Today, VGS reaffirms its commitment to delivering best-in-class payments infrastructure by announcing our partnership with Drata, the industry leader in risk and compliance automation. As the largest cloud-based tokenization platform, VGS powers the flow of the world’s sensitive data and our customers trust us to continue to deliver modern solutions to keep their data moving freely, securely, and compliant.
VGS and Drata have partnered to deliver joint payment data security and privacy solutions to enable customers to achieve and maintain strong security and compliance programs. With evolving threats to data and increasing privacy regulations, a robust security and compliance posture have become essential and a priority to an organization’s infrastructure and budget. Automation is great, especially when it disrupts a historically debilitatingly manual effort – achieving, managing, and maintaining compliance. But, customers still had to take on the burden of needing to self-manage and self-secure raw data in their CDEs, Data Lakes and Data Warehouses...
Our Solution: Modernized Compliance
Modernized Compliance by VGS & Drata is the future of security and compliance automation, offering a revolutionary approach that eliminates compliance work by abstracting away up to 95%* of scope from an organization’s technical environment. Our shared mission is to revolutionize how businesses achieve and maintain continuous compliance on frameworks such as SOC 2, GDPR, ISO 27001, PCI DSS, and more; providing the only way to actually help eliminate compliance work altogether—without sacrificing security.
While other point solutions merely ‘manage’, Modernized Compliance by VGS & Drata fundamentally changes how organizations solve compliance issues by addressing the root cause of compliance overhead – the need to safeguard sensitive data. We go beyond automation to de-scope up to 95%* of a client’s network from sensitive data; thereby offloading risk and data liability – eliminating compliance work and streamlining an organization’s audit.
How Do We Do This?
- Eliminating Risk: Sensitive data is securely collected and tokenized before it ever touches your system; completely shielding and de-risking your environment from data theft. Aliased data is stored securely with AES-256-GCM encryption and state-of-the-art key management.
- Eliminating Scope: Tokenized data minimizes scope. When you offload sensitive data, you immediately de-scope your business from up to 95%* of data-handling controls—streamlining your audit. By eliminating your technical environment from the assessment scope, you can decrease your overall risk posture with minimal effort.
- Accelerating Compliance: Since we remove your exposure to sensitive data, we've fundamentally changed, and expedited, how auditors go about reviewing your controls and evidence. Reducing the number of checks an auditor has to perform during your assessment dramatically accelerates an organization’s audit readiness.
- Reducing Security Spend: Securing sensitive data typically requires diverting critical resources away from revenue-generating projects, but offloading that burden with Modernized Compliance gets you back to your core business. A customer no longer needs to develop and maintain a PCI-compliant infrastructure, which significantly cuts their security spend and no exposure to sensitive data means you're not liable for costly data breaches, potentially saving millions in fines in the long run. This joint solution helps to waive the inherent need for additional security spend on everything from expensive headcount, pen testing, database-level encryption, and third-party point solutions for DLP, SIEM, EDR/MDM.
The VGS and Drata partnership creates the most comprehensive Payment Data Security & Compliance Infrastructure in the industry; combining the leading cloud-vaulting capabilities of the VGS Platform with Drata’s powerful suite of centralized governance and compliance automation tools.
We are thrilled about the launch of this partnership and will be sharing more information over the coming weeks, so stay tuned! To learn more about this partnership, drop us a line at partners@vgs.io or feel free to use our contact us.
*Scope reduction figures for PCI-DSS Level 1 compliance with VGS Vault. VGS eliminates the burden related to 10 of 12 of the PCI Security Controls related to security and infrastructure.