Kishor Vaswani, Chief Strategy Officer of ControlCase, sat for an interview with Aviva Zacks of Safety Detective. She had the opportunity to ask him how his company faces compliance challenges for its clients.
Safety Detective: What is ControlCase and what does the company do?
Kishor Vaswani: ControlCase is a global provider of certification, cybersecurity, and continuous compliance services.
- Certifications – Complying with regulations such as PCI DSS, ISO 27001, SOC 2 Type 2, HIPAA, and HITRUST helps companies not only find gaps in their security processes but also remediate flagged items; thereby developing and implementing the right security solutions for their environment.
- Cyber Security Services – These include the scans and tests required to not only achieve compliance with multiple regulations but to also assess the effectiveness of controls. This includes penetration testing, log monitoring, firewall reviews, and vulnerability management.
- Continuous Compliance Management – This service collects and analyzes data from a customer’s security controls i.e. log management systems, security scanners, asset inventory, and other security systems. The data is then monitored and evaluated on an ongoing basis to confirm the compliance posture of an organization in real-time. The deliverables include a “daily/quarterly” compliance status report that reflects data from all security controls and outlines remediation actions required to maintain compliance throughout the year.
SD: What makes ControlCase unique and sets the company apart from other service providers?
KV: ControlCase is unique for three main reasons:
- Our Partnership Approach – We are really committed to partnering with our clients, understanding their business requirements, and essentially helping them create, implement and maintain a security and compliance program that aligns with the overall business objectives. This in turn provides seamless, pain-free, and more effective audits.
- Automation Driven – ControlCase is committed to using smart technology to simplify processes and provide more accuracy and efficiency. Our IT compliance portal “SkyCAM” is an innovative technology that automates evidence collection, provides real-time dashboards/reporting, and becomes your “AI-Powered” predictive compliance engine.
- Continuous Compliance Management – ControlCase’s Continuous Compliance offering really provides visibility on compliance and security throughout the year. This means security and compliance become business as usual within an organization which ultimately cuts audit prep time by at least 70% and significantly lowers the risk of a data breach throughout the year.
- OneAudit – Assess Once, Comply with Many – Organizations are increasingly required to comply with multiple security standards and regulations. Managing these audits individually poses a number of challenges for a business; including repetition of efforts, managing multiple audit firms, increased costs, complexity, and time. The ControlCase One Audit solution enables organizations to perform a single audit and comply with multiple regulations.
SD: What types of industries use your services?
KV: Compliance is something that crosses several verticals and is a growing need. Some of our most important clients hail from the financial services sector, healthcare, retail, cloud service providers, BPOs, payments, and other service providers. In general, while the details of each type of compliance standard vary, the issues are similar, allowing us to be flexible and offer our services to just about any type of business or organization.
SD: What do you see as the main challenge in compliance today?
KV: The biggest challenge is that compliance, as a whole, is evolving rapidly. The amount of data, regulations, standards, and the number of elements involved is growing. Whereas just a decade or two ago, compliance could be implemented and maintained manually, today organizations are increasingly aware that manually implementing and supporting the compliance function simply won’t work – strategically using technology to automate security and compliance is the only answer. Additionally, compliance can no longer be a once a year activity for an audit; instead, security and compliance have to become part of the company culture and work seamlessly across the organization to protect the business.
SD: How do you see cybersecurity and compliance developing in the next five years?
KV: We believe Compliance as a Service (CaaS) will be as common and prevalent as any other IaaS, SaaS, Managed Services, where companies will look to hand over their compliance needs to subject matter experts to completely manage and provide the end results (certifications, attestations and reporting for Management). As the cybersecurity threat vectors change, so will the parameters of CaaS change and adapt to the new needs from cyber threats and new/updated regulations.
So in an effort to reduce operating expenses and hiring in-house expertise to manage compliance; organizations will completely outsource their compliance or cybersecurity needs and/or adapt to CaaS solutions, which will effectively provide their requirements, reduce costs, shift liability, be less resource-intensive and most importantly be timely in managing their compliance for regulatory or other needs.