London, UK – April 24, 2012 – SureCloud, a supplier of IT Governance, Risk and Compliance (GRC) solutions, today announced the SureCloud Unified Compliance Platform, a Software-as-a-Service (SaaS) solution aimed at mid-market organisations, which uniquely combines security point solutions to assess and monitor networks, applications and airwaves, with Governance, Risk and Compliance (GRC) process automation; a hybrid of GRC and information security point solution vendors delivering real-time actionable intelligence.

“SureCloud’s customers have a number of things in common. They have limited resources and budgets, and view the enterprise point solutions as too expensive and overly complex for their compliance needs,” said Richard Hibbert, CEO of SureCloud. “The Unified Compliance Platform simplifies the process by enabling IT and compliance teams to manage the complexity of compliance initiatives with one central solution, through one user-interface, using one central mechanism to manage activity and report on progress.”

The Unified Compliance Platform has three major functional areas, namely: Assessment and Monitoring with SIEM, vulnerability scanning, and network and wireless IDS capabilities (together or individually as required); GRC Process Automation featuring asset classification, simple workflow and activities, and covering processes such as vulnerability remediation, incident response, compliance auditing and vendor management; and Actionable Intelligence delivered through Alerts, Reports and Actions. Each functional area has the core features required to meet compliance needs without the excess functionality found in enterprise point solutions.

“Ultimately, the Unified Compliance Platform allows organisations to cover far more territory than with the traditional approach of individual point solutions, and at a fraction of the cost.”

About SureCloud

SureCloud supplies a Software-as-a-Service solution that enables mid-market organisations to greatly simplify and cost-effectively manage their IT Governance, Risk and Compliance (IT GRC) initiatives. Established in 2006, SureCloud is a British company based in Reading, Berks, with more than 200 customers throughout the UK from the Retail, Financial Services and Government sectors, including a large number of local authorities.

SureCloud’s online Pen Test Management Module stays years ahead of the competition, offering real-time delivery of Penetration Test Management and Reporting.

SureCloud’s easy-to-use interfaces provide an intuitive way to manage all forms of penetration test, in real-time, via an online platform. Test teams benefit from a framework that supports collaborative working, and knowledge capture and sharing – e.g. to support real-time QA, or to harmoniously deploy multiple test specialists on a single test project. Furthermore, the Pen Test Management module is designed to streamline the analysis and reporting phase of a penetration test – drastically reducing the costs associated with manual testing, which can be passed on as savings to customers. Rich Media functionality, including image slideshows and screen capture videos, gives end-users visual clarity on how to exploit vulnerabilities, and the impact each has on an organisation’s network or application.

While other competitors are coming round to the fact that software-as-a-service delivery offers far better functionality and capability; as well as radical cost-savings to customers, SureCloud’s in-house innovation team has spent the past four years refining and developing its online security platform.
“New solutions are coming to the market,” says Mark Lascelles, Head of Product Development, “But many are being designed from scratch or from their existing software package solutions, rather than building on the leading software-as-a-service designs available in the market. As such, they have yet to go through a product maturity process to best meet customer needs.”

The centralised Pen Test Management module consolidates test findings, mitigation and remediation tasks across multiple layers to enhance the communication between SureCloud (or an MSSP – a key channel partner for this technology) and its clients. It then delivers clear and comprehensive reports, along with automated alerts, providing detailed insight and intelligence regarding an organisation’s network and application security and resilience to cyber attacks.

An additional benefit of the SureCloud solution is that the Pen Test Management Module tightly integrates with the Vulnerability Management Module, allowing end-users to manage and prioritise vulnerabilities by risk, assign tickets and track the remediation process through to resolution.

“SureCloud is not just committed to simplifying security and compliance through real-time automated processes, but also to providing our customers with clear intuitive security controls and detailed intelligence in the form of dashboards and reports. This enables us to offer high-quality services that improve our customers’ resource efficiencies and reduce their compliance budget expenditure,” says Mike Wiltshire, Head of Services and Application Security.

About SureCloud Ltd

SureCloud provides affordable solutions that enable organisations to achieve compliance with multiple security standards, (e.g. PCI DSS, HIPPA, GCSx CoCo); through a range of intuitive software-as-a-service applications that automate key information security processes (risk, threat and compliance management), combined with integrated security tools; as well as expert compliance consultancy services and technical support.

For more information please contact:

Carol Harraway
Marketing Manager
SureCloud Limited
Tel:+44 (0) 118 963 7999
www.surecloud.com

SureCloud is launching its new Risk and Compliance Management modules at Infosec on 19th April 2011.

These management modules further enhance vulnerability management by incorporating business asset risk. Risk and Compliance management is about understanding the business value as well as operational costs of an organisation’s assets; and the implications to the whole organisation if an asset is compromised or fails.

“SureCloud is committed to ensuring greater integration and understanding of Risk and Compliance for both IT and Business Decision Makers, and providing the right tools that are intuitive and easy to use,” said Mark Lascelles, Head of Product Development.

Increased functionality also enables IT managers to automate labour intensive manual processes; thereby expediting the process of compliance with standards such as PCI DSS and GCSx CoCo accreditation.

To find out more about SureCloud’s Risk & Compliance Management modules visit us at stand F92, Infosec, Olympia, London.

SureCloud has achieved its PCI Approved Scanning Vendor (ASV) re-certification, meeting the new stricter ASV Program Compliance Guidelines.

Significant PCI ASV service enhancements specified in the ASV Program Guide include: production of reports in the PCI SSC’s standard format; scanning all IP Ranges and Domains provided by the customer to detect active IP Addresses and Services (rather than just the specific IP Addresses provided by the customer); adoption of the Common Vulnerability Scoring System version 2.0 (CVSS 2) to categorise and rank vulnerabilities; and maintaining an internal quality assurance process for PCI ASV services aimed at continual improvement.

“Our commitment to our customers is to ensure that they can rely on us to simplify and de-mystify the compliance process and enable them achieve mandatory compliance, whatever market and regulatory changes occur, and without incurring unnecessary costs or delays,” said Richard Hibbert, CEO, SureCloud Ltd.

The PCI DSS v.2.0 is a multi-faceted international security standard covering people, processes and technology that must be adhered to by all organisations that store, process or transmit cardholder data or sensitive authentication data. It consists of a comprehensive set of guidelines and standards that are continually reviewed in order to combat the evolving global fraud & theft threat to the payment card industry.

For more information on PCI DSS v.2.0 changes contact customerservices@surecloud.com

SureCloud is pleased to announce that it’s PCI ASV Scanning solution – SureCloud PCI – has successfully completed the Testing Phase of the PCI Scanning Vendor Program. In recognition of this, SureCloud has been assigned the following PCI SSC Scanning Vendor Compliance Certificate Number: 4280-01-02

Nick Rafferty, Sales Director, commented that “successfully passing the PCI SSC Testing Phase is a testament to the quality of our Scanning Technology, which lies at the heart of all of our vulnerability management products. Our customers can purchase the same technology for use within their internal networks at a fraction of the cost of market leaders, without compromising on quality. Furthermore, the combination of vulnerability scanning and penetration testing from a single provider, simplifies the compliance process for our customers.”

SureCloud has entered into a strategic partnership with CACI Ltd enabling UK Government bodies to procure SureCloud’s solutions through Buying Solutions, the Government’s leading procurement service.

CACI Ltd has been awarded Buying Solutions ICT contracts in the areas of ICT Security Planning and Design, ICT Security Testing (covering vulnerability scanning and penetration testing), and ICT Security Investigation, and as such is authorised to provide solutions in these areas to Government bodies.

Paul Shelton of SureCloud commented “we are delighted to partner with CACI in this area, as a growing number of Government organisations are centralising their procurement functions around OGC Buying Solutions. This should simplify the buying process for many of our Government clients.”

Headquartered in London, CACI Ltd is a wholly owned subsidiary of CACI International Inc. CACI International Inc. is a publicly listed company on the NYSE with an annual revenue in excess of US $2.73bn and 12,500 people worldwide.

Paul Shelton has joined SureCloud as an advisor focusing on the development of strategic partnerships with global consultancies in the areas of IT GRC and Vulnerability and Threat Management.

Paul has lead an illustrious career holding senior leadership positions at PwC consulting, IBM Global Services and the Rose Partnership. Paul commented “it’s great to be working with a group of passionate professionals that not only have prior experience, but also have innovative ideas that will make a difference to the way organisation’s manage Information Assurance programmes”.