The Cequence Unified API Protection solution is the only offering that addresses all phases of the API protection lifecycle to defend APIs from attackers and eliminate unknown and unmitigated API security risks that can lead to data loss, fraud and business disruption.
Akitra was able to provide an automated compliance solution, including extensive access to Akitra’s support team, which made it easy for Cequence to get recertified for SOC 2 within 30 days.
Customers in Cequence’s target market, such as banks and online retail companies, expect the company to be compliance certified – it’s a baseline requirement. Cequence was looking for an automation tool that would help them get re-certified for SOC 2 Type 1 within a tight 30-day schedule. Given the deadline, said program manager Cindy Haynam, “our need was dire!”
Cindy had led a PCI re-certification project for the company several months earlier, using the traditional manual compliance audit readiness approach with spreadsheets for tracking tasks, endless file transfers, and the lack of a common data repository between client and auditor. The biggest drawbacks were communication between her and the auditors, trying to keep track of project tasks with spreadsheets, and keeping spreadsheets in sync as multiple people added edits. The whole effort was tedious and very time-consuming. As Cindy commented, she and the rest of the Cequence team would far rather spend time on more value-added work.
Given the PCI experience, Cindy was eager to find an automation solution that would take as much as possible of the inefficient manual work out of compliance.
Cequence had an existing set of SOC 2 policies that they wished to continue to use for their recertification. Akitra integrated these into its compliance platform and mapped them to all the controls required to implement the policies to SOC 2 standards.
Akitra’s Customer Success team ensured that Cindy got the level of support she needed. “Throughout the compliance readiness phase, I relied heavily on Akitra’s expertise – for example, telling me which controls mattered most and how to match the right evidence with any gaps. Akitra spent hours with me, and it was extremely beneficial.”
Cindy cited Akitra’s assistance with the external audit phase as well. She said that she only had to meet with the auditor a single time, for the kickoff
with the lead auditor. “Akitra took it from there,” she said.
“It was great to not have to worry about the audit.”
Along with the successful completion of the audit and receiving SOC 2 certification on time, the time saved with Akitra’s automated compliance process was a huge benefit for Cequence. “By using the Akitra automation platform, I’d say that it reduced my workload for compliance recertification by about two-thirds,” Cindy estimates. “And it also saved tremendous time for others in the company, especially the SaaS Ops team, so they could focus on the complex problems that are their real work.”
Some of the key sources of time savings include automated evidence collection, structured task management, improved team coordination by having everyone on the same page, and reduced rework from errors or omissions.
Cequence also expects to use Akitra for other compliance needs.
