Omnistruct’s Cybersecurity Risk Measurement software was nominated for the 2019 Sacramento Region Innovation Award. Launched in 2019 and based on the new US cyber security guideline, NIST CSF, the Omnistruct app helps businesses reduce the risk of regulatory cyber compliance.
The Omnistruct SaaS application was nominated for its unique approach to “reasonable security” by applying security risk plans and measurements that are easy for executives to understand and for attorneys to agree that security for a business was proactively done right.
Originating out of the US Government and the National Institute for Standards and Technology (NIST), Omnistruct makes cyber risk management available to all businesses that are grappling with mandates by the FTC, State of California CCPA, and global privacy laws.
The idea for the platform to make cyber risk and cyber security “reasonable” for businesses originated from Omnistruct’s Co-CEO and Chief Visionary Officer, George Usi.
George came up with the idea for Omnistruct after nearly a dozen years of performing cyber security assessments to help businesses find glaring problems with their business security configurations and tooling. In not so recent years in the past, performing technical assessments had been the staple for insuring business security problems can be fixed. However, many of these assessments would identify the technical problems specific to the security need, lacked a deeper understanding of the business problems, and few business leaders would spend money on the resources to get most of the problems fixed. This minimalist approach with a lack of business operations originated from business leaders who were willing to accept risks with minor consequences. With hacking more prolific and the impact of compromise containing greater financial and public relations risk from regulatory sanctions, leaders find themselves rushing to comply with an extreme learning curve that they are unqualified to understand.
The “Aha!” Visionary Moment
George’s twenty-year career advocating internet open standards while developing guidelines with many of the innovators who built it, he recognized a parallel between internet and cyber security governance that became the driving engine for Omnistruct. Internet standards were designed to keep the internet free and open to everyone. To accomplish that feat, scientists had to work very hard to set guidelines around a free and open Internet that they never thought would grow to its present size. So, they developed guidelines and standards to apply enough control to avoid threats and enough freedom to allow flexibility and growth. The parallel between internet threats and having enough freedom and security to allow flexibility and growth was a clear parallel.
So, George’s “Aha!” moment was in 2014 a few years after a close family member and his mentor, Jim Bound, lost their battles with cancer. George was a caregiver for his loved one and watches as protected healthcare information was casually shared even with regulations and security controls in place. He envisioned a method for “reasonable” security planning that any business could operationalize in the structure of a two-party model for cyber risk, information security, and compliance with an US based open standard known as NIST CSF that could be customized with “reasonable” security. So, he built a service provider model later that year with a vision for a free NIST-based SaaS measurement system with centralized cyber risk, information security planing, and cyber compliance front end with NIST CSF open standards that would include a free measurement version.
In the platform, George’s Co-CEO and Chief Integrating Officer, John Riley, was able to construct a method and baseline starting point service and SaaS model that integrates with the business, the technology, and the world of cyber compliance that would make any attorney feel that “reasonable security” is being exercised.
Why Is This So Important?
With aggressive and rapidly changing cyber regulations at our front door, risk management, legal, and information technology teams in small enterprises and SMBs struggle to settle on the “silver bullet” standard to implement security and varying privacy programs for emerging consumer privacy data protection. Moreover, their IT resources are doing double duty as IT jockey and cyber security deputy, which many attorneys strongly discourage. Even small businesses who work with managed service providers experience the same issues in that technologists mostly specialize in technology, dabble in information security policy, and rarely have the bandwidth to crack open risk, privacy compliance, and cyber regulations to assemble a cyber governance plan.
Moreover, many attorneys that are part of the International Association of Privacy Professionals will argue that the best thing you can do is to move risks over to a service provider while keeping their actions closely governed through contracts and vendor management attestations. But who has the time to do that?
A freeware version of the SaaS app, sponsored by partners, is available now for small businesses and IT managed service providers that are trying to keep compliance costs at a minimum while actioning on privacy and cyber laws. Enterprises can go to the Omnistruct home page and use the chat app to interact with us.