Thank you for Subscribing to CIO Applications Weekly Brief
CIO Applications Weekly Brief
Be first to read the latest tech news, Industry Leader's Insights, and CIO interviews of medium and large enterprises exclusively from CIO Applications
Thank you for Subscribing to CIO Applications Weekly Brief
Vanta started its journey by assisting companies to automate security monitoring for compliance certification SOC 2—a commonly accepted security standard in the U.S. Later, it spread wings in the HIPAA and ISO 27001 compliance certification space. “We envision restoring trust in internet business by allowing organizations to prove their security and compliance posture to existing customers, prospects, and partners,” says Matt Spitz, Head of Engineering at Vanta.
In an interview with CIO Applications, Spitz shares his insights on how their platform relieves businesses from collecting hundreds of pieces of evidence to prove they are compliant and makes it easy to craft policies, establish controls, and collect the evidence.
What challenges do businesses face during compliance audits, and how does the Vanta platform help them overcome those?
Businesses struggle owing to the manual efforts involved in gathering evidence for auditing and collecting huge amounts of information to prove security. Security doesn’t really scale down, which means that many of the things larger, 2000+ companies do are the same things smaller companies should be doing. These are things such as ensuring that all of your assets are maintained and monitored, ensuring that employee laptops have their hard drives encrypted, ensuring that email information is protected by mandating two-factor authentication in order to log into it, ensuring that there are no packages with known vulnerabilities installed in your servers, and so on. But as a result of the amount of effort it takes to monitor a large surface area manually, many small companies often skip several of these steps.
We automate the evidence gathering to help clients ensure they stay compliant with all the stringent regulations while bypassing all the manual heavy-lifting. We have a set of best practices and security that includes every aspect required for auditing. Our experts teach and train clients how to practice better security, and then we help them automate the process to remain compliant over time. Our platform integrates with clients’ existing services such as task trackers, identity solutions, and cloud services. We then run hourly tests on these integrations to ensure clients’ data stays safe and they comply with best practices and security policies. This provides a single view of their organization’s security posture and empowers them to practice better security.
We envision restoring trust in internet business by allowing organizations to prove their security and compliance posture to existing customers, prospects, and partners
Our platform obtains read-only access to clients’ infrastructure providers, cloud identity providers, HR integrations, task offers, and many other SaaS tools. We log into those services, pull information about the configuration of services, and run tests against it to notify clients in real-time about their security posture. For example, if a client misconfigures their multi-factor authentication or an individual employee at that firm turns it off, we inform them within an hour. They do not need to wait for traditional auditing workflows that typically occur once a year to get an update of their security posture. We can alert them right away and help the business take action to remediate the issue. We also offer a few guidelines and instructions to help companies improve their security posture.
Could you share a customer success story with us?
We worked in liaison with Nayya to help them achieve both SOC 2 and HIPAA compliance simultaneously. Since these are complicated standards, Vanta guided them throughout the process, connected them with an auditor, and enabled them to be properly audited and be compliant. This enabled the client to unlock more significant deals and work with large enterprises, which they couldn’t do before receiving compliance certifications. Another client is Notion that used Vanta for their security program, even before they pursued compliance certifications. We helped them to be confident in their security posture. Later, when they decided to pursue their SOC 2 certification, they had already laid all of the groundwork to do it seamlessly.
What are the factors that give you a competitive edge over other market players?
Our deep connection in the auditor network, expertise in the compliance space, and automation allow us to help businesses’ achieve SOC 2, HIPAA, or ISO 27001 certification. The longer-term value that Vanta offers is that this continuous security monitoring, which is used for evidence gathering in the context of an audit, helps to keep a company secure even outside of an audit window. We also offer continuous security monitoring that is used for evidence gathering for auditing.
How has Vanta helped companies stay secure during the COVID-19 pandemic?
When COVID-19 forced organizations to adopt remote working or work from home model, the security of assets became even more crucial. Companies needed to ensure proper security on mobile devices outside the office network. They had to ensure that hard drives are encrypted, the workforce is using the proper protocols for transmitting company data, and the right individuals have access to the right information. We help clients implement better security practices in a remote world and resolve their security issues in a hypothesis-driven way.
What does the future hold for Vanta?
Many cyber incidents over the years have proven how unsafe data is on the internet. We hear about a data breach or a ransomware attack every now and then. These data breaches take place due to relatively simple misconfigurations that leak confidential information on the internet. For example, an individual—who’s left the company six months ago still has access to the key system’s code—and might misuse it. Vanta provides companies the power to automate all the security workflows. And, moving ahead, we will pay even more attention to the security aspect. Driven by our mission of securing the internet and protecting consumer data, we continually empower companies to deploy advanced security policies and practices. We will also add different integrations to ingest more data and allow more tests and analysis on these integrations.
By continually expanding our automation of security coverage and creating incentives for companies to practice better security, we can secure consumer data and make the world a safer place.
I agree We use cookies on this website to enhance your user experience. By clicking any link on this page you are giving your consent for us to set cookies. More info