Archives

auditing

Drata raises $3.2M for its compliance audit platform

Drata, a startup that helps businesses get their SOC 2 compliance, today announced that it has raised a $3.2 million seed round led by Cowboy Ventures and that it is coming out of stealth. Other investors include Leaders Fund, SV Angel and a group of angel investors.

Like similar services, Drata helps businesses automate a lot of the evidence collection as they prepare for a SOC 2 audit. The focus of the service is obviously on running tests against the SOC 2 framework to help businesses prepare for their audit (and to prepare the right materials for the auditor). To do so, it features integrations with a lot of standard online business tools and cloud services to regularly pull in data. One nifty feature is that it also lets you step through all of the various sections of the SOC 2 criteria to check your current readiness for an audit.

At the end of the day, tools like Drata are meant to get you through an audit, but at the same time, the idea here is also to give you a better idea of your own security posture. For that, Drata offers continuous control monitoring, as well as tools to track if your employees have turned on all the right controls on their work computers, for example. Since companies have to regularly renew their certification, too, Drata can help them to continuously collect all of the data for their renewal, something that previously often involved boring — and quickly forgotten — manual tasks like taking screenshots of various settings every month or so.

Image Credits: Drata

Drata co-founder and CEO Adam Markowitz worked on the space shuttle engines after graduating from college and then launched his own startup, Portfolium, after that program ended. Portfolium, which helped students showcase their work in the form of — you guessed it — a portfolio, eventually sold to Infrastructure in 2019, where Markowitz stayed on until he launched Drata last June, together with a group of former Portfolium founders and engineers. Besides Markowitz, the co-founders include CTO Daniel Marashlian and CRO Troy Markowitz. It was the team’s experience seeing companies go through the audit process, which has traditionally been a drawn-out and manual process, that led them to look at building their own solution.

The company already managed to sign up a number of customers ahead of its official launch. These include Spot by NetAppAccel RoboticsAbnormal SecurityChameleon and Vareto. As Markowitz told me, even though Drata already had customers who were using the service to prepare for their audits, the team wanted to remain in stealth mode until it had used its own tool to go through its own audit. With that out of the way, and Drata receiving its SOC 2 certification, it’s now ready to come out of stealth.

As the number of companies that need to go through these kinds of audits increases, it’s maybe no surprise that we’re also seeing a growing number of companies that aim to automate much of this process. With that, unsurprisingly, the number of VC investments in this space also continues to increase. In recent months, Secureframe and Strike Graph announced their own funding rounds, for example.

Image Credits: Drata

Strike Graph raises $3.9M to help automate security audits

Compliance automation isn’t exactly the most exciting topic, but security audits are big business and companies that aim to get a SOC 2, ISO 207001 or FedRamp certification can often spend six figures to get through the process with the help of an auditing service. Seattle-based Strike Graph, which is launching today and announcing a $3.9 million seed funding round, wants to automate as much of this process as possible.

The company’s funding round was led by Madrona Venture Group, with participation from Amplify.LA, Revolution’s Rise of the Rest Seed Fund and Green D Ventures.

Strike Graph co-founder and CEO Justin Beals tells me that the idea for the company came to him during his time as CTO at machine learning startup Koru (which had a bit of an odd exit last year). To get enterprise adoption for that service, the company had to get a SOC 2 security certification. “It was a real challenge, especially for a small company. In talking to my colleagues, I just recognized how much of a challenge it was across the board. And so when it was time for the next startup, I was just really curious,” he told me.

Image Credits: Strike Graph

Together with his co-founder Brian Bero, he incubated the idea at Madrona Venture Labs, where he spent some time as Entrepreneur in Residence after  Koru.

Beals argues that today’s process tends to be slow, inefficient and expensive. The idea behind Strike Graph, unsurprisingly, is to remove as many of these inefficiencies as is currently possible. The company itself, it is worth noting, doesn’t provide the actual audit service. Businesses will still need to hire an auditing service for that. But Beals also argues that the bulk of what companies are paying for today is pre-audit preparation.

“We do all that preparation work and preparing you and then, after your first audit, you have to go and renew every year. So there’s an important maintenance of that information.”

Image Credits: Strike Graph

When customers come to Strike Graph, they fill out a risk assessment. The company takes that and can then provide them with controls for how to improve their security posture — both to pass the audit and to secure their data. Beals also noted that soon, Strike Graph will be able to help businesses automate the collection of evidence for the audit (say your encryption settings) and can pull that in regularly. Certifications like SOC 2, after all, require companies to have ongoing security practices in place and get re-audited every 12 months. Automated evidence collection will launch in early 2021, once the team has built out the first set of its integrations to collect that data.

That’s also where the company, which mostly targets mid-size businesses, plans to spend a lot of its new funding. In addition, the company plans to focus on its marketing efforts, mostly around content marketing and educating its potential customers.

“Every company, big or small, that sells a software solution must address a broad set of compliance requirements in regards to security and privacy.  Obtaining the certifications can be a burdensome, opaque and expensive process.  Strike Graph is applying intelligent technology to this problem – they help the company identify the appropriate risks, enable the audit to run smoothly, and then automate the compliance and testing going forward,” said Hope Cochran, Managing Director at Madrona Venture Group. “These audits were a necessary pain when I was a CFO, and Strike Graph’s elegant solution brings together teams across the company to move the business forward faster.”

AuditFile Raises $3M To Offer Task Management For Accountants

AuditFile To expand, the company is increasing the size of its sales force and building out its app so that it can be used for internal corporate audits, in the hopes that it can become a killer app for finance teams at Fortune 500 companies. Read More