Data privacy is becoming a major concern for businesses and their consumers around the world. Security breaches and data theft are some of the most prevalent incidents that online users face. Partly due to the explosion of data easily available online and partly because of bad actors and hackers trying to access and use sensitive information.
“Security is no longer just nice to have — compliance is the proof-layer between companies and those they do business with when it comes to protecting their data,” Drata’s CEO and co-founder Adam Markowitz told VentureBeat.
This situation has resulted in an increased demand for compliance standards for tech enterprises. Tech companies need better, quick, and software-driven solutions to become 100% compliant with industry standards.
Drata, a startup that helps companies get security compliance, automates dozens of processes like evidence collection and prepares for SOC 2 audits. Drata has managed to get in the unicorn club with its recent successful series B funding round which was led by ICONIQ Growth.
“Many software-as-a-service companies are still using Excel with multiple workbooks and complex formulas to capture and retain crucial information about cybersecurity compliance controls. This dumps hoards of Excel workbooks into file shares, email archives, and hard-drives — all with critical information about their company’s cybersecurity posture sitting in disconnected silos — a recipe for disaster,” Adam Markowitz
Hang on, as , we take a look at Drata’s compliance automation platform, its features, funding, and outlook for the future.
Drata was founded in 2020 by three colleagues including brothers, Adam & Troy Markowitz and Daniel Marashlian to aid and ease their customers’ security and compliance efforts using the highest level of technology available in the world right now. The preamble of Drata’s origin is as unique as the platform. It all started with Adam Markowitz who is currently the chief executive officer of Drata.
Markowitz grew up in the affluent area of Westlake Village, California. Since childhood, he dreamed of being an astronaut. He went to Westlake Highschool before dedicating his curious mind to structural engineering: aerospace structures for which he holds a B.S. degree from the University of California, San Diego. Markowitz also has an M.S. in Astronautical Engineering.
Though his academic phase was over, Markowitz was waiting to land a job that he wanted for so long. But cracking interviews turned out to be more difficult for Markowitz than literal “rocket science”. He had worked as an Aerospace Engineer in the Space Shuttle Main Engine Team at Pratt Whitney Rocketdyne back in 2008. After being a part of that project for 3 years, he was associated with Solar Turbines as Mechanical Design Engineer in 2011.
But nothing seemed to get through Markowitz interviewers. After several failed attempts, Markowitz was not able to get hired. This situation stirred the creative engineer inside Markowitz who wanted to find a way to leave the interviewers impressed. In a few weeks, while still being an undergrad at UC San Diego, Markowitz designed a portfolio of projects and activities he accomplished using a prototype that later became “Portfolium” in 2014.
Markowitz shared his creation with his childhood friend Royce Rowan who was on the same boat as him and struggling with the transition from college to career. Rowan, a marketing enthusiast was in awe of the prototype that landed Markowitz his dream job on NASA’s space shuttle program. Before Markowitz could even pitch his idea, Rowan gladly accepted his offer.
Both Rowan and Markowitz dedicated several hours of work and countless sleepless nights to designing and developing the final version of the product. Markowitz aimed to help college students who go through the same difficulties as they step out for job hunting. Portfolium launched as a social platform where students could share their portfolios with professional contacts, came into being.
"We created Portfolium to connect learning with opportunity by enabling students to recognize, showcase, and articulate the skills and competencies they acquire along their academic journeys," - Adam Markowitz
This project was joined by drata’s current CTO, Daniel Marashlian. Marashlian brought expertise in creating and leading various startups like TweetPhoto/Plixi and Pelotonics. Markowitz and Marashlian developed a bond that later on helped them collaborate on Drata. The third co-founder of Drata, Troy Markowitz also joined the Portfolium team as VP of Partnerships. Portfolium is a noteworthy success and an entrepreneurial achievement for the trio. It was acquired by Instructure Inc. in 2019 after expanding to 3600 institutions and raising $7 million.
While working on Portfolio, Markowitz got the opportunity to think about data privacy and compliance standards specifically. He noticed that after 2 and a half years of being operational and connecting more than 5 million global students through Portfolium’s network, the startup was receiving queries regarding their SOC 2 report. The SOC 2 report was supposed to act as proof of security, giving the company a green light before buying approval.
The trio could feel the demands related to data security and what could it mean for the success of tech companies like Portfolium. After digging a little deeper, Markowitz understood that the hard part was not obtaining SOC 2 report but maintaining it which took hundreds of hours on an average yearly and dedicated resources. Once Instructure Inc. acquired Portfolium, the three of them started deep analysis of the data security market, available solutions, and its shortcomings. That is how Drata started.
“Existing solutions in the market were cumbersome, services-first models, or checklist-style products — making the market quite ripe for a new, automation-first approach to security and compliance.” - Adam Markowitz
The trio of SaaS veterans that lead Drata ensured that all products offered to enterprises focus on the pain points of existing security compliance services. Therefore, the automation approach was given priority over every other feature. Drata helps clients with automated, straightforward, and continuous SOC 2 compliance via the following:
Before Drata came onto the scene, enterprises needed to put their engineering, sales, products, operations, and even HR team to dedicated several hours on perfecting compliance activities manually. The tools available were nothing but some disconnected spreadsheets but with Drata, evidence collections and other compliance operations are automated. Drata can help gain SOC 2 as well as bring back control across a multitude of company aspects.
Continuous security control monitoring is one of the most useful benefits offered by Drata’s system that runs on autopilot. Different tech stacks come together under a single communications layer so that confusing compliance standards are taken care of automatically and not manually. Drata ensures that a company’s security program has a robust foundation to avoid any unwanted complexity for ISO 27001.
The HIPAA security standard was established to protect people’s personal health information and it has now become a necessity for health-related companies. The Drata team is currently working on bringing HIPAA compliance to their automated platform. Through Drata, it would be easier and convenient to shift all focus to the growth of one’s business.
Like HIPAA is for protecting individual key health information, if you are an online merchant that accepts credit cards then PCI DSS (payment card industry data security standard) compliance is vital for your existence. Drata will soon be able to help its clients become PCI DSS compliant to guarantee that they can conduct business in an environment secure enough for all consumers.
“Companies come to Drata because their potential customers require them to show proof of security posture before closing a deal, and the proof comes in the form of a compliance certification or attestation.” - Adam Markowitz, CEO of Drata. “It’s a common occurrence for any cloud-based company handling their customers’ data — their customers want to see proof that they take data protection seriously,” Markowitz added.
Security compliance has always been expensive before the situation got worse during the pandemic. According to the International Association of Administrative Professionals, Back in 2018, tech companies spent an average of $1.3 million and an additional $1.8 million on compliance requirements. Seeing various compliance mandates, experts believe that companies might still have to shell out more in the future to remain compliant.
However, the San Diego-based company led by Adam Markowitz can improve the current situation by putting all compliance requirements on autopilot mode and handling most of the “manual” operations through its software-driven platform using automation. Drata can automate evidence collection, security control monitoring, gaining visibility, creation of policies, risk assessment, etc. Drata collaborates directly with several auditors to perform audits efficiently and grow the customer base and shorten the time limit to increase value.
Adam Markowitz says “It is a newer space, and we have been executing well and growing very quickly, faster than most expected,” said Chief Executive and co-founder Adam Markowitz. “So, the capital is about moving even faster.”
Since Drata launched in 2020, its team has been solidifying its position in the cybersecurity and compliance niche. In January 2021, Drata launched its SOC 2 product, officially coming out of stealth. Per Drata’s statistics, the company has already tracked 550,000 assets, tested over 5 million controls, and on boarded 72,000 personnel. Once it was out of stealth that went on for 10 months, Drata was able to close its Series B funding round at a $1 billion valuation and earned unicorn status.
CEO and co-founder of Drata, Adam Markowitz says “As Scott Belsky said, “fundraising is a tactic, not a goal.” Startups aren’t straight lines, and they’re not always hockey sticks — they’re more often a roller coaster, so it’s important to work with experienced partners that have strong conviction in what you’re building so that when things inevitably get rough, they’ll continue to support you while finding ways of being even more helpful.”
Notable partners who joined Drata are ClearCo, Fullstory, Netlify, Mailgun, SmartRecruiters, Vercel, BigID, Tenable, and several others. Drata serves hundreds of companies including the one mentioned earlier to actively join the compliance process and see it as an accessible and straightforward operation. Below we have described three of the top competitors of Drata who provide similar products and services.
The Virginia-based SafeGuard Cyber led by James Zuffoletti is a cybersecurity platform that was founded in 2011. The company offers data privacy and protection services against cyber threats for enterprises related to the finance and insurance sector. SafeGuard Cyber has raised a total of $87.4 million from its investors like NightDragon.
The compliance-as-a-Service startup, Laika, headquartered in New York, is another competitor to Drata. Laika launched just a year before Drata under the guidance of Austin Ogilive. This company has raised $47 million from J.P. Morgan Growth Equity Partners and Canapi as an independent company that works on regulatory compliance.
SecurityScorecard is another New York-based entity that specializes in cybersecurity and risk management for retail and financial enterprises. Aleksandr Yampolskiy is the co-founder and CEO of SecurityScorecard since it was established in 2013. The company received $292.1 million as funding in total from investors like NGP, Riverwood Capital, Silver Lake, etc.
Funding and investment-wise, Drata has had an uphill journey dating back to its Seed round to its recent Series B round. The compliance automation platform announced joining the list of San Diego-based unicorn companies after closing their most successful funding round. This early-stage venture has already been funded thrice since it came out of stealth. Total 12 investors including big shots like Cowboy Ventures, GGV, Evening Fund, Okta Ventures, ICONIQ Growth, Salesforce Ventures, and many others are keeping a close eye on Drata’s success and market growth.
With their support, Drata’s benchmark valuation crossed the $1.1 billion mark as well as their post-money valuation. But the score Oddup gave Drata is 65.38 which is comparatively lower than most readers’ expectations (given their funding success).
As we know, the Oddup score is a representation of any company’s chances of success in their relevant sector that is decided after spending long hours on various algorithmic analyses and data research. The reason behind the reduced score was the striking difference between the total funding amount raised in Series A and Series B.
“Our team didn’t start a company with the goal of fundraising — the goal is to build something incredible that solves really big problems for massive markets.”- CEO and co-founder of Drata, Adam Markowitz.
On Jan 13, 2021, Drata announced closing its seed funding round after raising $3.2 million from participating investors. This round was led by Cowboy Ventures and other participants were Leaders Fund, SV Angel, and several angel investors. Before the seed round even commenced, Drata had been actively progressing with customers like Abnormal Security, Vareto, Spot by NetApp, Chameleon, etc.
“Drata is a team of seasoned entrepreneurs and engineers who have a successful track record and have worked together for more than 10 years. The platform they developed truly delivers on the promise of automation to reduce the burden of SOC 2 compliance and sets companies up for continuous monitoring which is coming in the future.” Ted Wang, Cowboy Ventures
In June, Drata announced another funding round which turne
d out to be a bigger success than the previous seed funding round. This time around, the total amount raised by Drata was $25 million. GGV Capital led the Series A funding round. Other notable investors were Silicon Valley CISO Investments, Okta Ventures, Leaders Fund, Evening Fund, etc.
“Drata’s technology allows a company to streamline the audit preparation process, get immediate visibility into real-time security performance, and understand exactly how their controls map to various compliance frameworks. The company has proven to be a true industry disruptor with their continuous approach to compliance, and GGV looks forward to supporting the team as they rapidly scale.” Oren Yunger, GGV Capital
Series B funding was a memorable one for security compliance startup Drata as this was the round that catapulted it into the league of unicorn startups. ICONIQ Growth was the lead investor of Drata’s Series B round that totaled $100 million. Salesforce Ventures, Cowboy Ventures, GGV Capital, and other existing investors also supported making this round a huge success.
“We believe Drata’s growth in just 10 months has been nothing short of incredible, and this traction made us strong believers of the team’s exceptional product innovation and category leadership. We are inspired by companies that truly have the power to drive change, and we believe Drata’s automation-led platform has the power to do that through its unique strategic value combined with deep customer love and ability to execute.” Will Griffith, ICONIQ Growth
The co-founding trip of Drata is proud of their automated compliance solution for big or small companies in various industries. They want to support their clients’ sales by providing continuous and reliable security compliance standards without bringing down productivity. Drata’s upcoming product would be based around HIPAA standards which will focus on the healthcare sector.
To make it all happen, this unicorn startup is hiring across various verticals to bring more (global) talent onboard. Drata has hired Colin Andersen as the CISO who would oversee the inclusion of new frameworks (HIPAA and PCI DSS)
“Drata didn't build a product they thought the market wanted. They did the work to understand what the market actually needed. This customer-first focus is clearly reflected in their platform's technical sophistication and features.” Colin Anderson - Chief Information Security Officer at Ceridian
So far the future of Drata seems stable and quite exciting as they continue to charm new clients who fill their official social media pages with tons of positive reviews. It is an undeniable fact that Drata’s pioneering automation compliance process has turned a cumbersome yet crucial necessity, into something simple.