Blog Posts

Carbide’s 2022 in Review

Carbide’s 2022 in Review

It’s been a whirlwind of a year here at Carbide! With big changes to our brand, developments in our platform, and enhancements to our services, 2022 was one for the books!

Take a walk down memory lane with us and check out some of the highlights of the past year.

In Carbide’s 2022 in Review, you’ll find:

Introducing Carbide!

We kicked off 2022 with a bang by announcing our new name – Carbide. 

The Carbide name is inspired by Cape Breton, Nova Scotia’s historic role in the mining industry where carbide lamps were an essential tool to illuminate the path ahead – Carbide aims to do the same for high-growth SaaS companies as they navigate the ever-changing information security landscape.

The rebrand from Securicy to Carbide brought with it a fresh look and feel to our platform and our company. But under the hood, our vision and purpose remains the same – to provide startups and high-growth companies with the tools and services to build a robust and comprehensive security program that is designed to scale with you as you grow and continually help you meet the requirements of security frameworks and regulations. 

2022 Awards

Our platform and team’s dedication to providing fast-growing businesses with enterprise-class information security and data privacy solutions was recognized with a variety of awards this past year:

Cybersecurity Excellence Awards 

We were named the GOLD winner for “Best Compliance Solution” and the SILVER winner for “Best GDPR Compliance Solution.”

Cyber Defense Magazine Global InfoSec Awards

Carbide received the Hot Company – Privacy and Security Software (SMB) award.

IT World Canada – Canadian Chapter of Women in Security & Resilience Alliance

Our very own VP, Customer Success, Katherine Isaac, was named a Top Woman in Cybersecurity amongst an esteemed list of women who have advanced the Canadian security industry.

New Features Released in 2022

Throughout 2022, the Carbide team was hard at work innovating and improving our platform and services to fast-track your compliance goals and strengthen your privacy and security posture. 

In-Platform Cyber Security Awareness Training 

In May we announced our strategic partnership with NINJIO, the premier “customer’s choice” cybersecurity awareness training company. This collaboration enhanced and expanded the library of security and privacy training resources available directly in the platform. As a result, Carbide customers now have access to dozens of general, framework- and/or regulation-specific training units that outline practical, actionable steps and core principles critical to sustaining a strong security and privacy posture. 

Carbide users can launch a security awareness program, assign different courses to employees based on department or group, track progress and quiz results, identify employees in need of additional support, and introduce fresh content when needed.

Updates to framework and/or regulation requirements are delivered automatically based on existing industry preferences to ensure customers are always up to date and can be confident in the state of their security training program at any time. 

Organizational Controls and Domains

We launched the Carbide 12 Security and Data Protection Domains and 16 associated Organizational Controls in August. These platform enhancements simplify how you organize and embed security and privacy best practices into the DNA of your organization, operationalizing them at the strategic, operational, and tactical levels. Carbide Domains and Organization Controls support you as you evolve your program and/or pursue compliance against multiple frameworks or regulations.

Our 12 Security and Data Protection Domains and 16 associated Organizational Controls were developed through an analysis of thousands of requirements embedded in regulations, dozens of industry-leading frameworks such as NIST and ISO 27001, common contractual obligations, and evolving industry best practices.

Dashboards and Widgets

We also released enhancements to our Platform dashboard and widgets. These updated tools give users an at-a-glance and easily customizable look at the current state of the security posture, whether there are outstanding tasks, or gaps that need to be remediated to comply with security framework requirements.

Continuous Cloud Monitoring

This highly anticipated Platform update provides automated security monitoring, security assessments, and remediation of your AWS  and Azure cloud environments. Carbide’s cloud monitoring services collect monitoring and operational data to provide you with security information and actionable insights on your cloud environment.

Aligned with Carbide’s DRIVE (Design, Review, Implement, Validate, and Evolve) methodology, Carbide Cloud Monitoring supports the entire security journey by collecting evidence, flagging gaps, identifying opportunities to improve security posture and the overall cloud architecture, and continuously monitoring the cloud environment. Unlike other offerings, customers can not only monitor compliance, they can also design, operate, and optimize a secure cloud environment, including implementing remediation recommendations and scripts provided in the Carbide platform.

100+ Integrations to Automate Your Evidence Collection Process

Carbide’s latest integration update to the Platform’s automated evidence collection makes it simple for businesses to prove their commitment to security and privacy. Now offering over 100 technical integrations, Carbide has streamlined the process for demonstrating compliance with the relevant security frameworks and regulations to your auditors and customers. By connecting your tech stack, Carbide can collect the necessary evidence to show that you meet the requirements of security controls featured in frameworks such as SOC 2, ISO 27001, and more, without you having to do the heavy lifting. 

New Frameworks: PCI DSS v4.0, NIST 800-53, CMMC, CCCS v1.2, and FedRAMP

And finally, we added five new frameworks to the Carbide Platform in 2022:

  • PCI DSS v4.0
  • NIST 800-53
  • CMMC 2.0
  • CCCS v1.2
  • FedRAMP

Here’s a breakdown of what these frameworks are and how the update impacts your business:

PCI DSS v4.0

The PCI Security Standards Council issued PCI DSS v4.0 as an update to PCI DSS v3.2.1 on March 31 of this year. While PCI DSS version v3.2.1 is still in effect (and will be for the next two years), the PCI DSS requirements have been updated as a response to the modern threat landscape.

The goals of the update are to:

  • Ensure the standard continues to meet the security needs of the payments industry
  • Add flexibility and support of additional methodologies to achieve security
  • Promote security as a continuous process
  • Enhance validation methods and procedures*

Until March 31 2025, you are not required to meet v4.0 requirements. However, at Carbide we’re committed to preparing you not just for multi-compliance, but for good security, including requirements that will eventually come into scope for your business. Carbide now has simultaneous support for PCI DSS V3.2.1 and V4.0. By aligning your program with PCI DSS v.40 now, you are not only prepared for tomorrow’s auditors but for the evolving landscape of security threats.

Learn more about what’s new in PCI DSS v4.0 here.

NIST 800-53

The National Institute of Standards and Technology (NIST) designed NIST SP 800-53 to lay out the security and privacy controls that federal organizations, DoD contractors, or organizations in their supply chain must comply with.

NIST 800-53’s 1000+ controls are housed under the 3 main control levels (Low-Impact, Moderate-Impact, and High-Impact) and the 18 control families. The main difference between NIST 800-171 and NIST 800-53 is that NIST 800-53 applies to federal organizations while NIST 800-171 applies to non-federal organizations.

By achieving NIST 800-53 compliance, you open your business up to a plentiful market of long-term, high-value contracts.

Access the official NIST documentation on NIST 800-53 here.

CMMC 2.0

The CMMC 2.0 model is a framework designed to protect Federal Contract Information (FCI) and Controlled Unclassified Information (CUI) that is shared with contractors and subcontractors of the Department through acquisition programs. Simply put, if you want to win a contract with the United States Department of Defense, you need to be Cybersecurity Maturity Model Certification (CMMC) 2.0 certified.

Our support for CMMC 2.0 will guide you through all three levels of CMMC certification. Using Organizational Controls, identify the overlap in your existing compliance efforts and get CMMC certified in no time.

Read the official documentation from the US Department of Defense here.

CCCS v1.2

The CCCS v1.2 framework is a set of guidelines and controls designed to help small and medium-sized organizations in Canada improve their cyber security posture. The framework is broken down into three main categories: organizational controls, baseline controls, and the CCCS’s three key objectives: protect, inform, and empower. It is intended to help Canadian organizations understand the importance of cyber security and to provide guidance on how to implement effective baseline security measures.

Read the official documentation from the Canadian Centre for Cybersecurity here.

FedRAMP

FedRAMP is a program that provides standardized security requirements, a conformity assessment program, and authorization packages for cloud service providers (CSPs) and cloud service offerings (CSOs) that want to provide products and services to US federal agencies. The program is based on the National Institute of Standards and Technology (NIST) 800-53 controls but provides additional guidance that goes beyond the NIST baseline. It is specifically designed to address the unique aspects of cloud services. In order to provide products and services to the US government, CSPs and CSOs must demonstrate that they meet all of the requirements of the FedRAMP program.

Read the official documentation from the FedRAMP Program Management Office here.

So what’s next? 

Our CEO, Darren Gallop perfectly sums up our outlook for the cybersecurity industry in 2023:

“The days of skating by with a ‘checkbox‘ style compliance effort tied to individual regulations or standards like SOC 2 or GDPR are coming to an end. Enterprise organizations have sophisticated vendor review processes and third-party risk assessors that are well-versed in multiple frameworks and regulations. Your startup must be prepared to answer detailed security and data privacy questions competently across the spectrum of potential regulations in order to close an enterprise deal.” 

If you don’t already, now is the time to start getting serious about your business’ security and privacy program. And while we know building a program that can both meet today’s compliance requirements and the constantly evolving threat landscape, you can rest easy knowing we’re here to help!

2022 was a big year – but 2023 is set to be even bigger.

Stay tuned – we’ve got exciting things ahead.

Have ideas or suggestions on how we can better serve you? We’d love to hear from you! Our product enhancements are a result of customer feedback and extensive research and development. Connect with a Carbide team member.

Discover how Carbide can save you time and resources on your path to compliance.

Book a customized demo with one of our security experts to see how we can fast-track your initiative and transform your security program.