“IT managers who have been struggling with security and compliance all the time tell us this is exactly what they need,” says Shane O'Brien, CTO at Aqueduct Technologies. “This is a game-changer for customers.”
Shane O'Brien, CTO of Aqueduct Technologies, is no longer surprised by the looks of amazement he receives from CISOs (chief information security officers) when he explains his AI-powered GRACE (Governance, Risk and Compliance Engine) software platform.
“IT managers who struggle with security and compliance tell us all the time that this is exactly what they need,” O'Brien said. “This is a game-changer for customers. What we have done is provide everything in one software platform that allows them to ensure compliance once and for all. We recently did a demo with a CISO who asked him – ‘Where do I sign? “
O'Brien (pictured above) said the GRACE platform drives net new customers to Aqueduct who have long been frustrated by the painful, tedious and time-consuming governance, risk and security compliance process. This is because GRACE automates what has long been a maddening, manual process that took countless hours to ensure compliance across multiple frameworks.
In fact, Aqueduct has documented an 89 percent reduction in manual tasks for customers implementing its GRACE platform, O'Brien said.
“We can see the impact in the form of tangible data showing that these customers became more secure and compliant after we did the initial assessment and then included our team of CISOs and security analysts to get them where they need to be,” he said. . “It's proven. This is all about security and peace of mind. Knowing that you are making a difference in cybersecurity is huge.”
The platform — which rates customers on a scale of 1 to 100 in their security and governance compliance framework — has consistently moved customers who scored in the 10-20 percent range into the 80 percent plus range, O'Brien said. The next version of GRACE will provide a measure of how customers compete with other companies in their industry, he said.
A big part of the GRACE 2.0 process is measuring customers' business risks including policies governing customer and third-party data. This has become a board-level issue with GRACE 2.0 being linked to third-party audit systems using an API (Application Programming Interface). “All of these business risk measurements are automated through the GRACE platform,” O'Brien said.
O'Brien said Business Risk Measurement helps clients address board concerns directly through an ongoing risk measurement scoring system. “This provides our clients with data that shows the council how they are achieving results to be safer,” he said. “Often, customers had no way to show the progress they were making on security and governance.”
O'Brien said the buzz around the GRACE platform has increased since version 2.0 of the engine was launched in March. That's because GRACE 2.0 includes new functionality that includes feedback from security leaders who attended the solution provider's inaugural Cybersecurity Summit last year.
Among the new capabilities in GRACE 2.0 is increased visibility across 38 governance frameworks including the ability for customers to choose their own frameworks.
In fact, the GRACE 2.0 platform exceeds NIST (National Institute of Standards and Technology (NIST), CIS (Center for Internet Security with CMMC (Cybersecurity Maturity Model Certification)) and ISO 27001 (International Organization for Standardization) standards.
“GRACE 2.0 takes multiple governance frameworks and cross-references them for customers,” O'Brien said. “The AI we have built into the platform understands where there is overlap between many different frameworks. It therefore saves customers countless hours on the governance compliance journey. It is good to know that we are helping more customers be more secure.”
