UPDATED 16:23 EDT / JUNE 23 2021

SECURITY

Drata lands $25M for its automated cybersecurity compliance platform

Drata Inc., a new startup working to make it easier for companies to comply with cybersecurity standards, today announced that it has raised a $25 million funding round led by GGV Capital.

The round also included contributions from the venture capital arm of publicly traded cybersecurity provider Okta Inc., as well as Cowboy Ventures, Leaders Fund and SVCI. SVCI describes itself as an angel investor group comprising of chief information security officers at major companies.

Drata has developed a software platform that simplifies the process of complying with the SOC 2 cybersecurity standard. SOC 2 is a widely used set of guidelines for ensuring that a company processes customers’ information in a secure manner. Meeting the standard is considered essential to doing business for many tech firms, especially for those working with large enterprises, which often have particularly stringent data protection expectations.

Achieving SOC 2 compliance normally takes months because it requires a company to fulfill numerous cybersecurity criteria. An organization must set up mechanisms to encrypt customer data, deploy firewalls and implement other technologies to reduce the risk of a breach.

Moreover, it must have processes in place to react effectively should a breach occur despite its cybersecurity controls. The list of requirements extends to other areas as well: Companies must limit business users’ ability to access client data.

Drata says its platform can automate a significant portion of the process. The software connects to a company’s infrastructure and pulls data on the security of its technology assets. Then, it compares the information against the requirements set forth in SOC 2 to identify issues that the company must resolve to achieve compliance. The security gaps appear in a visual dashboard so engineers can quickly identify what systems require their attention.

After securing an SOC 2 certification for the first time, a company must periodically undergo additional audits to ensure it continues to comply with the standard. Drata says its platform’s automated security data collection features lend themselves to that task as well. The startup’s platform can regularly run scans to check that a company’s systems continue to meet SOC 2 requirements even as they change over time.

Under the hood, the platform collects the security data it uses to check compliance using a set of more than 45 connectors that Drata has built for popular platforms. The connectors allow the startup to assess the security of organizations’ public cloud infrastructure environments, GitHub code repositories and their deployments of popular software-as-a-service applications such as Office. 

Drata will use the funding to extend its platform beyond SOC to ISO 27001, a comparable cybersecurity standard popular in Europe, and grow its go-to-market team. “We onboarded our 100th customer 60 days after initial launch and are growing at an average month-over-month rate of 100%,” said Drata Chief Executive Officer Adam Markowitz (pictured, center, with the startup’s two other co-founders). “With the addition of ISO 27001 and more to come, we’re looking forward to helping more companies achieve and maintain continuous compliance.”

Drata is operating in an increasingly competitive market. In April, Kintent Inc. closed a $4 million seed investment from Tola Capital and a group of prominent tech executives to drive adoption of its Trust Cloud platform, which promises to speed up the task of achieving compliance with standards such SOC 2. Another venture-backed contender in this market is Secureframe Inc., which raised a $18 million funding round of its own in March.

If the market for tools that can automate cybersecurity compliance proves as large as Drata and its rivals hope, it’s possible that established industry players may decide to join the fray by launching competing capabilities or acquiring a startup. There’s already a sizable market for products that make it easier to comply with privacy rules such as the European Union’s GDPR regulation.

Photo: Drata

A message from John Furrier, co-founder of SiliconANGLE:

Support our open free content by sharing and engaging with our content and community.

Join theCUBE Alumni Trust Network

Where Technology Leaders Connect, Share Intelligence & Create Opportunities

11.4k+  
CUBE Alumni Network
C-level and Technical
Domain Experts
15M+ 
theCUBE
Viewers
Connect with 11,413+ industry leaders from our network of tech and business leaders forming a unique trusted network effect.

SiliconANGLE Media is a recognized leader in digital media innovation serving innovative audiences and brands, bringing together cutting-edge technology, influential content, strategic insights and real-time audience engagement. As the parent company of SiliconANGLE, theCUBE Network, theCUBE Research, CUBE365, theCUBE AI and theCUBE SuperStudios — such as those established in Silicon Valley and the New York Stock Exchange (NYSE) — SiliconANGLE Media operates at the intersection of media, technology, and AI. .

Founded by tech visionaries John Furrier and Dave Vellante, SiliconANGLE Media has built a powerful ecosystem of industry-leading digital media brands, with a reach of 15+ million elite tech professionals. The company’s new, proprietary theCUBE AI Video cloud is breaking ground in audience interaction, leveraging theCUBEai.com neural network to help technology companies make data-driven decisions and stay at the forefront of industry conversations.