification history, drift detection, approval workflows
A1.2 (Environmental Controls)Multi-AZ deployments, backup verification, DR configuration

Real Scenario: SOC 2 Type II in Half the Time

A SaaS company with 200 employees needed to complete their first SOC 2 Type II audit. Their CTO estimated 3 months of preparation. They deployed Knowledge Tree's SOC 2 module instead.

What They Found

The compliance dashboard revealed:

  • 18 security groups with unrestricted outbound access (should be restricted by policy)
  • 7 S3 buckets with public read access (3 contained customer data)
  • No encryption at rest on 42 RDS instances (against company policy)
  • 4 Kubernetes namespaces with no network policies (potential lateral movement paths)

The Fix

The team used Knowledge Tree's remediation recommendations to fix each issue:

  1. Security groups were locked down using a new "default-deny" standard
  2. Public S3 buckets were identified, analyzed for data exposure, and remediated
  3. RDS encryption was enabled with automatic key rotation
  4. Network policies were deployed to all namespaces

Total engineer time spent: 4 weeks instead of 12. The audit passed with no major findings.

Getting Started with SOC 2 Automation

Knowledge Tree's SOC 2 module is included in the Business and Enterprise plans:

  1. Connect your infrastructure (cloud accounts, K8s clusters)
  2. Select framework (SOC 2 Type I, Type II, or both)
  3. Review gaps in the compliance dashboard
  4. Remediate with guided recommendations
  5. Generate reports on demand for auditors

The entire setup takes about 2 hours — less time than most teams spend on their first compliance meeting.

Ready to make SOC 2 compliance painless? Book a demo to see the compliance module in action.