Hear from CIOs, CTOs, and other C-level and senior execs on data and AI strategies at the Future of Work Summit this January 12, 2022. Learn more


Compliance and security automation startup Drata today announced that it closed a $25 million series A round led by GGV capital, with participation from Okta Ventures and Silicon Valley CISO Investors. The capital, which comes six months after the company’s initial seed round and launch out of stealth, will be put toward hiring across key go-to-market functions and the expansion of Drata’s into new security frameworks.

Even before the pandemic, security compliance was expensive. In 2018, businesses spent $1.3 million on average to meet compliance requirements and were expected to put in an additional $1.8 million, the International Association of Administrative Professionals reports. But that’s increasing the concern for companies making digital transformations. According to CSO Online, 66% of companies see compliance mandates driving spending in the future.

San Diego, California-based Drata’s platform aims to help companies attain compliance through security control monitoring and evidence collection. With it, users gain visibility into their security programs and can kick off compliance processes including personnel onboarding, policy creation, vendor management, risk assessment, and more.

Founded in 2020, Drata is the brainchild of Daniel Marashlian and brothers Adam and Troy Markowitz. The three saw their first venture together, the social networking platform Portfolium, acquired by Instructure for $43 million in 2019. As Portfolium grew, so did customer requests for proof of the company’s security posture, Adam Markowitz says, taking hundreds of hours and distracting the team from its day-to-day.

“Many software-as-a-service companies are still using Excel with multiple workbooks and complex formulas to capture and retain crucial information about cybersecurity compliance controls. This dumps hoards of Excel workbooks into file shares, email archives, and hard-drives — all with critical information about their company’s cybersecurity posture sitting in disconnected silos — a recipe for disaster,” Adam Markowitz told VentureBeat via email. “The shift to the cloud, explosive growth in the number of software-as-a-service companies over the last decade, along with increased frequency of data breaches, has placed a magnifying glass over the cybersecurity and compliance world.”

Process automation

In compliance, evidence collection is the act of documenting an organization’s compliance processes and outcomes. Examples of evidence include testing and certifications, risk assessment, and personal trading.

Drata offers what Adam Markowitz calls an “autopilot system” — a layer of communication between siloed tech stacks and compliance controls designed to eliminate the need to check dozens of systems to provide evidence to auditors. Drata stores evidence automatically on a single-tenant database architecture, ensuring one customer’s data doesn’t touch another’s, and tracks physical and digital assets as well as personnel and records.

Drata

Above: Drata’s online dashboard.

Image Credit: Drata

With Drata, customers can start building a solid security posture from day one and prepare an audit when they’re ready. Adam Markowitz says that to date, Drata has has tracked 550,000 assets, tested 5 million access controls, and onboarded 15,000 personnel.

“Data breaches are expensive and big companies are not immune, costing them tens of millions per year. Proof of compliance has become a requirement for doing business and building trust,” Adam Markowitz said. “There is no ‘easy button’ or clear roadmap to the finish line — trying to determine the most efficient path to compliance is nearly impossible without outside assistance or prior experience.”

Drata has a number of competitors in a security compliance market estimated to be worth over $162.5 million. There’s Securiti.ai and Safeguard Cyber, as well as DefenseStorm, which consolidates security data from multiple sources and uncovers anomalies with AI. Cybersecurity rating and risk-monitoring platform SecurityScorecard recently announced it has raised $180 million. And Vanta, a San Francisco, California-based automated security and compliance startup, closed a $50 million funding round in March.

But according to Adam Markowitz, Drata’s current customer base already includes “hundreds of companies” across various industries, including SmartRecruiters, The Good Face Project, and 360 Insights.

Clearco security engineering lead Christine Smoley said that integrating Drata only took “a matter of minutes.”

“We’re now able to see our audit-readiness in real time, and receive tailored insights outlining exactly what needs to be done to remediate gaps. The Drata team has removed the headache from the compliance experience and allowed us to engage our people in the process of establishing a ‘security-first’ mindset,” Smoley said.

New investors Cowboy Ventures, and Leaders Fund also participated in the round, along with strategic investors and security practitioners. Drata, which has around 40 employees, has raised $28 million to date.

VentureBeat

VentureBeat's mission is to be a digital town square for technical decision-makers to gain knowledge about transformative technology and transact. Our site delivers essential information on data technologies and strategies to guide you as you lead your organizations. We invite you to become a member of our community, to access:
  • up-to-date information on the subjects of interest to you
  • our newsletters
  • gated thought-leader content and discounted access to our prized events, such as Transform 2021: Learn More
  • networking features, and more
Become a member