Drata Inc., a new startup working to make it easier for companies to comply with cybersecurity standards, today announced that it has raised a $25 million funding round led by GGV Capital.

The round also included contributions from the venture capital arm of publicly traded cybersecurity provider Okta Inc., as well as Cowboy Ventures, Leaders Fund and SVCI. SVCI describes itself as an angel investor group comprising of chief information security officers at major companies.

Drata has developed a software platform that simplifies the process of complying with the SOC 2 cybersecurity standard. SOC 2 is a widely used set of guidelines for ensuring that a company processes customers’ information in a secure manner. Meeting the standard is considered essential to doing business for many tech firms, especially for those working with large enterprises, which often have particularly stringent data protection expectations.

Achieving SOC 2 compliance normally takes months because it requires a company to fulfill numerous cybersecurity criteria. An organization must set up mechanisms to encrypt customer data, deploy firewalls and implement other technologies to reduce the risk of a breach.

Moreover, it must have processes in place to react effectively should a breach occur despite its cybersecurity controls. The list of requirements extends to other areas as well: Companies must limit business users’ ability to access client data.

Drata says its platform can automate a significant portion of the process. The software connects to a company’s infrastructure and pulls data on the security of its technology assets. Then, it compares the information against the requirements set forth in SOC 2 to identify issues that the company must resolve to achieve compliance. The security gaps appear in a visual dashboard so engineers can quickly identify what systems require their attention.

After securing an SOC 2 certification for the first time, a company must periodically undergo additional audits to ensure it continues to comply with the standard. Drata says its platform’s automated security data collection features lend themselves to that task as well. The startup’s platform can regularly run scans to check that a company’s systems continue to meet SOC 2 requirements even as they change over time.

Under the hood, the platform collects the security data it uses to check compliance using a set of more than 45 connectors that Drata has built for popular platforms. The connectors allow the startup to assess the security of organizations’ public cloud infrastructure environments, GitHub code repositories and their deployments of popular software-as-a-service applications such as Office. 

Drata will use the funding to extend its platform beyond SOC to ISO 27001, a comparable cybersecurity standard popular in Europe, and grow its go-to-market team. “We onboarded our 100th customer 60 days after initial launch and are growing at an average month-over-month rate of 100%,” said Drata Chief Executive Officer Adam Markowitz (pictured, center, with the startup’s two other co-founders). “With the addition of ISO 27001 and more to come, we’re looking forward to helping more companies achieve and maintain continuous compliance.”

Drata is operating in an increasingly competitive market. In April, Kintent Inc. closed a $4 million seed investment from Tola Capital and a group of prominent tech executives to drive adoption of its Trust Cloud platform, which promises to speed up the task of achieving compliance with standards such SOC 2. Another venture-backed contender in this market is Secureframe Inc., which raised a $18 million funding round of its own in March.

If the market for tools that can automate cybersecurity compliance proves as large as Drata and its rivals hope, it’s possible that established industry players may decide to join the fray by launching competing capabilities or acquiring a startup. There’s already a sizable market for products that make it easier to comply with privacy rules such as the European Union’s GDPR regulation.

Photo: Drata