Getting security compliance right to win more deals | Kyle Morris – Scytale AI
What problem does Scytale solve?
Kyle: Scytale is a compliance automation platform and pretty much what we do is we take the headache out of compliance work. We just help companies in information security from start to end, depending on where they are in their process. In the world of information security and cyber security, there are obviously so many considerations and risks these days that these companies just don’t know where to start implementing processes, controls, whatever it may be.
That’s really where we come into play we can assist them right from the beginning and guide them on every single thing that they need to be compliant with. Compliance proves that you’re secure, that you have controls in place, and that if you wanted to work with one of these potential customers, you have that assurance and peace of mind that your data and information will be.
When should a company start working on compliance?
Kyle: The earlier they do it, the better. Of course, that isn’t always possible, and it depends on budget constraints within companies and organizations. The short answer is whenever they can, of course, the earlier they adopt it, the easier it is. I say that because then they can almost build their environment from the ground up with security. If they start late on in the process, it’s also fine. We have compliance experts, and we have the resources to be able to provide them with everything they need.
It is very common, and it’s understandable that companies have prioritized developing their products. What we see quite often is the requirement for compliance comes as a result of customers requesting it. If you are a SaaS platform or a startup with this great product idea, you need to grow and develop your customers. But then a customer comes to you and says – okay, we want to work with you, but we need to know you’re secure. Are you SOC2 compliant? Are you ISO compliant? Being able to turn around and say yes is that peace of mind. That’s what makes it so crucial for the customers themselves.
Scytale pricing plans
Kyle: The pricing varies greatly depending on the organization’s size and the framework we use. At the crack of it, we offer compliance automation, but that involves many things. We can do SOC 1, SOC 2, SOC 3, and various ISO standards. It depends on the region the customer’s in and their product. We work with the customer to identify what their product is, what areas they activate into, and what their customers are requesting. Based on that, we will create a solution tailored to them and a project timeline that suits the available resources. I’m giving you a very roundabout onset in terms of the pricing here because it’s very much not a one solution fits all.
How long does getting compliant take?
Kyle: Touching a little bit on the previous points depends on the customer themselves. Let’s take maybe a couple of scenarios here. If you are a SaaS platform, you’re a startup and tiny. You’re just getting going with the project. Your company was established a few months ago. You come and start working with Scytale. Let’s say we are doing a SOC 2 project with you. We will decide and agree on the criteria we will do the first audit. Then, we will begin with the whole remediation process. Then we identify the gaps and get the process in place.
Depending on the resources available, we get going straight away to say, and this is what we need to implement. SOC is typically for a first-time project. The longer the audit period itself, obviously, the longer the project. But ultimately, you also get assurance and can provide your customers to say, rather than one day of our controls being implemented effectively, we’ve now assessed operating effectiveness for the past three months, and we can prove that all of this is in place.
Scytale success stories
Kyle: A really great example – we worked with a customer that started with us, they had a pretty mature platform. But instead of collecting all this evidence, we completed their audit in under a month. They already had their processes in place, so there was a bit of groundwork to collect evidence and make sure everything was correct retrospectively. Still, we essentially completed their project in under a month. I think that may be attested to the speed and efficiency of the automation platform itself and how everything could be put in one place. They didn’t have to worry about finding evidence in different folders. It simplified the requirements on their end. And it really just made it an absolute breeze of a project.
We work with some really incredible clients, and I think it’s a very cool role that I and the rest of the customer success team are in. You work with these really bright minds from around the world that have these incredible business ideas ultimately, and I think the projects depend entirely on the available resources. Of course, some of these companies are pretty small, and they just can’t spend hours in a day on projects. It ultimately comes down to how much time you can invest and how quickly the project will get completed.
What’s been really beneficial for customers from that side is being able to tell them – we wanted to start here, but you have these requirements based on your region, your type of project. All of these will be relevant to you, and the platform caters to that. Instead of you doing three separate audits, you’re going to do this evidence collection, this remediation process, and you’re, at the end of the day, going to be compliant with three different frameworks, which I think is a no-brainer. You don’t want to do one project three other times. If you can get three things done at once, well, there’s tremendous efficiency in that.
When did you join the company?
Kyle: This is my second year with Scytale. I’ve been with them just about from the beginning. I would say not, not quite right at the start, but I’ve been with them from the early days when we were tiny, around ten employees, to now where we are now over 40. We’ve had to take on more resources because there’s a massive demand for the product, and there is just this global demand for compliance and Infosecurity regulatory compliance.
What is your story, Kyle?
Kyle: I studied for a computer science degree. I always thought I would end up being a developer, and that’s sort of the way I went about my studies. Afterward, it just kind of changed once I got my degree. I majored in computer science and psychology, so I always had quite a keen interest in people. A science degree in computer science and psychology don’t tie together. But fortunately, my university allowed me to do that, and I first ended up in a graduate role at one of the big four auditing firms. I ended up in an IT audit. And that’s sort of where I got the ball rolling with my career and was able to move up over the years, I got good experience there, and then the opportunity for Scytale came up at the right time for me.
Connect with Kyle