CASE STUDY
ÉTUDE DE CAS

How Peak builds trust in new markets with Vanta

COMPANY
ENTREPRISE
Peak
EMPLOYEES
EMPLOYÉS
200+
LOCATION
EMPLACEMENT
Manchester, UK
SOLUTION
SOLUTION
INDUSTRY
INDUSTRIE
AI
VANTA CUSTOMER SINCE
ANNÉES AVEC VANTA
2021
QUICK, EASY AUDITS

With Vanta and a Vanta-vetted auditor, Peak’s SOC 2 Type 2 audit sessions now take minutes, not days.

ALWAYS-ON SECURITY MONITORING

With Vanta’s continuous security monitoring, Peak stays compliant and alert to potential threats.

BUILDING TRUST WITH KEY CLIENTS

SOC 2 Type 2 is the framework of choice for Peak’s enterprise, financial services, and US-market clients, increasing reliability in Peak’s products and creating a smoother sales cycle.

“Vanta helps us stay accountable to both ourselves and our customers. Everything is encrypted, our key resources have backups running – it saves us a lot of time and manual effort.”

Michael Pearce
Head of Information Security & Compliance, Peak
The company

Taking AI to new heights

There is nothing small about Peak’s mission; it wants to use AI to change the way the world works. The seeds for the company were sown back in 2015 during a discussion in a Manchester pub. Founders Richard Potter, David Leitch, and Atul Sharma talked about how they could democratise AI for every business, and after drawing an idea for an AI platform on a napkin, Peak was born. 

Today, Peak offers a cloud AI platform that allows companies to embed AI into the core of their inventory and pricing operations. With a library of pre-built AI applications, Peak’s customers can rapidly apply AI to deliver on their commercial objectives. 

Peak has a team of over 200 people worldwide and has raised $119m in investment funding to date. Peak is used by global industry leaders including Nike, Molson Coors, Marshalls and Eurocell.

The challenge

Bigger clients, bigger asks

As Peak’s customer base grew,  its team was being asked to complete an increasing number of custom security questionnaires, which was time consuming and repetitive. As an initial step, the team worked to become ISO 27001 certified but as larger, predominantly US-based, customers joined Peak, SOC 2 emerged as the security framework of choice.. 

“As we are working with sensitive customer data, security is of paramount importance to our customers,” says Michael Pearce, Head of Information Security & Compliance at Peak. “Customers are drawn to the technically focussed SOC 2 Type 2, which involves continuous monitoring and testing and shows how effective a company’s controls are over time.”

Michael joined Peak in 2017 and says that the company has always recognised the need for robust security. However, in previous roles, he had seen how manual, ad-hoc approaches to compliance led to more work for everyone involved. Peak needed a hassle-free way of getting SOC 2 Type 2, so they began looking at trust management platforms that could automate and streamline the process. 

Peak uses a wide range of AWS services to deliver its game-changing AI. These include Amazon Elastic Container Service (ECS) and Elastic Kubernetes Service (EKS) Clusters, EC2 Compute instances with Auto Scale groups, Amazon Redshift and DynamoDB NoSQL databases, Elastic Load Balancing, and a range of other services. These AWS services help Peak scale quickly and predictably in the cloud and are in scope for their SOC 2 audit.

“Our larger customers kept mentioning SOC 2 Type 2, so we decided that we needed to get it. We wanted the process to be as painless as possible, so we went looking for the right trust management platform," says Michael.

The solution 

Getting SOC 2 quickly and painlessly with Vanta 

Peak’s InfoSec and engineering teams examined the platform options that were available, with specific criteria in mind. 

“Our SOC 2 ‘must-have’ was to have as many automated checks as possible, and it had to work on the AWS infrastructure that hosts Peak,” explains Michael. 

Vanta and a competitor emerged as frontrunners, but Peak decided that Vanta’s features and collaborative approach best matched its needs. A big selling point was the depth and breadth of the integrations that Vanta supports. The platform has 300 integrations and counting, including AWS, Jira, Basecamp, Asana, and Google Workspace. Peak’s existing tech stack would be completely covered, meaning the team could begin the process of getting SOC 2 Type 2 straight away. 

Michael Pearce, Head of Information Security & Compliance, Peak

“As well as the number and selection of integrations that Vanta offered, we liked the intuitive user interface. It does what it says on the tin! Vanta’s company values also matched ours," says Michael. "They put customers first, lead with resilience, presume good intent, and are action-oriented.”

Peak also appreciated how Vanta would seamlessly integrate with some of the core services and tools they use for access control. 

“A core tenet of SOC 2 is that you manage your users properly. For example, if somebody leaves your business, you have to make sure their access is revoked right away. We did a side-by-side comparison of our key apps to see if they were supported by the various platforms, and Vanta could work with them all.” 

Since starting with Vanta, Peak has gotten its SOC 2 Type 2 attestation, which has led to a streamlined sales cycle, particularly when it comes to US-based enterprise customers. 

“When we start talking to those prospects, one of the first things they ask is whether we have it. When we say we do, they don’t have to go through their normal checklist of questions; they know that we have it covered,” says Michael. 

{{quote-2}}

The impact

Saving time, building trust, and staying accountable 

With SOC 2 Type 2, Peak can give its potential customers concrete proof that it takes the safety of their data seriously. Internally, Michael appreciates how Vanta’s continuous monitoring allows the company to be constantly on the ball when it comes to their security responsibilities.

“It was great to be able to get SOC 2 Type 2 so quickly and efficiently, but I think the hourly checks are my favourite thing about Vanta. If anything goes out of compliance, we get an email or a Slack alert, and we can fix it right away.”

{{quote-3}}

Since Vanta and Peak are both built on AWS, the strong scalability and configurability powered by rich SDKs and APIs make it simple to integrate Peak’s cloud environment with Vanta. As Vanta pulls resources, inventory, users, groups, and permissions data from AWS CloudTrail and AWS APIs to gather evidence for audit, Vanta uses automated tests to continuously monitor and alert to misconfigurations or security improvements that can be resolved within AWS and other tools in Peak’s tech stack. 

Peak is able to continuously monitor their entire infrastructure in advance of their audit, and know immediately if something went out of compliance. Vanta supported all of their AWS resources in scope and automatically generated the evidence they needed to secure their SOC 2 Type 2 without manual screenshots from their infrastructure.

Using Vanta Seamless Audit, Peak can select an independent, Vanta-vetted SOC 2 auditor. At audit time, Peak can simply give the auditor access to its Vanta instance, where the auditor can easily access the information and documentation they need. 

Vanta-vetted auditors are well versed in how to use the platform to review, request, and accept evidence. That knowledge means that organisations can reduce the time and effort they spend on audit prep – some customers report an 80% reduction in total audit completion time.

“Having an auditor who has partnered with Vanta has been super useful and it has definitely sped things up. They know where to go and how to get the information they need. They don’t have to ask us any questions about how Vanta works, which is already a quick win,” says Michael.  “This year, we budgeted five or so days for our SOC 2 audit session – it took less than an hour!"

Partnering with Vanta has benefited Peak in a host of different ways. Michael says, “It's definitely streamlined customer security requirements because we don’t have to deal with as many security questionnaires and reviews. Internally, we’re able to consistently monitor our risk and threat detection, which is a win-win for Peak and its customers.”

“Having SOC 2 Type 2 builds trust and reliability in Peak.” 

Michael Pearce
Head of Information Security & Compliance, Peak

“With Vanta’s continuous monitoring, rather than checking things once a year and frantically scrambling to fix them, we can deal with issues as they arise.”

Michael Pearce
Head of Information Security & Compliance, Peak