In the 2020s, virtually every company has become a technology company, and each employee is using a number of digital systems — most of which are built by third parties — to get their work done. The risks posed to organizations’ assets and enterprise value have grown exponentially and are ever-changing. With that in mind, the way security assurance work gets done has to evolve to keep up with the risks organizations are facing.
Here’s the philosophical underpinning for our company and product vision: We believe that security and compliance professionals need to take a consistent and rigorous approach to security assurance work. A large part of this work involves:
- Educating company stakeholders so they understand their individual responsibilities in managing security risks and addressing compliance issues.
- Driving accountability for security and compliance tasks into business units, IT, engineering, and product development teams. After all, security incidents and compliance violations often happen not because there weren’t sound policies in place, but because employees didn’t consistently follow the policies and procedures their security and risk management teams designed.
Automating as much work as possible through technology is another critical component. With a worldwide growing shortage of cybersecurity talent, organizations simply can’t hire their way out of security problems.
The problem we’re tackling is a big one. It requires a holistic approach that,
- Creates innovative tools for getting security assurance work done
- Works in close collaboration with the CPA/Auditing and MSSP communities who are on the frontlines working with companies every day
- Being responsive to the needs of security and compliance practitioners in our community.
Here’s what Hyperproof is doing on those three fronts.
1. Hyperproof’s Product Vision for the Future of Security Assurance
Here at Hyperproof, we’re building tools that help security and compliance professionals automate security compliance work, collaborate effectively with stakeholders across their organization, and drive accountability for security further into business units, IT, engineering, and product development teams.
Unlike other GRC software, Hyperproof is 100% focused on helping organizations manage their risks and compliance programs consistently and efficiently day in and day out. Hyperproof is building the first operations platform specifically for security assurance and compliance work. When we say Hyperproof is a Compliance Operations Platform, we mean that it is:
Supports any cybersecurity, data privacy, and risk management framework you want to use.
Hyperproof helps you adhere to any framework, standard, or regulation of your choosing, and it grows with you. Hyperproof currently supports 40+ cybersecurity, data privacy, and risk management frameworks by providing quick-start templates within our platform. We also allow you to quickly import an existing custom program into Hyperproof and manage it there.
A platform that’s easy for everyone to use, not just compliance professionals.
Many stakeholders in an organization have to perform certain security and compliance tasks on occasion (a few times a year). They don’t have time to learn a new tool, and they have limited bandwidth to dedicate to compliance work. Hyperproof has native integrations to many popular communications and project management applications — so stakeholders can participate in security/compliance tasks in the tools they already use.
Enables control operators to manage their own work
Using Hyperproof, compliance and security professionals can effectively drive accountability to business unit stakeholders — which is critical as an organization grows.
Hyperproof is built so that control operators across a business– IT managers, engineers, product managers, HR reps –can effectively do their part in protecting their organization. Hyperproof makes it easy for compliance professionals to know what controls exist within their organization, implement new controls and assign controls to people outside of the compliance function to manage. Automated alerts and reminders to review controls can be set up. Hyperproof takes over the job of reminding control owners to perform specific tasks.
By using Hyperproof, compliance professionals can see their organization’s compliance posture at all times, know whether controls are operating effectively and whether people are performing the tasks they’re supposed to and follow up with individuals to drive tasks to completion.
Makes evidence management a smoother and more efficient process
One of the biggest challenges compliance professionals face today is evidence management. When people use spreadsheets, cloud-based storage systems, and email to manage their compliance program, collecting and managing evidence for different security audits and assessments is a manual, tedious, and extremely time-consuming process — a drag on productivity and potentially damaging to customer trust.
Hyperproof’s compliance operations platform provides a highly intuitive way for all stakeholders to gather and manage evidence, access that evidence as needed, and leverage it for multiple purposes (e.g., to pass more than one security certification assessment).
Automates evidence collection, evidence testing, and control monitoring
Hyperproof integrates with over 20 services across cloud storage, cloud infrastructure, DevOps, security, networking, and business applications, and you can configure Hyperproof to automatically collect evidence from these systems on a cadence or on-demand. With Hyperproof you can automate the collection of backup settings, encryption settings, access groups, lists of users, code change management evidence, and more. All proof comes with meta-data, such as where it comes from, a timestamp, the user who set it up, etc., so auditors trust that the evidence is credible.
2. Hyperproof’s approach to working with CPAs and Managed Security Service Providers (MSSPs)
We know that it takes a village to help organizations build, evolve, and mature their security and compliance practices. We view CPA firms with a focus on IT governance and compliance, MSSPs, and security advisory services firms as key partners with us on this journey, because they’re on the frontlines of working with organizations. Since the founding of Hyperproof, we’ve worked closely with the audit and MSSP communities to learn about their needs, their clients’ needs, and how they view the future of the industry.
At this time, dozens of reputable IT Auditors, Security/IT Compliance assessors, and Managed Security and Compliance Services Providers have chosen to partner with Hyperproof because they believe in our vision for compliance operations, see the value of our products, and like the way we work with them to deliver new solutions for their clients.
“We were selected to become this one client’s SOC services provider. The client mentioned that part of the decision was related to our partnership with Hyperproof and our ability to work collaboratively with Hyperproof in the future,” says Kirt Seale, Principal, Advisory Services, Grant Thornton.
Some of the names you may be familiar with among our partner community include Grant Thornton, Bonadio Group, Schellman & Company, OCD Tech, and Omnistruct.
3. Hyperproof’s approach to listening to customers
To deliver great value to our customers, it’s critical that we stay attuned to the needs and wants of security and compliance practitioners in the industry. Listening to customers is a core part of our DNA. Our customers tell us they’re impressed with how much we listen to them and how quickly, and how well, we incorporate their feedback into our product.
“Hyperproof isn’t just a company that makes really useful, intuitive compliance software; they truly value our input as product users and compliance professionals. We’ve been particularly gratified by the fact that many of our suggestions for the product were implemented into the product quickly and well. Hyperproof’s responsiveness, open-mindedness, and willingness to implement recommendations are extraordinary,” says Rich Guerrero, Director of Risk and Compliance at Clarifire.