Check out all the on-demand sessions from the Intelligent Security Summit here.

Security and compliance automation platform Drata has raised $100 million in a series B round of funding, valuing the one-year-old company at a cool $1 billion.

It has been a whirlwind 16 months for Drata, founded in mid-2020 before officially emerging from stealth with $3.2 million seed funding in January. The San Diego-based company then announced its $25 million series A in June. To hit a $1 billion valuation so soon after its formation is perhaps testament to the nature of its product — at a time when companies are amassing more and more customer data, they are also having to navigate a complex regulatory data privacy landscape that includes the likes of GDPR in Europe and CCPA in California, as well as long-standing industry-specific regulations.

“Security is no longer just nice to have — compliance is the proof-layer between companies and those they do business with when it comes to protecting their data,” Drata’s CEO and cofounder Adam Markowitz told VentureBeat. “Companies come to Drata because their own potential customers require them to show proof of security posture before closing a deal, and the proof comes in the form of a compliance certification or attestation.”

Being able to demonstrate security compliance is not a nice-to-have, it’s pretty much essential for any company that wants to win new business to show that they have robust security credentials.


Intelligent Security Summit On-Demand

Learn the critical role of AI & ML in cybersecurity and industry specific case studies. Watch on-demand sessions today.

Watch Here

“It’s a common occurrence for any cloud-based company handling their customers’ data — their customers want to see proof that they take data protection seriously,” Markowitz added.

Material evidence

Ensuring that a company attains the relevant ISO or SOC standard for their industry is a resource-intensive process in itself, but maintaining compliance as their roster of SaaS integrations, vendors, employees, and devices grow is a gargantuan undertaking. Drata serves to automate many of these processes by integrating with dozens of services spanning cloud platforms (e.g. AWS and Azure), identity providers (e.g., Okta and OneLogin), developer tools (e.g. GitHub and GitLab), and more. This constitutes part of the essential “evidence” gathering process that auditors require to verify that a business has a strict information security and privacy model in place.

So in effect, Drata pulls in and analyzes data from a variety of sources to deliver real-time insights into a company’s security performance, and shows what steps it still has to take to achieve compliance.

“It may be easier to delay compliance, but eventually it can haunt a business if they avoid it altogether,” Markowitz explained. “Non-compliance can be twice as costly as being compliant, as a result of fines, damage to reputation, business disruptions, and so on.”

Above: Drata dashboard

Other notable players in the space include Laika, which announced a $35 million funding round just last week from notable backers, including J.P. Morgan Growth Equity Partners and PayPal’s venture capital arm.

It’s clearer than ever that information security and data privacy is a growing concern for just about every industry. A recent Canalys report found that there was a record number of data breaches in 2020, despite growth in cybersecurity spending. This, in part at least, is being driven by the ongoing transition to the cloud and the proliferation of data across companies’ technology stack, a trend that is only going to continue as companies continue their digital transformation efforts — and central to all of this is the need to build trust.

“Establishing trust is a core issue our customers face,” Markowitz said. “Sales deals are hanging in the balance of whether a company can show proof of compliance, so being able to show a clean attestation report can be a deciding factor in whether or not a company can grow or attract a larger customer base. We not only help companies prove compliance, which then allows them to attest that they are secure, we implement continuous monitoring of the policies and systems they put in place to keep that trust over time.”

The company’s series B round of funding was led by Iconiq Growth, with participation from Salesforce Ventures, Alkeon Capital, GGV Capital, Cowboy Ventures, and Leaders Fund.

VentureBeat's mission is to be a digital town square for technical decision-makers to gain knowledge about transformative enterprise technology and transact. Discover our Briefings.