Assura: Molding the New Era of Cybersecurity

Follow Assura on :

Karen L. Cole, Co-Founder & CEO We find ourselves in a world surrounded by cyber adversity, a growing number of cyber incidents, and increasingly lethal security threats. Concurrently, the ever-changing regulatory requirements are complicating the scenario for enterprises that try to ensure data privacy and security. “Our vision is to protect enterprises from being victimized by cybercriminals and being hamstrung by authoritative regulations, regardless of their size," says Karen Cole, the Co-Founder and CEO of Assura. A “unicorn” in the cybersecurity industry because of her gender and position as CEO of a cybersecurity company, Karen is an expert -- both in helping companies align with today’s security needs and grooming the next generation of security professionals. Identifying that protection of data and systems is one’s right and not a privilege, Karen co-founded Assura with Joshua Cole, fulfilling their dream of securing enterprises from the ever-growing threats posed by cyber attacks. “Our vision is twofold," says Karen. "One is to democratize cybersecurity by delivering the same level of security as large banks, but to small and mid-sized enterprises at a price point that’s within their reach; The second one is to be the easy button of cybersecurity by taking away our clients’ pain of protecting themselves from cyber threats."

Cybersecurity for All

Back in 2007, when Karen got Assura off the ground, cyber attacks were not making as many headlines as they do today. Also, organizations were not onboard with cybersecurity, except the ones in a few regulated industries. Assura spent a lot of time and effort toward building business cases for its services, allowing the company to change perceptions about cybersecurity from being akin to "buying an insurance policy" to one that focuses on how cybersecurity aligns with client business objectives. On the one hand, Assura moved toward fortifying enterprises' ecosystem and on the other hand, helped small and mid-market clients eliminate the perception that they need expensive, dedicated cybersecurity teams. For organizations strategizing to reduce their spend on security, Assura delivers cybersecurity programs, including policy frameworks, procedures, risk assessments, and other governance, risk, and compliance (GRC)-related deliverables.

"Our clients may be subscribing to an individual service with us, but we’re thinking and working with them full stack"

As Assura grew, Karen noticed a tremendous change in GRC requirements—a hard knock for businesses that tried to implement or manage their information security programs. It is important to note here that even organizations with cutting-edge technology usually struggle when it comes to policies, plans, and program structure. Assura identified this hurdle and launched its managed security services, offering GRC-as-a-Service and SOC-as-a-Service packages to help businesses execute their day-to-day operations and sustain their cybersecurity programs and technology. Through GRC-as-a-service, Assura offers a predictable cost model to help businesses easily understand the spend on cyber risk and compliance. “We are capable of marrying up a GRC-as-a-service with technology and managed services,” says Joshua, the CTO.
In one instance, Assura engaged with a client that was being consistently targeted with phishing and social engineering attacks. Assura assessed the client's risk profile and helped them make the business case for cybersecurity. Following that, Assura established appropriate governance, risk, and compliance structure with policies, procedures, plans, and supporting technology. Though initially skeptical, the management wanted to use the firm's offerings to create a differentiator for their organization and make proper investments in cybersecurity to address ongoing risks. Engagement with Assura was a win-win for the client as the board was able to meet their fiduciary responsibility, while the organization was prevented from being victimized, and their constituents experienced a greater comfort level in using their services. The Assura model is so effective because of their well-tempered approach. "What makes us unique is our integrated focus on technology, people, and process," says Karen.


What makes us unique is our truly integrated focus on technology, people, and process

Going the Extra Mile

Identifying that airdropping solutions—technology with hardware and software—into enterprises’ ecosystem won’t give the desired outcomes, Assura follows a value-bound approach in their client engagements. The firm helps clients understand their security profile and then bring in the equilibrium between the program and the technology, eliminating the perception of a false sense of security. From the technology standpoint, Assura understands the risks as well as the components that need to be protected and then articulate it in a manner for the client's C-suite to understand. "We work from the top of the organization (i.e., board of directors, CEOs, etc.) all the way to the IT staff and ultimately end-users," says Karen.

Keen to align with the ever-evolving cybersecurity space, Assura conducts research and adapts to newer technologies and sophisticated delivery models at a considerable pace. The company always looks for methods to stimulate innovation and enhance the way it interacts with clients. To put this into perspective, consider helping a SOC-as-a-Service client think through security engineering issues or figuring out how they can tackle a potentially thorny policy issue. "Our clients may be subscribing to an individual service with us, but we’re thinking and working with them 'full stack,'" says Joshua. Assura also only works with technology and service partners that align with a similar vision. “We collaborate with partners who are the best in their space and we have fired partners for poor delivery. In some cases, we ask ourselves whether we can do it better, which gave birth to several corporate initiatives,” comments Joshua. For example, Assura has invested heavily in building its own Security Operations Center rather than outsourcing it. “We simply couldn’t find a partner that met our exact standards – and believe me, we tried,” adds Joshua.

Another example is Assura's AuditArmor™ Guarantee, where the company guarantees that all its deliverables comply with the applicable cybersecurity regulations and standards, or the firm fixes it at no cost for the client. The other part of the guarantee is that if the client is audited, Assura's team will assist them with all of the heavy lifting of putting together the data and responses requested by the auditor. Assura stands behind its work with a financially backed guarantee and shoulder-to-shoulder with their clients when they are audited.
Smooth Sailing Customer Experience

Assura caters to a wide customer base across healthcare, financial services, manufacturing, K12, universities, and the public sector. “The reason that we're able to successfully operate in different market segments is our sole focus on cybersecurity,” adds Karen. When it comes to the public sector, the firm helps its municipal clients drive economic development by attracting businesses to their localities and bring innovative ideas like e-governance services to their citizens. Meanwhile, private sector clients can drive new business initiatives and execute them according to their strategic vision by leveraging Assura's comprehensive service portfolio. Furthermore, for CIOs and CSOs who are asked to participate in the cybersecurity insurance, Assura provides governance, risk, and compliance functions, which is mandatory as a part of the insurance underwriting process.

The success of Assura is also attributed to its culture, which is a major selling point for its services. This includes five core values developed by the firm's team. Firstly, 'No A-Holes Allowed,' which means there is no room for a prima donna at Assura, and the primary aim of its team is to help clients stay ahead of the pack. Even the highest leaders in the company apologize when they make a mistake, a simple concept to be sure but practiced by too few leaders. Secondly, 'Eat Our Own Dog Food,' where Assura uses technologies, practices the tenets of cybersecurity, and follows the advice it offers to clients. Next is 'Walk the Talk.' "It isn't just enough to know what one organization is talking about, but it has to do it too," says Karen. This is what Assura does. It also keeps commitments and honors its promises. With 'Sweat the Details,' the firm makes sure that its client's ecosystem is protected with multiple levels of security, frustrating the hackers until they give up. Finally, 'Own the Outcome' philosophy allows Assura to treat clients as an integral part of its team. "Once an Assura client, always an Assura client. We are so committed to owning the outcome of our work," adds Joshua.

The outcome of Assura’s value proposition and culture is evident from a recent survey conducted among its clients. 90 percent of respondents indicated that Assura is extremely responsive to their requests and needs. Also, 91 percent of its current clients rated Assura service 4+ out of 5 in overall satisfaction. "At Assura, you consistently deal with the same person and people. The person you’re working with at the start of your project is the same person you’ll be working with at the end. This consistency in client needs helps create better trust-based relationships," says Joshua.

Non-Ending Technological Advancements

Since its inception, Assura has adopted a progressive path, making timely advancements in its suite of offerings. Along the same lines, the upcoming groundbreaking offering is its Ransomware Protection Pack™, which addresses the people, processes, and technology necessary to protect organizations from ransomware. Identifying the significant presence of human element in today’s data breaches, Assura’s first-of-its-kind offering encompasses both artificial intelligence and machine learning, and most importantly, the human knowledge element. From a technology standpoint, Assura is planning to make its GRC-as-a-service more flexible to align with its goal of helping small and medium enterprises. The firm also intends to continue leveraging APIs, big data analytics, AI, and Machine Learning to enhance its services.

From a geographical standpoint, Assura is strategizing to become a national player by opening offices across the U.S. and build strong and reliable partnerships.

Company
Assura

Headquarters
Richmond, VA

Management
Karen L. Cole, Co-Founder & CEO and Joshua A. Cole, CTO

Description
Identifying that the ever-changing regulatory requirements are complicating the scenario for enterprises trying to ensure data privacy and security, Assura protects enterprises from being victimized by cybercriminals and being hamstrung by authoritative regulations, regardless of their size. The company has a twofold vision; one is to democratize cybersecurity by delivering the same level of security as large banks, but to small and mid-sized enterprises at a price point that’s within their reach. The second one is to be the easy button of cybersecurity by taking away our clients’ pain of protecting themselves from cyber threats. Assura offers GRC-as-a-Service and SOC-as-a-Service packages to help businesses execute their day-to-day operations and sustain their cybersecurity programs and technology

Assura