As our world becomes more digitized, the regulations that govern the transmission, generation and guardianship of enterprise and consumer data are sprawling and becoming more technical.

Compliance with those stipulations — especially for sensitive industries such as fintech, healthcare and energy — has become a top-of-mind undertaking. Thoropass Inc. takes enterprise compliance pain points and addresses them through a consolidated tool with which compliance policies can be set up, built out and accelerated as required.

“[As] more companies are hosting data of their customers, disasters [are] becoming a bigger problem than it was before,” said Sam Li (pictured), co-founder and chief executive officer of Thoropass. “We rebranded to Thoropass earlier this year to be really the one-stop shop for IT compliance and privacy compliance for our technology companies. We created a TurboTax-like experience for companies to set up their compliance for the first time, accelerate their program, build out, automatically collect and verify evidence, as well as demonstrate compliance to enterprise buyers or partners alike.”

Li spoke with theCUBE industry analyst John Furrier, during a CUBE Conversation ahead of the “Cybersecurity” AWS Startup Showcase event on September 14, an exclusive broadcast on theCUBE, SiliconANGLE Media’s livestreaming studio. They discussed Thoropass’ approach to automating compliance across industries. (* Disclosure below.)

Helping early-stage companies hit the ground running

The compliance process for enterprise cybersecurity is repetitive and can be time and energy-consuming. Add to that the ever-changing landscape of standards and certifications, and the entire operation becomes a slugfest.

“There are those high-profile data breaches happening, which makes the regulators set up more rules, as well as pushing the largest enterprise to push down those requirements to all their vendors, which is a great trend for the industry,” Li said. “But at the same time, it’s hard to set up, maintain and demonstrate information security compliance, especially for cloud-native internet companies.“

The bulk of Thoropass’ customers are growing companies that have prudently identified the need to automate their compliance approach from the start, while operations and employee counts are still relatively small. This is especially because they want agile development in addition to a continuous delivery pipeline to stay ahead of new features in their applications, according to Li.

“It is much cheaper to set up a robust and effective compliance program early on versus until you have hundreds of employees — then you have more people to train and more culture to change,” he noted. “We like to partner with companies of different sizes and stages, but definitely a lot of our customers are younger companies. They hold really sensitive data, and they want to do the right thing. Our job is to make following compliance as simple as possible so that they can focus on what they do best: innovate in their field without having to waste time.”

Free-flowing innovation not hampered by ‘old-school compliance’

Solutions providers that rely on Thoropass sell their offerings to potential corporate clients. A key part of that onboarding process is a walkthrough of the compliance infrastructure already in place: from things like SOC 2 to HIPAA reports (for healthcare-related instances).

Thoropass integrates across a wide swathe of the software-as-a-service tools that these companies use across major cloud service providers. The ingested data goes into the platform and is validated directly there, expediting the process and eliminating the need for the manual undertaking of that same process by an auditor, according to Li.

“You sign up for Thoropass, you go through an onboarding process, [and] you get paired with a team member who will help you throughout the process,” he explained. “Then you connect to all the SaaS tools that you are already using. That process is almost completely automated through the integrations with those systems, as well as our auditor platforms, so that the customers experience the entire process, from setting up the compliance program to proving it to the auditor all the way to approving it to their enterprise buyers, directly and completely on the Thoropass platform.”

The company’s “one audit, multiple reports” mantra means that from one point of data ingestion, multiple reports are generated to address several compliance areas simultaneously — thus saving the time needed to juggle those disparate tasks, Li added.

Here’s the complete CUBE Conversation, part of SiliconANGLE’s and theCUBE’s pre-event coverage of the “Cybersecurity” AWS Startup Showcase event:

(* Disclosure: Thoropass Inc. sponsored this segment of theCUBE. Neither Thoropass nor other sponsors have editorial control over content on theCUBE or SiliconANGLE.)

Photo: SiliconANGLE