Cleared for takeoff
in 6 months
Location: Nice, France
Industry: SaaS
to security questionnaires
mitigation with collaboration tools
CONTEXT
Short timelines for expansion
M&C’s airline software solution is used in 30 countries globally. Their next goal was to expand into North America. As a cloud-hosted platform, they’d have to demonstrate assurance of cloud security to prospects. The most effective way of doing this was pursuing compliance with multiple infosec certifications.
Raouf Harzi, Security & Compliance Officer, M&C Aero
“We’ve got way more control over our GRC operations now. Scrut’s innovative platform has helped us prioritize strategic security programs. The lift in our risk management efforts has been majorly reduced, thanks to its adaptability with our tech stack and workflows.”
CHALLENGES
Compliance as a blackbox
More time spent on responding to RFPs
M&C had many gaps in their security documentation, which made responding to security questionnaires difficult. Extraction and submission was a tedious and time consuming process that impacted sales negatively.
Complex employee onboarding
Security trainings were done 1-on-1 for new employees and policy acceptance process was manual. Also, since both IT & TA overlooked the process there were a lot of overlaps and inefficiencies.
Lack of effective collaboration
Monitoring for misconfigurations was infrequent, while assigning and tracking issues was non-existent. Critical tasks like remediations and assessments required back-and-forth from multiple people which delayed timelines.
Reduced visibility into progress
With no consolidation of artifacts, prioritizing tasks became harder. Disconnected processes caused duplicative efforts across frameworks. To get a view of progress a lot of manual digging was required.
To tackle all these challenges, M&C considered many GRC automation tools on the market. However, most of them, apart from Scrut, couldn’t commit to a timeline of less than 12 months, which was double what was expected.
SOLUTION
Consolidated GRC automation
M&C’s journey started with the 400+ pre-configured controls on the Scrut platform.
Daily cloud tests against 230 CIS benchmarks monitor non-compliant assets for better prioritization.
Intuitive usage of the risk module led to M&C maturing its processes. They now manage 25 risks instead of just 7.
Once imported onto the risk register, risks were assigned, and remediations were initiated in a jiffy.
Finally, the easy navigation and actionable dashboards allow comprehensive monitoring.
Proven ROI with Scrut:
Download the Full Case Study Now
IMPACT
Better prioritization for better security
Quicker response timelines for RFPs
Raouf no longer has to spend weeks researching and responding to RFPs. As their processes matured, answering targeted questionnaires is now helping them overcome sales hurdles
Smoother employee lifecycle management
Tracking policy acceptances is now much easier. Employee NDAs are also being administered via the Scrut platform. Lastly security trainings are run frequently and monitored with real-time statistics.
Greater collaboration efficiency
Cloud issues are identified and assigned swiftly, along with the linked artifacts and remediation steps, from a single window. This led to a 50% improvement in risk assessment time, through enhanced collaboration.
Artefacts consolidation for proactive closures
With no consolidation of artifacts, prioritizing tasks became harder. Disconnected processes caused duplicative efforts across frameworks. To get a view of progress a lot of manual digging was required.