Convergent Risks Announces New Security Compliance Services for Cloud Workflows
Convergent Risks recently announced the launch of a managed service for configuration vulnerability scanning in the public cloud. The managed service is designed to make it easier for organizations to detect misconfigurations in a public cloud environment that could expose them to increased cyber risk. The pandemic has fast tracked the migration of operations to the public cloud for many media and entertainment businesses. Configuration of a cloud environment can be complex and maintaining correct security posture is essential in avoiding exposure to risk.
Nik Savchenko, VP International at Convergent Risks said: “Our automated scanning service, configured for AWS, Azure, Google, IBM and other clouds, is aimed at application and service providers with 100% or hybrid cloud operations, to have the ability to scan their cloud environment on demand and check for security misconfigurations that could ultimately lead to a security breach or malfunction.” He went on to say: “There are literally thousands of configurations from access control through to network protocol issues which cannot easily be checked manually on an ongoing basis and industry tools for this tend to be quite expensive for the average M&E business.”
Convergent also announced that it has entered into a partnership with The Cadence Group, a key provider of SOC2 compliance audits to provide a combined solution for the M&E sector. SOC 2 auditing is increasingly relevant to SaaS application providers and is required by some content owners. SOC 2 is the standard for reporting on security, availability, processing integrity, confidentiality, and privacy controls at a service organization. Mathew Gilliat-Smith, EVP at Convergent Risks said: “Convergent is well positioned to assist its M&E application vendor customers with SOC2 preparation and remediation before undergoing SOC2 audits by The Cadence Group. Cadence is a highly respected and certified member of the AICPA, the governing and standards body for SOC reporting.” He went on to say: “Convergent is already providing cloud and application security reviews, TPN security assessments, web application pen testing, code reviews and privacy compliance to a broad range of M&E vendors and it’s a logical step to assist our customers in leveraging the security verification they have already undergone to avoid a duplication of effort in their preparation for the readiness stages for SOC 2 audits.
Kevin Abbott, Managing Partner at The Cadence Group said: “We are delighted to be partnering with Convergent Risks not only for SOC2 but also on privacy compliance both of which are becoming increasing requirements across different sectors. We recognize the security expertise that Convergent provides in the M&E sector through its respected teams of highly skilled security assessors. This is a good fit for us as it allows Convergent to provide the M&E expertise they possess, in conjunction with the SOC2 assessment experience we bring.” He went on to say: “The partnership means that we will also be able to provide more support to our clients for privacy compliance through Convergent’s specialist privacy team.”
Gilliat-Smith said: “Customers will be able to request and receive configuration vulnerability scanning reports and prepare documentation for SOC2 audits using Convergent’s forthcoming management portal, SanctumHub.”