Security compliance is precisely three things: incredibly boring, time consuming, and entirely necessary to run a business in the modern age. Compliance isn't going away, but startups like Drata are making it slightly easier to bear.
Drata helps companies get their SOC 2 compliance quicker by using automation. SOC 2 is a certification used to show that a company can store customer data in the cloud securely, but the process is notoriously complex and can take months to complete — and you have to do it all over again every year. That's particularly burdensome for startups and smaller firms.
Drata says it can get companies SOC 2-compliant faster and keep them in compliance for longer by integrating with popular business tools and cloud services to get a better picture of a company's security posture.
Now with a new round of $25 million at Series A in the bank, Drata said it's expanding its compliance platform to also include ISO 27001, another core security standard used all over the world to help companies protect their systems and safeguard data.
The round landed six months after its $3.2 million seed round in January, and was led by GGV Capital, with participation from Silicon Valley CISO Investors, Okta Ventures, Cowboy Ventures, Leaders Fund, and SV Angel.
Drata CEO and co-founder Adam Markowitz told TechCrunch that the company is growing on average 100% month-over-month since it launched out of stealth and is serving hundreds of customers, including three-person startups to publicly traded companies.
The startup joins several other companies in the compliance space. Secureframe raised $18 million at Series A in March to offer SOC 2 and ISO 27001 certifications. Strike Graph raised a $3.9 million seed round last year to help companies automate security audits and get FedRamp certification needed to provide technology to the federal government. And, Startup Battlefield participant Osano in 2019 raised $5.4 million at Series A to build out its risk and compliance platform.
An earlier version of this article misstated the company's location. It is based in San Diego, not Boston.
Related funding news: