Cybersecurity for All
Back in 2007, when Karen got Assura off the ground, cyber attacks were not making as many headlines as they do today. Also, organizations were not onboard with cybersecurity, except the ones in a few regulated industries. Assura spent a lot of time and effort toward building business cases for its services, allowing the company to change perceptions about cybersecurity from being akin to "buying an insurance policy" to one that focuses on how cybersecurity aligns with client business objectives. On the one hand, Assura moved toward fortifying enterprises' ecosystem and on the other hand, helped small and mid-market clients eliminate the perception that they need expensive, dedicated cybersecurity teams. For organizations strategizing to reduce their spend on security, Assura delivers cybersecurity programs, including policy frameworks, procedures, risk assessments, and other governance, risk, and compliance (GRC)-related deliverables.
"Our clients may be subscribing to an individual service with us, but we’re thinking and working with them full stack"
As Assura grew, Karen noticed a tremendous change in GRC requirements—a hard knock for businesses that tried to implement or manage their information security programs. It is important to note here that even organizations with cutting-edge technology usually struggle when it comes to policies, plans, and program structure. Assura identified this hurdle and launched its managed security services, offering GRC-as-a-Service and SOC-as-a-Service packages to help businesses execute their day-to-day operations and sustain their cybersecurity programs and technology. Through GRC-as-a-service, Assura offers a predictable cost model to help businesses easily understand the spend on cyber risk and compliance. “We are capable of marrying up a GRC-as-a-service with technology and managed services,” says Joshua, the CTO.
Going the Extra Mile
What makes us unique is our truly integrated focus on technology, people, and process
Identifying that airdropping solutions—technology with hardware and software—into enterprises’ ecosystem won’t give the desired outcomes, Assura follows a value-bound approach in their client engagements. The firm helps clients understand their security profile and then bring in the equilibrium between the program and the technology, eliminating the perception of a false sense of security. From the technology standpoint, Assura understands the risks as well as the components that need to be protected and then articulate it in a manner for the client's C-suite to understand. "We work from the top of the organization (i.e., board of directors, CEOs, etc.) all the way to the IT staff and ultimately end-users," says Karen.
Keen to align with the ever-evolving cybersecurity space, Assura conducts research and adapts to newer technologies and sophisticated delivery models at a considerable pace. The company always looks for methods to stimulate innovation and enhance the way it interacts with clients. To put this into perspective, consider helping a SOC-as-a-Service client think through security engineering issues or figuring out how they can tackle a potentially thorny policy issue. "Our clients may be subscribing to an individual service with us, but we’re thinking and working with them 'full stack,'" says Joshua. Assura also only works with technology and service partners that align with a similar vision. “We collaborate with partners who are the best in their space and we have fired partners for poor delivery. In some cases, we ask ourselves whether we can do it better, which gave birth to several corporate initiatives,” comments Joshua. For example, Assura has invested heavily in building its own Security Operations Center rather than outsourcing it. “We simply couldn’t find a partner that met our exact standards – and believe me, we tried,” adds Joshua.
Another example is Assura's AuditArmor™ Guarantee, where the company guarantees that all its deliverables comply with the applicable cybersecurity regulations and standards, or the firm fixes it at no cost for the client. The other part of the guarantee is that if the client is audited, Assura's team will assist them with all of the heavy lifting of putting together the data and responses requested by the auditor. Assura stands behind its work with a financially backed guarantee and shoulder-to-shoulder with their clients when they are audited.
Assura caters to a wide customer base across healthcare, financial services, manufacturing, K12, universities, and the public sector. “The reason that we're able to successfully operate in different market segments is our sole focus on cybersecurity,” adds Karen. When it comes to the public sector, the firm helps its municipal clients drive economic development by attracting businesses to their localities and bring innovative ideas like e-governance services to their citizens. Meanwhile, private sector clients can drive new business initiatives and execute them according to their strategic vision by leveraging Assura's comprehensive service portfolio. Furthermore, for CIOs and CSOs who are asked to participate in the cybersecurity insurance, Assura provides governance, risk, and compliance functions, which is mandatory as a part of the insurance underwriting process.
The success of Assura is also attributed to its culture, which is a major selling point for its services. This includes five core values developed by the firm's team. Firstly, 'No A-Holes Allowed,' which means there is no room for a prima donna at Assura, and the primary aim of its team is to help clients stay ahead of the pack. Even the highest leaders in the company apologize when they make a mistake, a simple concept to be sure but practiced by too few leaders. Secondly, 'Eat Our Own Dog Food,' where Assura uses technologies, practices the tenets of cybersecurity, and follows the advice it offers to clients. Next is 'Walk the Talk.' "It isn't just enough to know what one organization is talking about, but it has to do it too," says Karen. This is what Assura does. It also keeps commitments and honors its promises. With 'Sweat the Details,' the firm makes sure that its client's ecosystem is protected with multiple levels of security, frustrating the hackers until they give up. Finally, 'Own the Outcome' philosophy allows Assura to treat clients as an integral part of its team. "Once an Assura client, always an Assura client. We are so committed to owning the outcome of our work," adds Joshua.
The outcome of Assura’s value proposition and culture is evident from a recent survey conducted among its clients. 90 percent of respondents indicated that Assura is extremely responsive to their requests and needs. Also, 91 percent of its current clients rated Assura service 4+ out of 5 in overall satisfaction. "At Assura, you consistently deal with the same person and people. The person you’re working with at the start of your project is the same person you’ll be working with at the end. This consistency in client needs helps create better trust-based relationships," says Joshua.
Non-Ending Technological Advancements
Since its inception, Assura has adopted a progressive path, making timely advancements in its suite of offerings. Along the same lines, the upcoming groundbreaking offering is its Ransomware Protection Pack™, which addresses the people, processes, and technology necessary to protect organizations from ransomware. Identifying the significant presence of human element in today’s data breaches, Assura’s first-of-its-kind offering encompasses both artificial intelligence and machine learning, and most importantly, the human knowledge element. From a technology standpoint, Assura is planning to make its GRC-as-a-service more flexible to align with its goal of helping small and medium enterprises. The firm also intends to continue leveraging APIs, big data analytics, AI, and Machine Learning to enhance its services.
From a geographical standpoint, Assura is strategizing to become a national player by opening offices across the U.S. and build strong and reliable partnerships.