Drata, a startup that helps businesses get their SOC 2 compliance, today announced that it has raised a $3.2 million seed round led by Cowboy Ventures and that it is coming out of stealth. Other investors include Leaders Fund, SV Angel and a group of angel investors.
Like similar services, Drata helps businesses automate a lot of the evidence collection as they prepare for a SOC 2 audit. The focus of the service is obviously on running tests against the SOC 2 framework to help businesses prepare for their audit (and to prepare the right materials for the auditor). To do so, it features integrations with a lot of standard online business tools and cloud services to regularly pull in data. One nifty feature is that it also lets you step through all of the various sections of the SOC 2 criteria to check your current readiness for an audit.
At the end of the day, tools like Drata are meant to get you through an audit, but at the same time, the idea here is also to give you a better idea of your own security posture. For that, Drata offers continuous control monitoring, as well as tools to track if your employees have turned on all the right controls on their work computers, for example. Because companies have to regularly renew their certification, too, Drata can help them to continuously collect all of the data for their renewal, something that previously often involved boring — and quickly forgotten — manual tasks, like taking screenshots of various settings every month or so.
Drata co-founder and CEO Adam Markowitz worked on the space shuttle engines after graduating from college, and then launched his own startup, Portfolium, when that program ended. Portfolium, which helped students showcase their work in the form of — you guessed it — a portfolio, eventually sold to Instructure in 2019, where Markowitz stayed on until he launched Drata last June, together with a group of former Portfolium founders and engineers. Besides Markowitz, the co-founders include CTO Daniel Marashlian and CRO Troy Markowitz. It was the team’s experience seeing companies go through the audit process, which has traditionally been a drawn-out and manual process, that led them to look at building their own solution.
The company already managed to sign up a number of customers ahead of its official launch. These include Spot by NetApp, Accel Robotics, Abnormal Security, Chameleon and Vareto. As Markowitz told me, even though Drata already had customers that were using the service to prepare for their audits, the team wanted to remain in stealth mode until it had used its own tool to go through its own audit. With that out of the way, and Drata receiving its SOC 2 certification, it’s now ready to come out of stealth.
As the number of companies that need to go through these kinds of audits increases, it’s maybe no surprise that we’re also seeing a growing number of companies that aim to automate much of this process. With that, unsurprisingly, the number of VC investments in this space also continues to increase. In recent months, Secureframe and Strike Graph announced their own funding rounds, for example.