Need Help Navigating the Regulatory Red Ocean? An Intelligent Solution May Be Your North Star

Along with rapid technological advances in cybersecurity, the scope of standards, frameworks, and regulations in this domain grows as well. This results from states and international standard organizations strongly focusing on professional standards in this area, as well as the implementation of new regulations intended to improve security across all types of organizations methodically and continuously. The goal is twofold: to prevent or minimize the organizations’ vulnerability to cyberattacks and to safeguard their sensitive information.

This has resulted in an onslaught of local and international standards, which must be complied with and managed by organizations. For example, a mid-sized American organization employing a few thousand employees may have to comply with five to ten standards, such as ISO 27001, ISO 27018, SOC 2, HIPAA, PCI DSS, FedRAMP, and more. In addition to the federal level, each state has its own local standards, and each industry develops specific standards – e.g., energy, defense, finances, etc. Today there are approximately 250 cybersecurity and information security standards around the world, and that list is only expected to grow. .

“This influx of standards, number of product lines in each company, and the complexity of today’s IT environment is a first-degree challenge for organizations. In fact, it’s consuming a significant amount of their already limited time, money, and resources,” says Arik Solomon, Cypago’s Co-Founder and CEO. Cypago is an Israeli-based company that developed an intelligent compliance automation platform. The platform enables organizations to meet the compliance needs associated with their cyber security programs, with support for various frameworks and standards. Solomon founded the company together with his partner, Yahav Peri, a former officer in the IDF Unit 81, who led and commanded development teams and classified projects, including the elite cybersecurity IDF training ARAM.

“The security and compliance challenges grow more difficult with time, especially as the adoption of hybrid multicloud infrastructure and services increases and more and more sensitive data is distributed across disparate environments. What’s more, the requirements are constantly expanding and changing. This is greatly burdening businesses, especially today when they must do more with less resources. In business, this is commonly referred to as , semi-humorously, ‘the pain in the neck,’ also to hint at a serious bottleneck”, Solomon adds.

Prioritizing gaps and risks

Cypago’s intelligent, SaaS-based compliance automation platform provides a deep and comprehensive view of an organization’s security and compliance posture, with support for all common standards and regulations found across Israel, Europe, and the US. The platform is based on advanced technology, including AI. It allows for the input, processing, and analysis of compliance related information from the organization’s on-premises and cloud-hosted systems and tools. This level of automation is essential for establishing a proactive and highly efficient approach to achieving and maintaining compliance. . “What was once done manually in Excel spreadsheets and required countless hours of information analysis and processing, is now fully automated”, says Solomon. “Cypago determines which information must be read, and then analyzes it and presents an overview of all security layers and their level of compliance with the various standards. The goal is to help organizations accelerate their business goals while maintaining security and privacy of their customers’ information”.

What do you do with the results?

“Cypago identifies any gaps found and prioritizes the important ones, surfacing where risk is the greatest. It not only determines which gaps must be mitigated, but also indicates if a new system or process is necessary. For example, Cypago offers intelligent-based risk reduction steps, such as creating more complex employee passwords. To accomplish this, the platform critically reviews all permissions in a unique model, providing streamlined automation and removing the need for time-consuming processes. Cypago also manages the implementation of compliance requirements in collaboration with both internal and external auditors, as required by regulation. Security and compliance is not a one and done event. Even if an organization's current state is considered good, it must perform ongoing monitoring in order to address changes within the IT environment and/or the compliance regulations themselves. Thus, the Cypago platform was built for proactive, continuous compliance, enabling organizations to protect their sensitive data”.

What is the business model?

“We operate in the cloud and follow a SaaS-first model. We offer customers flexible annual or multi-annual subscription options. Our capabilities are wide and deep, and we provide varied options to verify compliance, as opposed to point tools designed for . a limited number of standards”.

An answer to a real pain

Solomon (48, married + 5) is an IDF Unit 8200 veteran, where he served as a team lead. He is a software developer by training, and after his discharge from the military, he held various positions in both the public and the private sectors. He served for approximately ten years in managerial roles in the Israeli Prime Minister’s Office’s offensive cyber unit, where he participated in several key events during the time when the local cyber scene was rapidly growing. At the same time, he supported several social projects, such as the “Magshimim” (“Realizers”) Project – a cyber study program for promising youth in Israel’s periphery, which was intended to increase the number of candidates to IDF cyber units, as well as for other defense-related tasks. In general, he values social activity’ and he is one of the founders of the “Mitzpe Ilan” town, named after Ilan Ramon of blessed memory and located between the towns of Harish and Katzir on the Iron stream.

After his public service, Solomon served as the CTO of the Ernst and Young (EY) consulting firm’s cyber center, where he specialized in providing advanced cyber services to companies, especially in the US. In that role, he focused on ensuring EY’s cyber programs’ compliance with regulatory requirements. It was during this time he was exposed to the significant efforts companies invested in order to adapt to information security and cyber standards. He discovered that the processes intended to ensure compliance with the various standards, regulations, and contractual obligations related to information security, confidentiality, and privacy – are exhausting, time-consuming, and inefficient.

Following the initial identification of this problem , in early 2020 Solomon reunited with Peri, whom he knew from his defense work. The two began developing Solomon’s initial idea and combined it with Peri’s technology. Together, they followed the classical path of an Israeli start-up: developing the idea and an initial model in “the garage”, working with clients and partners, raising initial funds, and then going to market with the full product.

“The first version was marketed in 2022, and then everything exploded, positively so. “We reached dozens of clients within a short time”, recalls Solomon. “I assume success arises from discovering a crucial need where there is no solution to a real pain”.

Working with mature companies operating in a complex environment

Today, Cypago employs approximately 25 employees, mostly in Israel. At the same time, the company operates in the US, its primary target market, and it intends to recruit more employees there. “This is a very diverse company, including not only the ‘immediate suspects’ of IDF Unit 8200 veterans”, Solomon emphasizes. “Moving to hybrid work following COVID-19 permitted us to employ geographically varied employees, not only from Tel Aviv. We have employees residing in the Golan Heights, Afula, and Jerusalem. We will continue such hiring practices into the future as well”.

You are an Israeli company mostly working with the American market. Are there cultural and work hour gaps? By the way, will you remain an Israeli company?

“There are no significant gaps in the business culture, as I and all other employees understand American culture and its business code. Regarding time differences, this is a price, but we are a growing start-up company, and we are willing to pay for it. As for your question – we are proud to be an Israeli company”.

Do you have competitors?

“There are toolss intended for very early stage start-upsr that are looking for more point-in-time compliance with one or two standards. We approach mature companies, which work in a complex environment of standards, products, and geographies and are focused on establishing robust, continuous security and compliance programs ”.

What is your vision?

“We will be the leading vendor in the compliance automation and management field. We will continue to deepen our Cyber GRC offerings across various standards, risk management, and compliance mandates. Currently we focus on risks and compliance, and are actively expanding to a comprehensive platform of related solutions. Likewise, we’re on track to become the primary and leading compliance automation platform, in the field of Cyber GRC, designed for organizations seeking to establish and maintain mature security and compliance programs. Currently, nine out of ten companies perform security and compliance readiness processes manually. Thus, the market is vast, and we have a lot of room to grow”.

In collaboration with Cypago