How Scrut Automation is simplifying information security for cloud-native organisations

Cloud computing has become an integral part of India’s thriving startup ecosystem. The pandemic accelerated the need for cloud infrastructure like AWS, Azure, GCP, etc, and companies quickly grasped it to remain agile, maintain and optimise their immense data. Doing so enabled them to scale quickly and focus on their business models rather than spending months figuring out their technology infrastructure and operational processes.

The shifting trends have given rise to an era of cloud-native startups. As per a report by Research and Markets, the cloud infrastructure market in India was valued at INR 301.40 billion in 2020 and is expected to grow at a CAGR of 29 percent through 2021-25, increasing to INR 1,169.23 billion in value by 2025. But alongside this tremendous growth comes challenges, particularly when it comes to information security.

New-age companies often struggle with a vulnerable infrastructure and application landscape, which stems from them having limited control over it. While larger organisations have dedicated teams managing their information security, early-stage and growth-stage startups don’t have that. But that doesn’t deter customers from expecting the same degree of stringency with security from startups as they would from an established company. Most tools in the security space are often built for large enterprises - rendering them complex to use for smaller organisations. Alongside this, tool fatigue and acronym fatigue also weigh heavily on them, with CISOs and CTOs struggling to understand the overlapping use cases, burning a significant number of dollars, yet at the same time, being unable to get a full understanding of their information security posture. All of these only emphasise on the need for simplification, which is what Scrut Automation offers.

The Scrut edge

While building an AI-powered supplier collaboration platform that required SOC 2 and ISO 27001 compliance to meet the enterprise requirements for deal closures, co-founders Aayush Ghosh Choudhury and Jayesh Gadewar experienced similar problems. Compliance took away a significant amount of time and resources from the company, which were to be utilised for developing customer-centric products and features. This proved to be the turning point that made them realise the importance of compliance automation. Their hassle-filled experience led them to launch Scrut Automation, an infosec and compliance automation platform, with one goal in mind – simplifying information security for cloud-native organisations.

Significant changes in the sector such as increasing data breaches, evolving cybercrime landscape, new regulations and evolving standards made it mandatory for companies to be compliant. Many companies are often confused by information security and compliance, yet most customers insist on it. But managing information security through traditional solutions was time-consuming and resource-intensive. Depending on the geography in which an entity operates, its industry, and the type of information it stores, organisations have to comply with different compliances like SOC 2, GDPR, HIPAA, CCPA, and more.

To this end, Scrut aims to help customers streamline their information security processes to help them establish strong and scalable security postures in line with industry-leading frameworks - all from a single window. “The Infosec and compliance space over the last few years has been replete with concepts and jargon of various sorts - which has led to ‘tool fatigue’ and ‘acronym fatigue’ in the minds of small and mid-market CTOs and Infosec heads. We are making a very sincere effort to reduce the noise and create a single window observability of a company’s Infosec risks - and help them prioritise what needs to be fixed. We are determined to simplify compliance and risk management,” said Aayush.

The team credits their deep understanding of the field and their success to the leaders working with them such as Kush Kaushik , Avaneesh Vyas, and Todd Dekkinga. Kush, the company’s third co-founder comes with 15+ years of experience in Infosec across India and US, and has conducted 3000+ ISO, SOC 2, PCI assessments across the globe. Avaneesh, an engineering leader at Scrut, comes with deep expertise in the security space through his experience from RSA Security. He has over 7 years’ expertise in engineering with Siemens and Infosys. Todd comes with over 20 years of experience in IT, including more than 15 years in IT and security leadership, and he has designed, developed, and deployed enterprise architecture and security strategies for leading organisations.

Scrut also has a hungry team that set stretch targets for themselves, operating at the next level of ‘discomfort’. Together, they have come together to build some excellent products and features that help companies overcome the hurdles along their journey of information security and compliance.

Smart solutions

According to Verizon’s 2022 report on Data Breaches Investigations, 82 percent of data breaches involved a human element. This includes social attacks, mistakes, and misuse. Scrut brings all of the risks under one umbrella, quantifying them objectively from a criticality and severity perspective. This, in turn, helps customers understand where they need to focus.

Here’s a sneak peak of Scrut’s products:

1. smartGRC™: Scrut smartGRC™ offers a quicker, simpler, and smarter route to compliance by doing away with tiresome manual procedures, and keeping customers informed on the development and efficacy of their programs.
2. CAASM: Scrut’s CAASM helps customers gain visibility of all their cyber assets, empowering IT and security teams to overcome cyber asset vulnerability challenges, and build a strong foundation for all security activities.
3. Vendor Risk: Scrut Vendor Risk helps customers develop a rapid, effective, and efficient method for evaluating, monitoring, and managing their vendor risk. With it, customers can know how their vendors are doing and whether their security postures fit with the customers’ compliance needs.
4. Employee Awareness: This enables customers to implement company-wide employee awareness training to reduce risk and strengthen internal security.
5. Cloud Security: Scrut Cloud Security scans and continuously monitors misconfigurations in public cloud accounts against 200+ CIS benchmarks to maintain a strong InfoSec posture.
6. Risk Management: Scrut Risk Management helps customers identify, assess, and reduce IT and cyber risks. It also gives them the visibility they need to stay safe from threats and effectively convey the impact on risks on critical business activities.
7. Trust Vault: Scrut Trust Vault empowers customers to build trust with their customers from day one of the sales process. It provides real-time, transparent visibility to their security and compliance posture, and eliminates the hassle of fielding manual requests for security questions, reports, and certificates.

Furthermore, Scrut deeply integrates with cloud environments, identity providers, HRMS, and many other tools and automatically collects evidence from them.

The impact

Today, Scrut has 150+ customers along with a presence across India, APAC, Europe and North America. They have expanded their services from SaaS to fintech, healthtech, AI/ML, blockchain, e-commerce industries. Their solutions have made a massive impact in the growth journey of many companies such as Treebo, Apty, Gameskraft, Defiant, Pando, Qapita, among others.

Singapore-based equity management SaaS platform Qapita decided to pursue GDPR compliance to protect sensitive financial data from potential breaches. With Scrut’s smartGRC platform, the company automated the complete cloud infrastructure monitoring, across a 100 percent sample coverage against 150+ Centre for Information Security (CIS) benchmarks. Qapita managed to streamline and simplify their entire compliance process, which helped them be compliant and audit-ready every minute.

Another example is Apty, a Texas-based digital adoption platform, which uses Scrut to automate risk monitoring and ensure compliance with six industry standards, such as SOC 2, ISO 27001, HIPAA, GDPR, ISO 27017, and ISO 27018. With Scrut, Apty monitors its expansive cloud infrastructure across assets and accounts to detect misconfigurations against 150+ cloud controls as per the CIS benchmarks. Any cloud misconfigurations are added onto the DevOps pipeline right away, allowing developers to repair them quickly without manual audits. By creating constant observability for Infosec risks and their compliance posture, Apty is using trust as a powerful sales differentiator.

The way ahead

While Scrut has been rapidly growing, they believe their journey has just started, and there is much more to do. They aim to become the go-to solution for the CISOs in mid-market companies for managing their infosec and compliance program and providing them with a one-stop-solution from a GRC automation perspective.