Host Dave Sobel engages in a thought-provoking conversation with Arik Solomon, CEO and co-founder of Cypago, a leading cyber governance, risk, and compliance (GRC) automation platform. The discussion delves into the challenges faced by organizations in the GRC space, particularly the reliance on manual processes despite the abundance of data available. Solomon shares his insights from his experience as CTO at Ernst & Young, where he recognized the need for technology to enhance the efficiency and sophistication of compliance services.
Solomon explains that Cypago operates at the intersection of cybersecurity and GRC, aiming to streamline the alignment of security programs with business requirements and regulatory standards. The technology developed by Cypago automates the collection and analysis of data related to security controls, enabling compliance officers and security leaders to gain meaningful insights into their organizations' security posture. This automation, however, raises concerns about the potential for a "checkbox culture," where organizations may rely too heavily on automated processes without meaningful engagement from human experts.
The conversation also touches on the evolving landscape of cybersecurity regulations, particularly in light of increased scrutiny from governing bodies. Solomon emphasizes the importance of establishing a baseline of minimum security standards while acknowledging the complexities of creating a universal compliance framework. He critiques existing regulations like GDPR, suggesting that a more effective approach would involve providing organizations with best practices and guidelines rather than rigid requirements that may not fit all scenarios.
As the episode concludes, Solomon highlights key trends to watch in the GRC space over the next 18 months, including the need for enhanced visibility into data management and the importance of having robust governance processes in place. He underscores that organizations must prioritize understanding where their data resides and implementing necessary security measures to protect it. This insightful discussion provides valuable perspectives for cybersecurity professionals navigating the complexities of compliance in an ever-changing regulatory environment.
💼 All Our Sponsors
Support the vendors who support the show:
👉 https://businessof.tech/sponsors/
🚀 Join Business of Tech Plus
Get exclusive access to investigative reports, vendor analysis, leadership briefings, and more.
👉 https://businessof.tech/plus
🎧 Subscribe to the Business of Tech
Want the show on your favorite podcast app or prefer the written versions of each story?
📲 https://www.businessof.tech/subscribe
📰 Story Links & Sources
Looking for the links from today’s stories?
Every episode script — with full source links — is posted at:
🌐 https://www.businessof.tech
🎙 Want to Be a Guest?
Pitch your story or appear on Business of Tech: Daily 10-Minute IT Services Insights:
💬 https://www.podmatch.com/hostdetailpreview/businessoftech
🔗 Follow Business of Tech
LinkedIn: https://www.linkedin.com/company/28908079
YouTube: https://youtube.com/mspradio
Bluesky: https://bsky.app/profile/businessof.tech
Instagram: https://www.instagram.com/mspradio
TikTok: https://www.tiktok.com/@businessoftech
Facebook: https://www.facebook.com/mspradionews
Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.
