Join us on November 9 for the Low Code/No Code Summit to learn how to successfully innovate and leverage citizen developers at scale. Please sign up here.
All major standards and compliance regulations require access control. Not to mention, security best practices are critical to determining whether users have the appropriate level of access to an organization's programs and systems.
However, in many companies this has traditionally been done manually, leading to all sorts of security and compliance issues, says Cristina Cachopa, CEO of Vanta.
The automated security and compliance platform today announced a new tool to help organizations meet this challenge: Access Review. It enables security teams to automatically view, configure, monitor, and report user access to systems.
"The reality is that companies will not do business with an uninsured company, and regulators will crack down on any organization with poor insurance," says Cacciopa.
The cloud computing compliance market is expected to grow from $30 billion in 2022 to over $59 billion by 2027. The identity and access management (IAM) market is expected to reach 35.71 billion dollars at the end of 2030. Represents the cumulative annual growth rate. (CAGR) of approximately 13.5%.
Vanta, which claims to be constantly building security and compliance teams, competes in this space with Drata, SolarWinds Service Desk, SecureFrame, and Sprinto (among others).
Cacioppo calls the security and compliance market a "hot spot" that continues to grow, with tens of millions in venture capital pouring into it.
"With massive outages, like Uber, Sony and Equifax, companies are realizing that they have to prove that it's safe to do business with them," Cacioppa said.
The changing threat landscape
Cacioppo pointed out that companies use dozens, sometimes hundreds, of systems and applications to drive their business.
According to him, security breaches can occur when they are accessed manually due to human error. This process takes time away from more strategic security work. Naturally, this exposes the company to the risk of default.
If validations are incorrect or incomplete, attackers can use access and credentials to destroy, modify, or steal sensitive data.
"Threats can come from a variety of vectors, including external cyberattacks, malicious insiders, and former employees with unexpected access to company systems," Cacciopa said. "There are also cases where employees may accidentally transfer data abroad."
Storage Access Overview: External and Internal Threat Mitigation
Insider threats are of particular concern. According to Ponemon, they increased 44% in the last two years, with costs per incident rising by more than a third to $15.38 million.
Cacciopa noted that insider threats are becoming more prominent due to changes in the workforce, such as the rise of hybrid and remote work. The risk has become more apparent with trends like the Great Retirement, he said, adding that employees worry about sharing company secrets with their next employer.
And the emergence of attackers like Lapsus$ and social engineering techniques have further exacerbated the need for proper access control.
In particular, startups often lack the resources and in-house expertise to adequately protect their perimeter, he said. This leaves them exposed to incoming threats and fines for non-compliance. Additionally, "in this economy, they don't have the ability to demonstrate to their clients that their critical business assets are protected from threats, which means they risk losing business," says Cacciopa.
Vanta acts as an umbrella that oversees a company's security posture and compliance. Its compliance automation platform simplifies ISO, SOC 2 and HIPAA certification processes. It monitors security status in real time by receiving signals from the enterprise security stack.
The company's new access review feature, announced today at the first VantaCon, streamlines and automates the entire access review process. It helps organizations understand and control employee access rights to applications so they can identify risks and reverse unauthorized use.
Key features include:
- Out-of-the-box integration for quick integration of system access data and HRIS information
- Process owner workflow for selecting systems, system owners/reviewers, due dates, and automatic notifications and reminders for reviewers.
- Browser workflow with a managed interface to view all accounts, accept/deny account access, and add comments.
- Automatically mark accounts as "at risk" for employees who have been laid off or recently transferred to another department.
- Provides integration with issue tracking and ticket status visibility to create tickets for any access changes as needed.
- Create reports to view self-test of repair progress and completion
- An auditor interface that allows users to log in to Vanta to view all completed access audit history.
Vanta, whose leadership is two-thirds female, reached a $1.6 billion valuation this year and has raised a total of $203 million from Craft Ventures, with participation from Sequoia, Y Combinator and other existing investors.
VantaCon brings together hundreds of founders and security professionals today, with speakers including Gusto Chief Security Officer Frederick "Fly" Lee, and executives from CrowdStrike and JP Morgan.
VentureBeat's mission is to be a digital public square for technology decision makers to learn about transformative business deals and technologies. Discover our summary.