Yet, the process is often complex, and, for SaaS companies, it can be hard to navigate and lead to significant challenges. That is until Meiran Galis, CEO and Founder of Scytale, developed a new way to help companies automate compliance.
High Tech on the Low hosted by Jordan Kastrinsky, is on a mission to make high tech accessible to the world. In my podcast, I explore the many different facets of the world of high tech from development to marketing, to sales, to entrepreneurship and more! With society turning ever more towards technological solutions to make processes more efficient and secure, it is important, now more than ever, that we unite the high-tech sector's collective resources under one roof to reap the benefits of this knowledge-sharing. There is so much opportunity out there to grow within the industry that we must provide the tools through which to do so.
For better or for worse, the reality is that compliance is a growing trend in the SaaS and cyber realms. With it, comes the fact that auditors and other regulators are looking to ensure that companies uphold compliance standards. This means that if companies do not comply, well, then the alternative does not look so good. Non-compliance can lead to delays, unexpected pivots, and unfortunately, even closures. Meiran Galis was working at EY Israel when he caught wind of this uptick in compliance and saw an opportunity
Meiran noticed that companies were demanding compliance help, urgently as much as regulators were cracking down. “I just saw the need and saw how exhausted CISOs, and CTOs were from the process [of compliance] and I really felt I could do it better,” added Meiran. Today, in many industries, compliance is normally regulated by an annual basis audit where a company is reviewed only once per year. In comparison, SaaS companies are subject to much harder scrutiny through internationally regarded standards such as the SOC 2, the rating of choice in the US, and ISO 27001, which is popular in Europe. These gold standards of the industry force companies to follow various steps to be considered compliant.
Compliance controls, as Meiran describes, are the methods various companies use to ensure adherence. “Most basic thing is we can take code reviews for developers. When you’re a small or big company, code reviews [may] not be mandatory. As part of SOC 2 compliance, a chain management process is mandatory. So, for someone who needs to configure this code for the platform - this is crucial.” This type of system that someone would develop in light of SOC 2 regulations then needs to be accurately transmitted to the rest of an organization’s development team to ensure uniform compliance throughout the process. Seeing the complexity of the whole system, Meiran saw his opportunity and began Scytale as a compliance consulting company, providing services for the same type of companies he met during his time at EY.
Eventually, Meiran realized that while services are profitable, he could make a bigger impact by creating a product that helps companies with their overall compliance needs. Soon after that, Meiran began his development of Syctale’s compliance platform that simplifies the process with automated evidence collection and 24/7 control monitoring. The goal is to reach SaaS companies in growth that need a quick and reliable way to meet the correct standards, specifically the SOC 2 standard used in the US. And Meiran makes it clear that the future of SaaS is compliance, so companies should start now while they can.
“You need to have processes documented. This is something companies need to understand. This is part of the journey of compliance and growth. Once you want to sell to big companies, corporations, and large enterprises, this is crucial to growth. But we know it doesn’t have to take as long as it used to.”