Drata is a security and compliance automation platform that continuously monitors and collects evidence of a company’s security controls, while streamlining end-to-end workflows to ensure SOC 2 audit-readiness.
Why is your company the best option to solve the problem you're solving?
Drata's automation-first approach to managing compliance saves companies hundreds of hours per year that they'd otherwise spend living in spreadsheets, screenshots, and shared drive folders where they're forced to be reactive to perpetual security vulnerabilities and compliance gaps. Drata's continuous monitoring of security controls provides companies with real-time reports of their security posture to stay ahead of risk, while allowing them to build trust with their customers and prospects, and accelerate sales. Customers estimate a 10x time savings after migrating to Drata from competitive solutions.
What nuggets of info make you interesting? Why do people care about what you're doing?
A magnifying glass has been placed over data privacy and security, and companies today need to prove early and often that they prioritize the security of their customers' data. That proof comes in the form of a clean SOC 2 report, but achieving and maintaining SOC 2 compliance is a colossal task, taking hundreds of hours each year. We felt this pain firsthand scaling our previous company Portfolium (Acq. by Instructure), and saw companies being forced to invest significant resources in tackling SOC 2 - but not anymore. Drata automates security control monitoring, evidence collection, and streamlines continuous SOC 2 compliance for today’s fastest growing companies.
What else do you want us to know?
We built our last company in San Diego and are proud to be doing it again here in the best city in the world along with some of the hardest-working, fastest-growing companies out there. We're actively hiring and would love the opportunity to work together.
BEHIND THE COMPANY
What is your company's secret sauce?
Drata's proprietary automation engine is powered by integrations that read data from over 35 cloud platforms (including AWS, GCP, Azure, Heroku, Github, Bitbucket, Jira, Clubhouse, G Suite, Office 365, Gusto, Rippling, and dozens more) to continuously monitor hundreds of security controls mapped to SOC 2 criteria - alerting appropriate personnel of identified gaps, providing steps to remediate, and collecting evidence automatically. The Drata dashboard provides customers with a real-time view of their security and compliance posture so they'll know how audit-ready they are every day of the year.
What inspired you to start/run this company?
Trust is one of the most important assets we can have as individuals and as companies. Trust lies at the center of our culture at Drata - it's our core value. I've always loved Jeff Weiner's quote that "Trust is Consistency over Time." But how can we short-circuit that - how do you build trust quickly when we don't have a lot of time? I believe the best way to earn trust is to first prove that you deserve it. This is why we built Portfolium, to use evidence from our portfolios to prove our skills beyond GPA and bullet points on a resume. From 2017 to 2019, we sold Portfolium into more than 360 colleges and universities across the globe, onboarding over 5 million students into the network. As the world shifted to the cloud, and data breaches became routine events, the market dictated how companies now need to prove they're deserving of the trust of their customers when it comes to securing their data. We built Drata to help companies of all sizes and stages prove they deserve the trust of their customers and prospects by automating their security control monitoring and SOC 2 compliance.
What's the best entrepreneurial advice you've received?
“Great teams gain their strength and resilience while toiling their way through the valleys, not just from relishing the view from the peaks.” - Scott Belsky (The Messy Middle)