A2X is a world-class software company that automates accurate ecommerce accounting for thousands of ecommerce businesses worldwide. Their accounting solutions are the gold standard for businesses that sell on Amazon, Shopify, Walmart, Etsy, and eBay. A2X automates the bookkeeping processes for thousands of merchants and their accountants to ensure confidence and accuracy in their financials.
In 2020, the company engaged with Sidechain Security to improve its cybersecurity practices. Fast forward to 2022, and it is safe to say Sidechain has given A2X peace of mind to focus on what they do best without fear of disruption from cyber-threats or intensive security audits. When asked if he sleeps better at night these days, A2X software architect Ashley Schroder confirms, “Yes, I do. Definitely.”
Prioritizing a Security Backbone
Amidst a period of rapid growth in 2020, A2X was approached by Amazon, one of its largest integration partners, for a three-day in-person audit. The company sent A2X an “enormous catalog of things they wanted to cover,” for which they felt they needed expert help to complete. At the time, A2X “did not have a published data retention or incident response policy” and was not well set up to provide the evidence required to satisfy Amazon auditors for some security control areas.
As Ashley explains, “Security is one of those things that people don’t often think proactively about until they have to. Obviously, [cybersecurity] is important, but the stakes just get higher once you have thousands and thousands of customers and a lot more data.”
In preparation for the visit, A2X searched for a cybersecurity consulting firm that understood Google Cloud and could help them navigate the upcoming audit and any remediation to come afterward. The team found and selected Sidechain Security. Sidechain worked with A2X to assess and revamp its cybersecurity posture, as well as create the policy documents required to satisfy its external partners.
Satisfying Compliance and Building a Future-Prepared Security Posture
For the initial engagement, priority was placed on the upcoming audit and ensuring that A2X had responses for every control and proper evidence to support their assertions. Once compliance was met, the focus shifted to remediation and improving identified weaknesses.
The process went well, and A2X thought, “we should just be having a constant security improvement program.” Because working with Sidechain “had such a big impact” on the audit and remediation process, it was “very natural” to continue the relationship and build resiliency and preparedness into the security ecosystem of A2X.
Sidechain has helped A2X to complete quarterly self-assessments to identify, prioritize, and “iteratively improve security all the time.” That means focusing on making sure policies are adequate and up to date and developing and pinpointing the controls, systems, and training required to provide evidence of compliance consistently.
As Ashley shared, “we have a security training video that all new staff watch, and then they do a quiz. The [evidence] part is the quiz, and answers get saved.” Now for A2X, the evidence is stored and easy to produce if required to demonstrate security awareness training processes for an audit.
The Benefits of Having Sidechain Security in Your Corner
After more than a year and a half of working with Sidechain, A2X feels “very strong” about its policies and its overall security approach.
For example, A2X has a new cybersecurity group and monitors for issues in Identity and Access Management (IAM) for Google Cloud. Not only have changes like these brought “peace of mind,” but they’ve also brought unforeseen knock-on benefits like improving the sales process.
“Having a level of sophistication around security and privacy that those companies [we sell to] are expecting definitely helps them to trust us and know that we’re a [detailed] business and taking their client security seriously.” – Ashley Schroder, A2X
Today, A2X continues to grow at a rapid pace. Together with Sidechain, the company constantly takes stock of areas of security need over the coming six months and begins addressing those concerns before they arise.
This consistent, iterative improvement has left Ashley “very pleased with the results and much more comfortable about [the A2X] security posture.”
Ready to improve your cybersecurity posture or readiness for your next security audit? Get started now with a no-cost 30-minute consultation with a cybersecurity expert from Sidechain Security.