Sevco Security

How Sevco Security’s Future-Focused Approach Provides Verified Security, Not Just a Snapshot

Company: Sevco Security

Location: Austin, TX, USA

You don’t need a snapshot of security. You need security and verification. Why would people trust a point in time versus what’s continuous? I think products like this are the future, it’s not just compliance for compliance’s sake; it’s ensuring continual compliance and giving your customers the transparency to see it.

James “Darb” Darby
Field Operations and Chief Security Officer

The Company

Sevco, an asset intelligence platform, dreams that security can be verified

Sevco Security is the industry’s most accurate asset intelligence platform; they help companies close security gaps, support incident response, and maintain continuous compliance.

James Darby, known as Darb by his colleagues, manages field operations, MSSP partnerships, and security for Sevco Security. No stranger to the startup or security scene, Darb and his founding partners have managed and achieved multiple SOC 2 certifications for their previous organizations like VMware Carbon Black.

Darb and the Sevco team knew they wanted to achieve SOC 2; but to them, compliance and security are more than just achieving a certification. They wanted a way to continually verify their security posture—screenshots of points in time wouldn’t cut it.

“In the past, we had been doing compliance for compliance’s sake—you had to have a SOC 2 to play. That’s really the wrong attitude. We wanted something that would ensure continuous compliance that our customers could see.”

The Challenge

Finding the partner to eliminate “snapshot” security

Darb and his team had successfully managed “the manual shuffle” that comes when working to achieve a SOC 2 certification in the past.

“Manually achieving SOC 2 was one of the most cumbersome processes I’ve ever gone through. This time, we wanted an automated plan to get from A to B that would give us a status as we went along and be continuous even after our audit.”

Immediately, Darb started doing research into the space to find a vendor that would support their desire for compliance that was more than a “check-the-box.”

“I evaluated six products before I selected TrustCloud. I think products like this are the future; It’s not just compliance for compliance’s sake, it’s ensuring continual compliance for you and your customers to see.”

After thorough evaluations which included discussions with auditors, Darb selected TrustCloud as Sevco’s partner.

“I needed core functionality and solid integrations to automate as much as possible, TrustCloud had all of that. Plus, the customer success team was just awesome. We had done the whole manual shuffle in the past, we came to TrustCloud because we wanted something automated that could run continuous checks for us.”

The Solution

An AI-powered platform with rich integrations

Over a six-week period, Darb worked with the TrustCloud team to set up their account and prepare for their SOC 2 audit. This period included connecting their integrations, mapping out the frameworks for their business, and even completing a trial audit to assess for any gaps.

“After setting up our account and addressing the feedback from our trial audit we were ready to complete our SOC 2 Type 1, our auditor had almost no questions for us. When we went for our Type 2 our auditor mentioned how much easier these tools make the process.”

Now, Darb and the Sevco team are completing their second Type 2 accreditation period with confidence. Darb mentioned, “we really have very little interaction with our auditors, they log in, see what they need to see, and that’s it. In the past, I was talking to the auditors nonstop.”

Darb and the team at Sevco Security achieved more than just a certification through their TrustCloud partnership, they have transformed the culture of security at Sevco. As an advocate of transparency and accountability in security, Darb is leading by example doing what he believes every business should be doing.

“With TrustCloud, it’s not just me sending a snapshot of a tool like AWS, it’s the tool scanning our systems and verifying that we are maintaining a secure environment in accordance with SOC 2 and it’s up to date right now. It gives us and our customers a way to verify that we are doing what we say we are.”

The Future

Security becomes a team sport

“Darb and the Sevco team have successfully created a program that assures and verifies security and compliance throughout their growth journey. However, the maintenance required to uphold this strong posture does not fall solely on the shoulders of someone like Darb.”

“I no longer have a massive control spreadsheet and have to project manage different owners, now they get a notice that their control is coming up for renewal and they correct it. All I have to do is monitor the dashboard. The continuous monitoring and ability to delegate the responsibility for controls to the person that actually owns it has been incredible.”

“With TrustCloud in place, Sevco Security reinvests hours that would have been spent managing their security and compliance into serving their customers.”

“The business of Sevco is asset intelligence and that’s what we should be doing. With TrustCloud we have stronger security and compliance but spend less time tracking it. It helps us get back to creating the best product for our customers.”

What TrustAssurance means to Sevco Security:

“To me, Ronald Reagan explained trust assurance perfectly: ‘trust, but verify.’ Everyone in our company wants to do right, but we’re moving fast. TrustCloud is actually assurance that we are doing what we should be for our customers, they shouldn’t just blindly take our word for it.”

Advice from James Darby

“Do your due diligence, identify who owns your systems, and get on an automated tool like TrustCloud fast. It’s going to cut down the amount of time that you spend getting your SOC 2 by two-thirds. You’re going to move a lot faster and more comprehensively. We’d done this before, we thought we were prepared and then TrustCloud gave us a pretty large list of things we had overlooked.”