GRC Viewpoint

Scrut Automation: Staying Ahead of the Compliance

Aayush Ghosh Choudhury

Co-Founder/CEO at Scrut Automation

“With Scrut, you can handle multiple compliance audits with ease, automate risk assessment and monitoring, and create your own distinctive riskfirst infosec program, all from a single window”

The mid-market enterprises have enough reasons to be optimistic. Consumer confidence remains buoyant, and demand for products and services will likely persist in the immediate years. Further, financial growth is quite significant. Yet, there are quite a few challenges that impact allcomprehensive growth. The compliance landscape that a mid-market enterprise has to deal with is quite vast. “Most mid-market enterprises have to comply with about 8-10 information security frameworks, with the number increasing manyfold for companies in sensitive industries like fintech or health-tech. Interestingly, many of these frameworks and regulations have a significant amount of overlap in their requirements.

But given a lack of a ‘common language’ across these frameworks, and the complexity of each individual requirement, enterprises are often forced to carry out time-consuming repetitive tasks to assure security and showcase proof of compliance”, says Aayush Ghosh Choudhury, the CEO, and founder of Scrut Automation, a risk and compliance automation platform. Dealing with a vast number of information security compliance requirements, in the midst of proliferating and increasinglysophisticated attacks put an immense amount of pressure on the security teams of a mid-market enterprise. In addition, the security tools landscape is muddled with an increasing number of tool categories Such as XDR, SIEM, GRC, CAASM, EASB etc., often with overlapping use cases.

This ends up straining a mid-market CISOs already-strained budget, without actually solving the crux of the problem – gaining complete visibility into their risk and security postures. Scrut has developed a proprietary unifying control framework, which is an all-encompassing framework with pre-mapped controls to commonly used frameworks, such as SOC 2, GDPR, ISO 27001, along with the more niche FedRamp, NIST 800-153, NIST-CSF, CMMC, PDPA frameworks. With the help of this proprietary framework, Scrut helps reduce the workload of security teams significantly, requiring them to monitor 40- 50 controls, instead of 150-200 controls.


One of their customers, a logistics technology enterprise, came to Scrut when it was about to go public. The enterprise had grown through inorganic acquisitions, resulting in four different entities with different controls, infrastructures, and compliance requirements. Scrut helped the company unify its security controls, create a single source of truth for its controls, policies, tests, and evidence, and harmonize the security efforts across the consolidated entity.


Scrut proudly calls itself a smartGRC platform. “Most GRC platforms that exist in the market today, act primarily as a system of records. While they create a repository of security tasks and artifacts, security teams spend a good portion of their daily hours on configuring and managing these tools”, said Choudhury. Scrut instead, leverages the power of integrations and workflow automation to reduce this workload by 70%. It comes with pre-built integrations across 75+ commonly used tools across Cloud, HRMS, Identity providers etc.

What is interesting about Scrut however, is that it integrates deeply with security tools like Crowdstrike, Splunk, DataDog and more, which allows it to pull relevant risks and control information. This enables Scrut to be the single source of truth for security teams for mid-market enterprises, without the hassle of managing multiple tools. Moreover, Scrut Automation comes equipped with several native capabilities, which are typically missing from most GRC or compliance automation tools. The most prominent modules include their cyber asset attack surface management which help companies gain complete visibility into their cyber assets and establish the asset telemetry, and their cloud security posture management modules, which scans multi-cloud multi-account infrastructures across 200+ CIS benchmarks.

“With Scrut, you can handle multiple compliance audits with ease, automate risk assessment and monitoring, and create your own distinctive risk-first infosec program, all from a single window,” adds Choudhury. The Scrut team is built of security experts, Ex-Big 4 consultants, ex-auditors, who support their customers in identifying gaps in their security posture, design and implement the necessary controls, and manage their audits painlessly.


Scrut continues to grow rapidly, and plans to expand its presence in Europe and North America. “We aim to become the platform of choice for the mid-market CISOs, and will continue to deepen our product capabilities to reduce the acronym clutter they have to deal with,” says Choudhury.