Global Crypto Payments Processor Gains Solid Security Foundation While Streamlining SOC2 Compliance

Contact SalesCase Study Case Study Summary

Case Study

Crypto  illustration

Region

Global

Industries

Fintech; Cryptocurrency Payment Processor

Goal

Build a strong security program and simplify SOC 2 compliance.

Result

The VGS Platform and Control provide a solid foundation for this crypto payments processor to enhance its security program and achieve SOC 2, Type 1 compliance in less time and at a lower cost.

Background Icon

Background

The crypto space is notorious for its security precautions. But the potential for big rewards makes crypto players a tempting target. With a growing customer base of over a million users globally, this Cryptocurrency Payment Processor decided it was time to take the next step in its security posture.

Challenge Icon

Challenge

This leading Crypto Company felt confident its security was in a good spot. But could they prove it? At this point in their success, the team started questioning whether they had the right security processes and policies in place. Did they have the right procedures to respond to outside hackers? If an attack were to take place, would they be able to manage their employees through such an incident? Did they have the right processes in place to properly offboard a developer? Were they confident they could restrict developers’ access to the production environment? As the firm started to ask more questions they couldn’t answer, they realized they might need some outside help.

Solution Icon

Solution

After discussing its challenges with VGS, the Company determined that it could strengthen its security posture with VGS Control for SOC 2. While some companies view SOC 2 as a point-in-time compliance event, this Cryptocurrency Company shared the same philosophy as VGS. Both agree that security is a journey and being compliant is the outcome of adopting, building, and maintaining the right security controls, policies, and procedures. This security-first philosophy is the reason VGS Control for SOC 2 provides 100% of what auditors require for compliance, compared to other vendors that typically cover 50% or less.

VGS Control acts as the translation layer for organizations between SOC 2 (and other compliance frameworks such as PCI and ISO 27001), and auditors who review evidence and certify compliance. With Control, the firm would no longer need to worry about complex legalese, writing policies, or manually running endless security checks.

Automated tasks simplify compliance work and keep development humming

Tasks are the core of where security and compliance work happen. Every security control has prescriptive tasks associated with it. During an audit, all tasks must have either evidence or a note attached for an auditor to demonstrate the control is in place. The auditor will either accept or reject the evidence. If the evidence is rejected, the person assigned to the task needs to follow up with additional context or evidence.

The Company recognized that VGS Control was uniquely different from other solutions as VGS Control automates the entire task workflow. For example, a task to develop an incident response policy can be assigned to someone in the organization with no prior security or compliance background by simply selecting a prepacked template through the VGS Dashboard. All the work to translate the legalese into security requirements, develop the policy, assign and manage the task is automated.

VGS Control also automates evidence collection through direct integrations with their parties including AWS, Github, Azure, Okta, and more. Also, by using VGS Control, the Company can assign remediation tasks to junior engineers rather than senior developers so the Fintech Company can accelerate product development.

Continuous monitoring of security controls eliminates surprises, simplifies audits, and saves money

VGS Control continuously monitors security tools, collecting evidence and reporting if there are any gaps. Monitoring and remediating any gaps in a continuous manner means there won’t be any surprises for the Company during their actual SOC 2 audit. It also means the Company won’t have to pay for an outside SOC 2 gap readiness assessment which can take 4-6 weeks and cost at least $15,000. Finally, the SOC 2 audit itself will cost less given the controls will be firmly in place.

Result Icon

Result

This Crypto Company now has a solid foundation upon which it can build its security program while at the same time reducing SOC 2 and other compliance-related costs (such as PCI). VGS Control is taking care of over 75% of previously manual compliance and security work, so this Cryptocurrency Payment Processor can focus on growing its business.

Ready to Get Started?

Create an account and instantly get access to the tools you need to implement real payment data security, achieve fast compliance, and optimize your payments. It's free to get started, and in less than 10 minutes, you'll set a new baseline security and compliance posture.

Request a DemoContact Sales
Rocket icon

Recommended Case Study

Routing Optionality Saves Money and Optimizes Engineering Efforts

Read More