It all started when Craig Unger started working at Microsoft. While working on developing Microsoft Passport, Microsoft’s largest and critical cloud services, independent organizations filed a complaint with the Federal Trade Commission (FTC) to investigate the company. After almost a year of several debates, Microsoft and the FTC arrived at a mutual agreement that included intense and comprehensive auditing of Passport services. These audits were so disruptive, they effectively stopped all work on product development. Once Craig left Microsoft to co-found Azuqua, a company specializing in cloud and integration workflow. He found himself facing compliance challenges yet again and was bombarded with complex spreadsheets & questionnaires about how they designed, built, and operated their services. Soon after filling out the 200-question reports dozens of times, Craig and his team of 20 members began pursuing SOC 2 Type 1, SOC 2 Type 2, and eventually GDPR certifications—another tiresome process. Craig realized that whether it was a giant like Microsoft or a startup like Azuqua, it was the same incongruous process revolving around emails and spreadsheets. To streamline this manual, error-prone, and redundant process, Craig formed Hyperproof. Established in 2018 by Founder and CEO Craig, Bellevue WA- based Hyperproof is a compliance operations software company that, with its ahead of its times’ technology, makes building out and managing information security frameworks easy by automating repetitive compliance operation tasks so businesses can focus on the bigger things. The Hyperproof solution also offers powerful collaboration features that make it easy for teams to coordinate efforts, collect evidence, and work directly with auditors in a single interface. With Hyperproof, businesses get a holistic view of their compliance programs with progress tracking, program health monitoring, and risk management.
In an interview with Perceptivx, Craig shared how Hyperproof is building trust with security assurance.
Perceptivx (P): Can you give us an overview of Hyperproof?
Craig Unger (C): “Hyperproof is a B2B startup that builds software for compliance, risk, and security assurance professionals. We develop software that makes compliance efforts and audit processes dramatically simpler and faster. Hyperproof serves as a system of record for an organization’s compliance and risk data and gives teams involved in compliance the tools they need to collaborate with stakeholders in and outside of their organization. With this innovative approach, we’re able to help organizations meet their highest aspirations and demonstrate their commitment to protecting their customers, shareholders, partners, and suppliers along with the greater community. Some of our biggest clients are Netflix, Motorola, Highspot, Nutanix, Chime, Instacart, 3M, ForgeRock, and Digicert. We have partnerships with numerous CPA and MSSP firms. Some of our partners are Schellman, The Bonadio Group, Risk/Response, and Omnistruct.”
(P): Can you tell us a bit about how Hyperproof software works, its features, and its benefits?
(C): “Hyperproof’s cloud-based compliance operations software is specifically built to manage compliance activities and risks day in and day out. The platform supports any cybersecurity, data privacy, and risk management frameworks a company wants to adhere to and helps users identify and map the common controls that can satisfy multiple frameworks. Hyperproof provides a highly efficient system for managing evidence centrally, allowing evidence to be easily reused for multiple audits and across business units/product groups. Organizations can save a tremendous amount of time by using Hyperproof’s built-in tools to automate evidence collection, control monitoring, and project management chores. Moreover, our platform has been designed with a “continuously compliant” approach so that teams can be ready for a spot audit at any time. We believe that to mitigate risks continuously, organizations need to re-assess their risks often and ensure they have a set of controls implemented that are operating effectively to mitigate those risks. Our compliance operations platform makes it easy for security and assurance teams to understand their current state of compliance while helping them identify and plan what to do next. It helps people get things done efficiently, with automation and in iterations. It also helps them measure how they’re doing and identify areas for improvement. We believe that by taking this iterative, agile, and proactive approach, organizations become much more protected than otherwise.
The success of the Hyperproof platform can be seen in the likes of Clarifire, a SaaS company, which reduced their audit prep time by 50% for their compliance team and reduced the impact of compliance work on business stakeholders by 66%: https://hyperproof.io/case-studies/clarifire/. Similarly, Oministruct, a Managed Security/Compliance Service Provider, used Hyperproof to increase their consultants’ capacity to serve clients by 6.6x and helped consultants speed up the completion of gap assessments by as much as 3 months: https://hyperproof.io/case-studies/omnistruct/.We have been listed in the CyberTech100 —The world’s most innovative CyberTech companies that every financial institution needs to know about in 2021, and the Top 10 Cybersecurity Startups by Cyber Defense Magazine.”
(P): Covid-19 brought the entire world to a halt. What was your strategy to continue working amidst the pandemic?
(C): “Although Hyperproof was still relatively new as a company when the pandemic began, we wanted to do everything we could to help struggling businesses. In order to help organizations, stay compliant with disparate data privacy regulations during that challenging time, Hyperproof offered our continuous compliance software subscription at no cost. As for internal changes, we navigated towards becoming a remote-only company. This choice stemmed from the preferences of our employees as they found it gave them more flexibility while keeping them safe during the pandemic.”
(P): How does the business look like in the post-pandemic phase? What do you aim for?
(C): “Nowadays we are facing competitive risk. There’s a lot of GRC vendors in the market and the market has become more crowded over time-and some of the software companies have raised a significant amount of capital in 2021. We will overcome it by continuously innovating and approaching all that we do by keeping customer needs, preferences, and behaviors at the center of it all. This is something I’ve always appreciated about our company culture: no matter what role each of us plays, we’re all thinking about our customers and how each of us can improve the customer experience. We like to start with customer needs and work backward. We’re also a really collaborative team; we prioritize succeeding as a team and an organization over-optimizing for individual objectives.
Going forward, we plan to grow rapidly in 2022, expanding across North America and in the EU, so we can help way more organizations build effective compliance programs and mitigate risks—and ultimately ensure a sanitized environment as free from bad actors as possible.”