Digital solutions derive their value from solving one or multiple problems.

Given today’s mounting cybersecurity threat environment, compliance has become a key concern as enterprises position themselves to remain competitive, profitable and free of vulnerabilities in the long term. Secureframe Inc. is creating business value by automating several manual compliance operations in favor of a more streamlined, consistent and free-flowing approach to abstract away many enterprise compliance bottlenecks.

“There were a lot of issues with [the] very manual processes,” said Shrav Mehta (pictured), founder and chief executive officer of Secureframe. “One of the big ones that you have to do is take screenshots of everything to make sure, ‘Hey, we need to show proof that we’re actually encrypting our S3 buckets, that we’re getting background checks for all employees, that we’re following all these rules and guidelines or security controls that we’ve set up internally.’ That process has just been very manual.”

Mehta spoke with theCUBE industry analyst Lisa Martin, during a CUBE Conversation ahead of the “Cybersecurity” AWS Startup Showcase event on September 14, an exclusive broadcast on theCUBE, SiliconANGLE Media’s livestreaming studio. They discussed Secureframe and the business of enterprise compliance automation. (* Disclosure below.)

Building out a nifty idea

Companies today must remain up to date with the expanding set of ever-changing compliance standards — it’s now beyond just looking good on paper. However, it’s a multifaceted process that spans cloud infrastructure, DevOps, vendor security and more. Manually keeping pace with all these processes will leave exploitable gaps at some point. Additionally, there’s the time and resource savings advantage of setting up a process once and having it consistently repeat as required, especially with such a delicate operation, according to Mehta.

“You’re only as secure as your weakest link to some extent,” he said. “All these processes were super manual and very obviously automatable, at least to us at the time. We started working with some customers trying to help them automate their compliance, and they were immediately able to see the value [when] things that were taking several months or even a year or two at a time could be done in just a couple quick button clicks.”

Secureframe started out as a company in 2020 and has since raised a total of $79 million in funding. Its beginnings, however, came as a result of like-minded compliance practitioners banding together to help a crop of 30-40 companies achieve compliance with tricky SOC 2, HIPAA and ISO 27001 standards, according to Mehta.

“We got working on automating as much of the compliance and security processes as we really could,” he noted. “And people kept seeing a lot of value in that. Some of our first customers ended up introducing us to some of the people that ended up investing in Secureframe, where they invested themselves because of how much value they saw.”

Differentiating primarily through expertise

As any industry or sector becomes saturated, the competing companies must each present a unique value area to differentiate from the rest. For Secureframe, that differentiator is expertise — the company was “founded and built by compliance experts,” according to Mehta.

“We’ve brought in some of the premier experts in FedRAMP, PCI, HIPAA, and we’ve really used this expertise to build our platform to architect how we do customer support and deliver value to our customers,” he explained. “One of the big things is our platform architecture is built with a common control layer, so if you are trying to comply with multiple frameworks, which most companies do especially as they scale, you’re not going to have to be doing a lot of repetitive work.”

On the value delivery front, the platform has also added capabilities for “simplified code remediation guidance” with Comply AI, Mehta added. Through it, users can automatically identify uncompliant cloud resources and be equipped with the resources to make them compliant, all in a short timeframe.

“I’ll go to my classic example of, ‘Hey, you need to encrypt your AWS S3 buckets’ — we will identify the resources that you haven’t gotten compliant and we will actually give you the AWS [command line interface] commands or the Terraform code to automatically remediate this information,” Mehta explained. “It takes a lot less time to do, and it’s getting us closer to a world where we could start to auto-remediate things that show up.”

Here’s the complete CUBE Conversation, part of SiliconANGLE’s and theCUBE’s pre-event coverage of the “Cybersecurity” AWS Startup Showcase event:

(* Disclosure: Secureframe Inc. sponsored this segment of theCUBE. Neither Secureframe nor other sponsors have editorial control over content on theCUBE or SiliconANGLE.)

Photo: SiliconANGLE