facebook noscript

Announcing VGS’s Partnership with Drata

June 22, 2023

Announcing VGS’s Partnership with Drata

Today, VGS reaffirms its commitment to delivering best-in-class payments infrastructure by announcing our partnership with Drata, the industry leader in risk and compliance automation. As the largest cloud-based tokenization platform, VGS powers the flow of the world’s sensitive data and our customers trust us to continue to deliver modern solutions to keep their data moving freely, securely, and compliant.

VGS and Drata have partnered to deliver joint payment data security and privacy solutions to enable customers to achieve and maintain strong security and compliance programs. With evolving threats to data and increasing privacy regulations, a robust security and compliance posture have become essential and a priority to an organization’s infrastructure and budget. Automation is great, especially when it disrupts a historically debilitatingly manual effort – achieving, managing, and maintaining compliance. But, customers still had to take on the burden of needing to self-manage and self-secure raw data in their CDEs, Data Lakes and Data Warehouses…

Our Solution: Modernized Compliance

Modernized Compliance by VGS & Drata is the future of security and compliance automation, offering a revolutionary approach that eliminates compliance work by abstracting away up to 95%* of scope from an organization’s technical environment. Our shared mission is to revolutionize how businesses achieve and maintain continuous compliance on frameworks such as SOC 2, GDPR, ISO 27001, PCI DSS, and more; providing the only way to actually help eliminate compliance work altogether—without sacrificing security.

While other point solutions merely ‘manage’, Modernized Compliance by VGS & Drata fundamentally changes how organizations solve compliance issues by addressing the root cause of compliance overhead – the need to safeguard sensitive data. We go beyond automation to de-scope up to 95%* of a client’s network from sensitive data; thereby offloading risk and data liability – eliminating compliance work and streamlining an organization’s audit.

How Do We Do This?


  1. Eliminating Risk: Sensitive data is securely collected and tokenized before it ever touches your system; completely shielding and de-risking your environment from data theft. Aliased data is stored securely with AES-256-GCM encryption and state-of-the-art key management.
  2. Eliminating Scope: Tokenized data minimizes scope. When you offload sensitive data, you immediately de-scope your business from up to 95%* of data-handling controls—streamlining your audit. By eliminating your technical environment from the assessment scope, you can decrease your overall risk posture with minimal effort.
  3. Accelerating Compliance: Since we remove your exposure to sensitive data, we’ve fundamentally changed, and expedited, how auditors go about reviewing your controls and evidence. Reducing the number of checks an auditor has to perform during your assessment dramatically accelerates an organization’s audit readiness.
  4. Reducing Security Spend: Securing sensitive data typically requires diverting critical resources away from revenue-generating projects, but offloading that burden with Modernized Compliance gets you back to your core business. A customer no longer needs to develop and maintain a PCI-compliant infrastructure, which significantly cuts their security spend and no exposure to sensitive data means you’re not liable for costly data breaches, potentially saving millions in fines in the long run. This joint solution helps to waive the inherent need for additional security spend on everything from expensive headcount, pen testing, database-level encryption, and third-party point solutions for DLP, SIEM, EDR/MDM.

The VGS and Drata partnership creates the most comprehensive Payment Data Security & Compliance Infrastructure in the industry; combining the leading cloud-vaulting capabilities of the VGS Platform with Drata’s powerful suite of centralized governance and compliance automation tools.

We are thrilled about the launch of this partnership and will be sharing more information over the coming weeks, so stay tuned! To learn more about this partnership, drop us a line at partners@vgs.io or feel free to use our contact us.

*Scope reduction figures for PCI-DSS Level 1 compliance with VGS Vault. VGS eliminates the burden related to 10 of 12 of the PCI Security Controls related to security and infrastructure.

Stefan Slattery

Stefan Slattery

Head of Growth Marketing

Linkedin Icon

You Might Also Be Interested In...

Very Good Security Announces Support of Open Finance Data Security Standard (OFDSS)
Data Security
Very Good Security Announces Support of Open Finance Data Security Standard (OFDSS)

Today, Very Good Security (VGS) reinforces an even greater commitment to protecting the world’s sensitive data by announcing support of the new Open Finance Data Security Standard (OFDSS). Since 2015, VGS has been committed to helping companies secure their most sensitive data and has always stood firm that the protection of consumer information is the preeminent security priority to any company operating in financial services.

August 24, 2022
Announcing Very Good Security’s Partnership with Plaid
News
Announcing Very Good Security’s Partnership with Plaid

Security and Connectivity for the Fintech Ecosystem

In today’s rapidly evolving fintech ecosystem, foundational building blocks like data security and connectivity to financial institutions are prerequisites for building valuable fintech products. However, these building blocks are rarely companies’ core competencies. Just as modern fintechs are no longer expected to build their own one-off integrations with financial institutions, they shouldn’t be expected to build data security and compliance solutions from scratch when it isn’t their focus.

November 25, 2019
How the AWS Shared Responsibility Model Revolutionized Compliance and Data Security
Data Security
How the AWS Shared Responsibility Model Revolutionized Compliance and Data Security

There’s no doubt about it: Compliance and data security are expensive, time-consuming, and stressful. And there’s a reason for that.

Traditional methods don’t make it easy for companies to become compliant and protect user data. For crypto startups like Gem or leading marketing platforms like Fivestars, securing customer data security is mandatory – but it’s often cost-prohibitive and distracting.

August 27, 2021