Compliance confluence: 1st Credit and SureCloud

1st Credit
1st Credit

The search begins

Bover and his team began looking for a solution, as clients expect the firm to demonstrate a level of compliance with standards, such as PCI DSS, the Data Protection Act, a U.K. law instituted in 1998 which is the primary legislation governing the protection of personal data in the nation, and ISO 27001, a standard that formally specifies that a management system charged be in place to bring information security under explicit control. “We're taking payment from people who were, or still are, their customers and, understandably, they need our assurance that we won't put their brands at risk,” says Bover.

The team looked at a wide variety of solutions and found that while most of them were fit for the purpose, they were all fairly disparate solutions and would have required a fair bit of work to integrate all the necessary elements, he says.

“I had been looking around for some time before I discovered the right solution,” says Bover. And, the choice was the SureCloud Collaborative Compliance Platform. “It was the only tool we could find capable of aggregating all our compliance data. It was the obvious choice for us,” he says.

The offering is the only software-as-a-service solution that automates and simplifies the entire security management and information compliance process, says Richard Hibbert (left), CEO at SureCloud, a Reading, U.K.-based company that provides software-as-a-service solutions to help achieve compliance. The tool contains four component modules: vulnerability scanning, security information and event management (SIEM), wireless intrusion detection (IDS) and configuration auditing. “These promote continual security improvement,” says Hibbert. “Taking them all together (or individually, if required), SureCloud will assess and monitor networks, applications and wireless local area networks (WLANs), automate key governance, risk management and compliance (GRC) processes and provide actionable intelligence. It all adds up to a simple, cost-effective approach to helping organizations stay one step ahead when fulfilling their ongoing security and compliance obligations.”

SureCloud takes a holistic approach in contrast to competing solutions that only provide a partial view of an organization's security status, Hibbert adds. It provides software-as-a-service solutions that allow mid-market firms with regulatory obligations to benefit from major savings through automated information security management and simplification of the governance process, he says. “A typical SureCloud customer has a requirement for information security programs, has limited in-house IT security and lacks the budget needed for a traditional enterprise compliance solution.” 

Page 2 of 4

More in Features

Behind the scenes: Privacy and data-mining

Behind the scenes: Privacy and data-mining

With data-mining firms harvesting personal information from online activity, privacy advocates, if not yet consumers, are alarmed, reports James Hale.

The great divide: Reforming the CFAA

The great divide: Reforming the CFAA

Aaron Swartz's death inspired Rep. Zoe Lofgren to want to reform the federal anti-hacking law, but some security pros worry this would sterilize a potent enforcement weapon, reports Dan Kaplan.

Suspect everything: Advanced threats in the network

Suspect everything: Advanced threats in the network

Are there ways to catch sophisticated malware that hides in trusted processes and services? Deb Radcliff finds out.