Security & Compliance

Security without slowing business velocity

Design and implementation of cloud-native security controls. PCI, ISO, SBS compliance embedded in the pipeline.

Free security audit See cases

In regulated Latin American enterprises (FSI, healthcare, retail with payments), security is mandatory. We implement cloud-native controls compliant with PCI-DSS, ISO 27001, SBS regulations and zero-trust practices, while keeping your dev team's velocity intact.

What you get with Caleidos

Shift-left security

Automatic pipeline controls: SAST, DAST, container scanning, secrets scanning with Akeyless. Block insecure builds before prod.

CSPM with Cortex Cloud (formerly Prisma Cloud)

Real-time security posture across all your cloud accounts. Drift detection, non-compliant resources, automated remediation.

Identity management

Least-privilege IAM, AWS SSO, forced MFA, automated credential rotation with Akeyless.

Auditable compliance

Mapping to PCI, ISO, SBS controls. Automated evidence for audits.

AWS Network Firewall + centralized Egress VPC

Secure Internet egress with AWS Network Firewall in high availability (2 endpoints across distinct AZs), dedicated Egress VPC centralizing traffic from all AWS accounts, policies with allow-lists, malicious GEO/IP blocking, DNS filtering and port control. Complies with SBS Resolution 504-2021 for Peru FSI. Add-ons: Advanced Inspection (TLS, Suricata IPS, malware/C2 category blocking) and DRP region deployment.

Featured case

Automotive importer in Peru

DevSecOps over 18 workloads

We implemented dedicated AWS accounts (QA, DevOps, Logging, Audit), centralized AWS Organizations, least-privilege principle. DevSecOps pipelines on 18 workloads with code quality visibility.

Read full case →

Tech stack

Palo Alto Cortex Cloud (CNAPP, antes Prisma Cloud)Thales (HSM)WafCharmAkeylessAWS WAFAWS Network FirewallAWS GuardDutyAWS Security HubAWS OrganizationsAWS ConfigAWS CloudTrailSuricata IPS
Frequently asked questions

What we get asked the most

Do you comply with FSI regulations?

Yes. We implement architectures aligned with the financial regulations of each country our clients operate in (Peru, Chile, Ecuador, Costa Rica, United States), mapped to international frameworks such as NIST CSF, ISO 27001 and PCI-DSS. We support payment processors, digital banking, AFP and insurance enterprises with monthly real audits and automated evidence for local regulators.

Do you implement AWS Network Firewall?

Yes. It is one of our standard offerings for FSI: dedicated Egress VPC, 2 endpoints across distinct AZs for high availability, allow-list policies, malicious GEO/IP blocking, DNS filtering and port control. Logs to CloudWatch or S3, IaC with Terraform or CloudFormation, AZ failover testing. Optional: Advanced Inspection (TLS Inspection with selective decryption, Suricata IPS rules, malware/C2 category blocking) and mirrored DRP region deployment.

How do you manage secrets and credentials?

Akeyless or AWS Secrets Manager per case. Automated rotation, audit logs, CI/CD integration so credentials remain encrypted and hidden from developers. Zero secrets in repos.

Do you do pentesting or ethical hacking?

For offensive pentesting and ethical hacking we work with specialized partners (OSCP/OSCE certified red teams). Caleidos focuses on secure architecture + remediation: we take the ethical hacking findings and close them in your AWS stack with cloud-native controls, IaC and DevSecOps pipelines. We coordinate with your preferred pentester or recommend partners depending on scope (web, mobile, infra, cloud).

Ready to get started?

Tell us about your challenge. No pitch, no commitment. Just understanding.

Free security audit