Closer analysis of the circumstances that led to the recent media furore surrounding the 'Heartbleed' bug shows the IT industry needs to quickly learn some important lessons if it is to avoid a similar own goal ever happening again.
Richard Hibbert – SureCloud CEO
With IT Security standards increasing, automation is key to sustaining compliance. Learn how to fast track process implementation and reduce reliance on spreadsheets.
Customer Case Studies
Pain Free and Cost Effective Compliance
SureCloud has given us a fantastic tool, as well as a higher level of customer service. We can...
We’ve not only gained a cost effective way of meeting our evolving security compliance...
We gain a complete picture of our information security and PCI DSS posture at any one moment in...
SureCloud does a lot more than ensuring we have ticks in all our compliance boxes. The quality...
The top heavy, more expensive solutions (typically developed to help meet Sarbanes-Oxley...
What has SureCloud given us? They have minimised the threat of non-compliance, enhanced the...
Latest News & Press
Read SureCloud’s most recent news coverage and press releases
Suppliers need to be considered in many different ways and a classification of suppliers is essential if you are going to accurately assess them for risk. It is important not to treat suppliers equally as a single one-size-fits-all group.
Patches have been released this week for six newly discovered OpenSSL vulnerabilities, one of which (CVE-2014-0224) allows an attacker with access to SSL traffic to decrypt communications if they have gained access to the SSL traffic. The attack requires vulnerable versions of both client and server software to be in use and will not work if just the client or server is vulnerable.
There has been a great deal of media attention concerning the ‘Gameover ZeuS & Cryptolocker’ threats this week, particularly since the NCA Announcement on Monday, 2nd June 2014. A handful of SureCloud clients and partners have been in contact with us for expert guidance and recommendations to help mitigate the threat. Why is this different from any other attack?
According to a report from Risk Based Security and the Open Security Foundation there were no fewer than 2,164 incidents of data loss during last year. Of those, 72% involved external attackers while 25% were classified as internal incidents, although the latter were attributed mainly to human error and accidents rather than malicious intent.
SureCloud®, a supplier of Cloud-based Governance, Risk and Compliance (GRC) solutions, today announced its agile GRC SaaS platform. The SureCloud Platform differs from other solutions by giving organisations immediate visibility of the status and greater overall control of their risk and compliance programmes.
SureCloud®, a supplier of Cloud-based Governance, Risk and Compliance (GRC) solutions, today announced it has been named as a finalist in the 2014 Pathfinder 20 Index of top emerging UK technology companies. Additionally, SureCloud is included in Pathfinder 20’s top 20 Index.
The Heartbleed OpenSSL Vulnerability (CVE-2014-0160) was released on April 7th 2014.
What is Heartbleed?
Heartbleed is a vulnerability (bug) within the Heartbeat extension for the popular OpenSSL package and is compiled by default in within a number of Unix/Linux distributions. The vulnerability affects a component of this extension and if successfully exploited can reveal data in memory on the target host. This could include sensitive private keys and/or sensitive information such as user passwords or other data in a decrypted state.
Assessing risks of a supply chain is largely performed by old-fashioned methods of spreadsheet questionnaires. This manual, laborious method becomes impossible to manage, even when recruiting an army of skilled compliance officers, who then spend most of their time chasing spreadsheet responses.
In recent weeks there have been a number of data breach stories here in the UK and in North America. UK travel insurance provider Staysure revealed that around 93,000 customers may be affected after sensitive bank card details were thought to have been stolen as a result of an IT security breach.
Keeping business systems safe and protecting your data has never been more difficult to achieve. And it is only likely to become harder. Getting the right risk management strategy in place is critical.
A methodology for properly classifying information risk is the first rule of designing an effective supplier assurance programme. It may sound obvious but in practice not many organisations do it.
Built-in suite can help merchants future-proof their compliance programs
Did you know small merchants can self-assess? Read on for more shockers
A new version of the PCI-DSS payment card industry standard was published yesterday, and is due to come into effect at the start of January. The new rules place a greater emphasis on promoting improved security rather than complying with pre-set rules.
SaaS platform gives compliance teams at-a-glance insight into relative risk profiles and overall efficacy of suppliers to the multi-brand retailer
Shop Direct Group this month revealed it has selected the cloud-based IT governance, risk and compliance (GRC) platform from SureCloud to help automate its third party assurance programme.
Organisations are facing increasing requirements to introduce third party assurance programmes in order to reduce the risks involved with essential supplier relationships. Setting up such programmes from scratch or extending existing programmes brings about challenges. Is there a quick and easy way to address them?
Shop Direct Group has introduced a new centrally-managed and automated third party assurance programme from SureCloud to determine the relative risk profiles of its extensive supplier network.
Nick Rafferty, SureCloud chief operating officer, talks IP EXPO Online through the company’s strategy for tackling third-party assurance for governance, risk and compliance.
At a time when customer data privacy is a concern that every organisation must address, having rock-solid compliance processes in place internally is no longer enough.
Organisations big and small need a collaborative approach to compliance, with affordable entry points and a more agile alternative to managing risk says Richard Hibbert, CEO of SureCloud.
Customer Service Direct (CSD), a joint venture partnership between Suffolk County Council, Mid Suffolk District Council and majority stakeholder BT (80%) has turned to a Cloud-based risk management approach from SureCloud.
1st Credit is a leading U.K. debt collection agency responsible for managing more than $8 billion in outstanding consumer debt. It manages the debt portfolios, third-party collections and ledger management for some of the U.K.'s leading banks, credit card companies, retailers, utility suppliers and telecom companies – who they buy or service debt from – and the millions of customers whose credit history they are helping to repair.
To meet mandates, a U.K. finance company needed a solution to aggregate data from disparate components, reports Greg Masters.
HSS Hire has simplified security applications and streamlined compliance processes using cloud risk-based approach to information assurance from SureCloud.
The building equipment and tools supplier needed to comply with the Payment Card Industry Data Security Standard (PCI DSS) and chose SureCloud's information security and IT govemance, risk and compliance (GRC) software-as-a-service (SaaS) help continuously assess operations and fix any vulnerabilities identified.
Multiple security and compliance point solutions can all too often combine to obscure an organisation’s view of its data assets. This makes the task less assured – particularly for Small and Medium-size Businesses (SMBs). But there may be easier ways to ensure adequate levels of security and, therefore compliance.
IT goverance, risk, and compliance is now a major operation in organizations. Operationalizing it will save time and money. This report looks at why and how to operationalize GRC in an IT department.
UK-based startup SureCloud is flogging a cloud-based auditing and compliance platform at mid-market businesses with high info-security standards.
SureCloud’s Unified Compliance Platform pulls together component elements such as vulnerability scanning, SIEM (security information & event management), wireless intrusion detection (IDS) and configuration auditing into a single platform.