Aqueduct Technologies’ GRACE Platform Is A Security Compliance Game Changer For Customers

Aqueduct Technologies Chief Technology Officer Shane O’Brien is no longer surprised by the look of amazement he gets from CISOs (chief information security officers) when he demonstrates his company’s AI-powered GRACE (Governance, Risk and Compliance Engine) software platform.

“CISOs that have been struggling with security and compliance tell us all the time that this is exactly what they need,” said O’Brien. “This is a compliance game changer for customers. What we have done is provide everything in one software platform that allows them once and for all to ensure compliance. We did a demo recently with a CISO who asked – ‘Where do I sign?’”

The GRACE platform is driving net new customers to Aqueduct who have long been frustrated by the painful, laborious and time-consuming governance, risk and security compliance process, said OBrien (pictured above). That’s because GRACE automates what has long been a maddening manual process that took countless hours to ensure compliance across many frameworks.

Aqueduct has, in fact, documented an 89 percent reduction in manual tasks for customers implementing its GRACE platform, said O’Brien.

“We can see the impact in the form of tangible data that shows these customers are more secure and compliant after we have done the initial assessment and then embedded our team of CISO’s and security analysts to get them where they need to be,” he said. “It is proven. This is all about security and peace of mind. To know you are making a difference in cybersecurity is massive.”


The platform – which grades customers on a scale of 1 to 100 on their security and governance compliance framework – has consistently moved clients scoring in the 10-20 percent range to the 80 percent plus range, said O’Brien. The next version of GRACE will provide a measure of how clients stack up against other companies in their industry, he said.

A big part of the GRACE 2.0 process is measuring business risk for clients including policies that regulate customer and third party data. That has become a board of directors level issue with GRACE 2.0 tying into third party auditor systems with an API (Application Programming Interface). “All of that business risk measurement is automated through the GRACE platform,” said O’Brien.

That business risk measurement is helping customers directly address the concerns of the board of directors with a continuous risk measurement scoring system, said O’Brien. “This is arming our customers with the data that shows the board how they are achieving results to be more secure,” he said. “A lot of times customers have not had a way to show the progress they are making with security and governance.”

The frenzy around the GRACE platform has increased since the release of the 2.0 version of the engine in March, said O’Brien. That’s because GRACE 2.0 includes new functionality that incorporates feedback from security leaders that attended the solution provider’s inaugural cybersecurity summit last year.

Among the new capabilities in GRACE 2.0 is increased visibility across 38 governance frameworks including the ability for customers to select their own frameworks.

The GRACE 2.0 platform, in fact, goes well beyond the popular NIST(National Institute for Standards and Technology (NIST), CIS (Center for Internet Security with CMMC (Cybersecurity Maturity Model Certification) and ISO 27001 (International Organization for Standardization).

“GRACE 2.0 takes multiple governance frameworks and cross references them for customers,” said O’Brien. “The AI we have built in the platform understands where there is overlap between the many different frameworks. So it saves the clients countless hours in the governance compliance journey. It feels good to know that we are helping more customers be safer.”

Leave a Reply

Your email address will not be published. Required fields are marked *