ControlCase – Automating Compliance
With data security regulations becoming increasingly critical – especially with the upcoming General Data Protection Regulation (GDPR) – organizations and companies need solutions that can ensure compliance across their systems in order to function optimally. Kishor Vaswani, CEO of ControlCase, discusses what modern compliance is about and why automation is the only way forward.
Tell us about ControlCase and how you came to be involved in IT Security and Compliance?
ControlCase was founded in 2004 when IT security and compliance were relatively new. At the time, I was working with Ernst & Young and saw an opportunity to automate security and compliance using software, rather than doing it manually. Our goal was to build a company that would simplify compliance through the use of technology. Today, the company has grown to nearly 300 employees with offices around the world. We have a keen focus on automating IT security processes and providing peace of mind through our partnership approach.
There are many different types of security and compliance products on the market. What is unique about ControlCase?
ControlCase is unique for three main reasons:
- Our IT Governance, Risk Management, and Compliance Management portal provides customers with an efficient, real-time method of monitoring their organization’s compliance. Typically, when a compliance assessor is brought in, the process can be quite opaque, which is frustrating and, by definition, relies on a single snapshot of the data. Our portal enables customers to see exactly where things stand at any given time and at an incomparable level of detail – all gathered in an automated fashion with minimal effort from the customer.
- Our customer success management team (CSM) focuses on delivering extra value to our customers and advocating for their requirements within the organization. Our CSMs ensure that, as a company, we are accurately looking at the situation from the customer’s perspective and maintaining their ‘voice’ in the room in order to reach the optimal solution.
- As a company, we are committed to hiring the best people. Our experts typically have more than 10 years of experience in cybersecurity and function not just as assessors but as partners, to provide our customers with the best technical advice available.
What are ControlCases’ primary products and services? What value do you provide clients/customers?
Our offerings can be broken down into three categories: Assessments, Certifications, and Compliance as a Service (CaaS). Quite often, companies will know that they need to be compliant with IT regulations but they are not sure where they stand in relation to them.
Assessments help companies not only find gaps in their processes but also remediate flagged items; thereby developing and implementing the right solution for that environment.
Certifications help a company understand, through an audit, whether they are in compliance with a specific standard such as GDPR or PCI DSS.
Finally, to ensure that our customers remain compliant, we offer Compliance as a Service. Through CaaS, we implement automated monitoring to help companies evaluate themselves on an ongoing basis, even as standards change or are developed.
Can you discuss the types of clients you work with?
Compliance is something that crosses several verticals and is a growing need. Some of our most important clients hail from the financial services sector, healthcare, retail, and service providers. In general, while the details of each type of compliance standard vary, the issues are similar, allowing us to be flexible and offer our services to just about any type of business or organization.
Let’s take a step back for a moment. What do you see as the most significant challenges to compliance today?
The biggest challenge is the fact that compliance, as a whole, is evolving rapidly. The amount of data, regulations, standards, and the number of elements involved is growing. Whereas just a decade or two ago, compliance could be implemented and maintained manually, today organizations are increasingly aware that manually implementing and supporting the compliance function simply won’t work – strategically using technology to automate security and compliance is the only answer.