Cobalt PtaaS + DAST combines manual pentests and automated scanning for comprehensive applications security.
Cobalt PtaaS + DAST combines manual pentests and automated scanning for comprehensive applications security.

Partner Spotlight: Tugboat Logic

Compliance can be expensive, time-consuming and needlessly confusing. Tugboat Logic changes that.

Our February feature is dedicated to Tugboat Logic, whose focus is on security assurance for customers. Their leading compliance automation solution helps businesses streamline how they show their commitment to security and their compliance to core security frameworks. This enables them to build trust and win more deals, while keeping critical data secure.

Fun fact: Tugboat Logic was the first security assurance platform to utilize Cobalt's API! Furthermore, we built an integration between Tugboat Logic's Security Assurance Platform and Cobalt's Pentest as a Service Platform. We spoke with their team to learn more about their work and how they’re impacting the wider security space.

Tell us more about yourself and Tugboat Logic.

Tugboat Logic by OneTrust makes information security and compliance accessible to all businesses. We're the leading compliance automation solution, trusted by over 1000 SaaS category leaders. Our platform leverages deep experience in security to demystify compliance and automates mission-critical tasks that cost too much time and money, like policy management and audit readiness. And with almost 100 integrations, Tugboat Logic puts evidence collection on autopilot.

As a security company that prescribes guidance to others, we need to know the ropes ourselves. So we've taken every measure to place all necessary security controls and earned SOC 2 Type 2 and ISO 27001.

The people behind the screen day in and day out are the ones who make the magic happen. Our crew is full of security veterans who know the ins and outs of security audits and wanted to improve them. So they worked closely with a team of first-rate developers and audit experts. This all-hands-on-deck approach set the tone for company-wide collaboration. It also produced a product with auditor and client processes in mind. How do we know? Our in-house Labs team, comprised of Big 4 ex-auditors, has over 100 years of combined experience.

All of our hard-working crew of innovators, creators, designers, policy writers, developers, marketers, customer service and sales representatives are mastermind geniuses of their craft. Yes—we're a little biased. But it's their hard work and dedication that enables us to produce our innovative platform.

What's the biggest security problem you're aiming to solve? And how?

Organizations must prove they can securely handle customer data to participate in today's digital economy. They demonstrate their trustworthiness by complying with frameworks like SOC 2, ISO 27001, GDPR or HIPAA. Unfortunately, compliance isn't accessible. It's expensive, time-consuming and needlessly confusing. It's a never-ending cycle of audits, but customers and prospects require it because they need proof that a vendor can be trusted with their data.

Delivering a market-leading information security program that demystifies the process while saving customers time and money is just the start. We also show organizations how to build trust with their prospects through security assurance.

Tell us about the value you bring to your customers. How do they describe you?

We support you on every step in the compliance journey. Our Labs team leverages deep experience conducting audits at all of the Big Four firms to create content that's unmatched in our space. (40+ customizable InfoSec policies, for instance).

We've transformed a highly manual task into one that's automated.

Our platform has consistently reduced time to compliance by 50% and audit readiness costs by 88%.

We also enable teams to work together and become more security-aware while improving collaboration with auditors. Our clients 3X their sales win rates due to enhanced efficiency and one company boosted productivity by 1500%.

Scaling with our customers is also very important to us. Tugboat Logic supports over a dozen frameworks and each one overlaps. We collect evidence once for SOC 2 and apply it to many frameworks, saving time and ensuring an efficient process. As a result, we can simplify how businesses manage IT risk, audits, and compliance, which helps us improve security posture and build stronger, more profitable relationships.

Check out our G2 reviews to get honest feedback about Tugboat Logic directly from our users.

How do Tugboat Logic and Cobalt click together? What do you think the security community will find most valuable about our partnership?

One of the biggest challenges for enterprises today is the time it takes to complete security audits. This is especially the case with pentesting. As one of the more time-consuming security controls within an audit, it can be challenging to schedule testing to identify gaps while manually lifting findings into a modern software development lifecycle (SDLC).

Our integrated platforms help agile teams remediate vulnerabilities quickly, leading to faster triage and more actionable test results. For example, customers can get started in 24 hours with Cobalt, using its highly vetted global network of penetration testing experts, without needing an on-site consultation. Likewise, Tugboat Logic enables remote collaboration with auditors, allowing customers to collect and share evidence as needed, automatically.

What's on the horizon for you — any previews you can give in to what lies ahead for Tugboat Logic, or where you think the industry as a whole is going?

Tugboat Logic sees a strong need in the market for an "easier-to-use GRC platform," and we plan to lead the way in this direction by:

  • Enabling "Continuous Compliance" by automatically collecting evidence and verifying security posture for as much of the organization's tech stack as possible. So instead of being ready one time a year during your third-party audit, it's ready all the time.
  • "Democratizing GRC"__ by helping InfoSec leaders distribute the load to non-subject matter experts in their company through a combination of simplified guidance and user-friendly workflows for common InfoSec tasks.Delegation to the "non-InfoSec savvy" employee helps save time and helps build risk awareness throughout the organization more naturally and consistently.

By automating everything and translating various InfoSec frameworks into words anyone can understand, Tugboat helps companies "up their game" on compliance and security overall.

We always sneak a fun question at the end: If Tugboat Logic had a mascot, what would it be?

In our early days, we had a mascot! Beatrice ("Trixie") Worsley, the first Canadian female computer scientist and our inspiration for the Tugboat Logic Virtual CISO. Other doodles included Tippee the lighthouse, who offered assistance in the older versions of our product and another sailor named Toddy. We still use their icons in our internal slack channels!

Back to Blog
About Cobalt
Cobalt provides Pentest Services via our industry-leading Pentest as a Service (PtaaS) platform that is modernizing the traditional, static penetration testing model with streamlined processes, developer integrations, and on-demand pentesters. The Cobalt blog is where we highlight industry best practices, showcase some of our top-tier talent, and share information that's of interest to the cybersecurity community. More By Cobalt