ALL RESOURCES
SOC 2
How kobalt.io provides big security for small businesses with Vanta
BlogsSOC 2
March 8, 2023

How kobalt.io provides big security for small businesses with Vanta

BIG SECURITY FOR SMALL BUSINESS

Leading MSP Kobalt.io makes top-tier security solutions accessible to small businesses.

SPEED TO SCALE

Vanta streamlines compliance prep for Kobalt.io’s fast-growing customers with limited resources.

FAST GROWTH TOGETHER

Partnership with Vanta delivers more certifications, happier customers, and business growth for Kobalt.io.

Managed compliance and security services

Kobalt.io is a Managed Security Service Provider (MSSP)  with the mission of developing and managing cybersecurity programs for small and mid-sized businesses, making big-budget security affordable  to smaller organizations. It builds on world-class frameworks and toolsets, combining the power of the cloud and data at scale to address the complexity of cybersecurity for small businesses.

The company works with over 200 client teams who have limited security resources but lots of innovation. It augments their resources with technology and team members to allow them to remain focused on their business and not on security noise. Kobalt.io helps them achieve compliance and maximize their growth potential.

Lack of scalability to assist fast growing clients

Kobalt.io’s customer base comprises innovative, fast-growing companies with an urgent need for more resources. Their customers came to them for gap assessments, ISO audits and other measures to help them establish and maintain a strong security posture. Even with all of the resources and support the company could deliver, it was still a heavy lift for their customers to attain compliance.

“Our customers are small teams with limited time and resources. And it takes a lot of effort to gather the evidence and prove compliance and do all the needed security things,” said Michael Argast, Kobalt.io Co-founder and CEO. “Although we were providing our customers with a lot of expertise, the work on their side was still significant.”

Building a security foundation based on Vanta

Kobalt.io was created to solve cybersecurity for small and mid-sized businesses. To achieve their goal means doing this at scale, reaching hundreds of clients, and building repeatable, scalable models. Vanta has a culture of velocity. They decided to partner with Vanta because it is “clear market leader, defining the category, and innovating faster and more thoroughly than anybody else in the market,” said Aargast.

Without automation, achieving compliance for Kobalt.io’s customers had been a hard, lengthy, resource-heavy process. With Vanta, what would normally be an 18-month to two-year process became instead a six month journey. “We shrink it down and customers start to recognize the economic benefit of compliance in six months, and they get their ISO first, for example,” observed Argast. “Then they get their SOC 2 three months later, and then they get their GDPR, followed by all these other standards. It's a win, win, win.”

When Kobalt.io’s customers attain compliance in a shorter period of time, they recognize the business value of achieving ISO 27001, SOC 2, and other forms of compliance. Argast continues, “Working with Vanta makes the whole process of understanding the customer's security posture [quicker] and allows us to deliver a higher value of service to our customer in a shorter period of time, at less cost.”

Stronger client relationships and accelerated business growth

The benefits of working with Vanta have been many. First, Kobalt.io’s customers have achieved numerous forms of compliance more quickly and easily, solidifying the managed service provider’s role as a critical, trusted partner to their businesses. 

Second, as a Vanta Partner, Kobalt.io has enjoyed increased efficiencies with one consolidated console to create, access and manage all of its customers’ Vanta accounts.  They’ve also saved time by eliminating multiple logins, manual deal registrations, and the headache of waiting for account provisioning. Vanta’s solution has made delivering security and compliance certifications to Kobalt.io customers easier.

Most importantly, however, has been the increased growth in Kobalt.io’s business. “From day one Vanta has brought us opportunities,” said Argast. 

“As a combined solution, our expertise with Vanta’s ability to offset the customers’ effort delivers a much better total solution to the client. We hope to see us able to serve a broader set of customers more efficiently and more effectively because of your tool.”

“Ultimately, security is not a static environment. You need an organization that's willing to adapt and change and adjust and I really see that in this partnership.”

“Kobalt.io is super excited to be a launch partner with Vanta in this new MSP program. We've had a chance to work closely with their team, working on everything from MSSP product, go-to-market, service design, customer success. Vanta has top notch people and a true focus on solving real customer pains and problems. Since we announced our partnership, we have connected with nearly a hundred companies in just three months to help accelerate their compliance/cybersecurity journeys. We look forward to making a dent with Team Vanta in trust, security, privacy and compliance in 2023 and beyond.” 

Michael Argast, Co-founder and CEO, Kobalt.io

Written by
No items found.
Access Review Stage Content / Functionality
Across all stages
  • Easily create and save a new access review at a point in time
  • View detailed audit evidence of historical access reviews
Setup access review procedures
  • Define a global access review procedure that stakeholders can follow, ensuring consistency and mitigation of human error in reviews
  • Set your access review frequency (monthly, quarterly, etc.) and working period/deadlines
Consolidate account access data from systems
  • Integrate systems using dozens of pre-built integrations, or “connectors”. System account and HRIS data is pulled into Vanta.
  • Upcoming integrations include Zoom and Intercom (account access), and Personio (HRIS)
  • Upload access files from non-integrated systems
  • View and select systems in-scope for the review
Review, approve, and deny user access
  • Select the appropriate systems reviewer and due date
  • Get automatic notifications and reminders to systems reviewer of deadlines
  • Automatic flagging of “risky” employee accounts that have been terminated or switched departments
  • Intuitive interface to see all accounts with access, account accept/deny buttons, and notes section
  • Track progress of individual systems access reviews and see accounts that need to be removed or have access modified
  • Bulk sort, filter, and alter accounts based on account roles and employee title
Assign remediation tasks to system owners
  • Built-in remediation workflow for reviewers to request access changes and for admin to view and manage requests
  • Optional task tracker integration to create tickets for any access changes and provide visibility to the status of tickets and remediation
Verify changes to access
  • Focused view of accounts flagged for access changes for easy tracking and management
  • Automated evidence of remediation completion displayed for integrated systems
  • Manual evidence of remediation can be uploaded for non-integrated systems
Report and re-evaluate results
  • Auditor can log into Vanta to see history of all completed access reviews
  • Internals can see status of reviews in progress and also historical review detail
Incident.io
Lumos
IcePanel
Epsilon3
Supabase
EasyLlama
Qualifi
Toku
FEATURED VANTA RESOURCE

The ultimate guide to scaling your compliance program

Learn how to scale, manage, and optimize alongside your business goals.

DOWNLOAD FOR FREE

You might also like:

Compliance frameworks
Convos with Customers: ResoluteAI
Company news
Vanta crosses 500 raving reviews on G2
SOC 2
Convos with Customers: Envase

Table of contents

This is some text inside of a div block.

Share this article

Share this article

PCI Compliance Selection Guide

Determine Your PCI Compliance Level

If your organization processes, stores, or transmits cardholder data, you must comply with the Payment Card Industry Data Security Standard (PCI DSS), a global mandate created by major credit card companies. Compliance is mandatory for any business that accepts credit card payments.

When establishing strategies for implementing and maintaining PCI compliance, your organization needs to understand what constitutes a Merchant or Service Provider, and whether a Self Assessment Questionnaire (SAQ) or Report on Compliance (ROC) is most applicable to your business.

Answer a few short questions and we’ll help identify your compliance level.

1
2
3
4
!
👍

Does your business offer services to customers who are interested in your level of PCI compliance?

Yes
No
RESTART QUIZ

Identify your PCI SAQ or ROC level

The PCI Security Standards Council has established the below criteria for Merchant and Service Provider validation. Use these descriptions to help determine the SAQ or ROC that best applies to your organization.

Good news! Vanta supports all of the following compliance levels:

SAQ A

A SAQ A is required for Merchants that do not require the physical presence of a credit card (like an eCommerce, mail, or telephone purchase). This means that the Merchant’s business has fully outsourced all cardholder data processing to PCI DSS compliant third party Service Providers, with no electronic storage, processing, or transmission of any cardholder data on the Merchant’s system or premises.

Get PCI DSS certified

SAQ A-EP

A SAQ A-EP is similar to a SAQ A, but is a requirement for Merchants that don't receive cardholder data, but control how cardholder data is redirected to a PCI DSS validated third-party payment processor.

Learn more about eCommerce PCI

SAQ D
for service providers

A SAQ D includes over 200 requirements and covers the entirety of PCI DSS compliance. If you are a Service Provider, a SAQ D is the only SAQ you’re eligible to complete.

Use our PCI checklist

ROC
Level 1 for service providers

A Report on Compliance (ROC) is an annual assessment that determines your organization’s ability to protect cardholder data. If you’re a Merchant that processes over six million transactions annually or a Service Provider that processes more than 300,000 transactions annually, your organization is responsible for both a ROC and an Attestation of Compliance (AOC).

Automate your ROC and AOC

Download this checklist for easy reference

DOWNLOAD NOW

Questions?

Learn more about how Vanta can help. You can also find information on PCI compliance levels at the PCI Security Standards Council website or by contacting your payment processing partner.

Related resources

Blog
Compliance frameworks

Do you need penetration testing for compliance?

Software Secured, a Vanta partner, gives an overview of penetration testing and the differences between prescriptive and descriptive compliance frameworks.

ON-DEMAND WEBINAR
Compliance frameworks

Convos with Customers: Explo

Learn how the co-founder of Explo, Gary Lin, uses Vanta to manage security and compliance at a quickly growing startup.

ON-DEMAND WEBINAR
Compliance frameworks

How to scale compliance at a hyper-growth company

Watch our webinar to hear from security leaders who have leveled up their compliance programs during periods of hyper-growth.

ON-DEMAND WEBINAR
Security

Coffee & Compliance: Demystifying security policies

Steven Conley, IT Audit Director at Insight Assurance, and Matthew Phillips, Lead Auditor at Vanta, discuss security policies for your organization.

The compliance news you need. Delivered securely to your inbox.

Subject to Vanta's Privacy Policy, you agree to allow Vanta to contact you via the email provided for marketing and other purposes

Vanta is the easy way to get and stay compliant. Thousands of fast-growing companies depend on Vanta to automate their security monitoring and get ready for security audits in weeks, not months. Simply connect your tools to Vanta, fix the gaps on your dashboard, and then work with a Vanta-trained auditor to complete your audit.

Products
SOC 2ISO 27001GDPRHIPAAPCI DSSCCPAAdditional FrameworksIntegrations
Customers
Customer Case Studies
Resources
BlogsGuidesGlossaryVideosAll Resources
Company
AboutCareersPressSecuritySystem StatusTrust Report
Manage CookiesTermsPrivacy