Press Release – New Security Compliance Services for Cloud Workflows

Los Angeles 19th October 2020, Convergent Risks announced the launch of a managed service for configuration vulnerability scanning in the public cloud.

The managed service is designed to make it easier for organizations to detect misconfigurations in a public cloud environment that could expose them to increased cyber risk. The pandemic has fast tracked the migration of operations to the public cloud for many media and entertainment businesses.

Configuration of a cloud environment can be complex and maintaining correct security posture is essential in avoiding exposure to risk.

2020-10-19 - Press Release - Image 1

Nik Savchenko, VP International at Convergent Risks said: “Our automated scanning service, configured for AWS, Azure, Google, IBM and other clouds, is aimed at application and service providers with 100% or hybrid cloud operations, to have the ability to scan their cloud environment on demand and check for security misconfigurations that could ultimately lead to a security breach or malfunction.”

He went on to say: “There are literally thousands of configurations from access control through to network protocol issues which cannot easily be checked manually on an ongoing basis and industry tools for this tend to be quite expensive for the average M&E business.”

Convergent also announced that it has entered into a partnership with The Cadence Group, a key provider of SOC2 compliance audits to provide a combined solution for the M&E sector. SOC 2 auditing is increasingly relevant to SaaS application providers and is required by some content owners. SOC 2 is the standard for reporting on security, availability, processing integrity, confidentiality, and privacy controls at a service organization.

Mathew Gilliat-Smith, EVP at Convergent Risks said: “Convergent is well positioned to assist its M&E application vendor customers with SOC2 preparation and remediation before undergoing SOC2 audits by The Cadence Group. Cadence is a highly respected and certified member of the AICPA, the governing and standards body for SOC reporting.”

He went on to say: “Convergent is already providing cloud and application security reviews, TPN security assessments, web application pen testing, code reviews and privacy compliance to a broad range of M&E vendors and it’s a logical step to assist our customers in leveraging the security verification they have already undergone to avoid a duplication of effort in their preparation for the readiness stages for SOC 2 audits.”

Kevin Abbott, Managing Partner at The Cadence Group said: “We are delighted to be partnering with Convergent Risks not only for SOC2 but also on privacy compliance both of which are becoming increasing requirements across different sectors.

We recognize the security expertise that Convergent provides in the M&E sector through its respected teams of highly skilled security assessors. This is a good fit for us as it allows Convergent to provide the M&E expertise they possess, in conjunction with the SOC2 assessment experience we bring.” He went on to say: “The partnership means that we will also be able to provide more support to our clients for privacy compliance through Convergent’s specialist privacy team.”

Gilliat-Smith said: “Customers will be able to request and receive configuration vulnerability scanning reports and prepare documentation for SOC2 audits using Convergent’s forthcoming management portal, SanctumHub.”

About Convergent Risks

Convergent Risks is a principal provider of risk assessment and compliance services with offices in the US, UK and India and representation across EMEA and Asia Pacific.

Our global team of qualified assessors undertake TPN and general security assessments efficiently and based on a competitive fixed pricing model. Our standalone consulting entity provides cloud and application security reviews, penetration testing, pre-assessments, cloud configuration and infrastructure and web app vulnerability scanning, SOC2 readiness, compliance platforms, security strategy, privacy compliance, policy development, remediation and security training.

About The Cadence Group

The Cadence Group was founded in January 2005 and provides advisory and assurance based services in areas such as SOC Reporting, PCI Compliance, ISO 27001, FedRAMP, and HITRUST/HIPAA.

Their combined approach for addressing multiple frameworks through a single integrated assessment has allowed their clients to save valuable resources. Cadence is comprised of both audit and compliance professionals with experience across a multitude of industries, including significant experience working with growing SaaS companies.

Cadence has primary office locations in Salt Lake City, Utah and San Francisco, California as well as Los Angeles, Texas, Arizona and Florida.