Meeting compliance standards like HIPAA and SOC 2 is a critical (and often mandatory) part of the matrix of boxes that must be checked when securing an organisation, but it’s also one of the more difficult to navigate, because it entails not only assessing systems as they are now, but also ensuring that they continue to adhere to standards as they grow and shrink and collaborate with other parties.
Secureframe, a startup, believes it has found a solution with a system to automate this process for businesses, and it has announced $56 million in funding to help it grow.
Accomplice, the Boston VC, led the round, with participation from a mix of financial and strategic investors. They include Kleiner Perkins, Optum Ventures (United Health), Kaiser Permanente, Alphabet’s Gradient Ventures, Soma Capital, Gaingels, and Flexport, as well as a number of individual investors such as Jon Oberheide (Duo Security CTO), Ash Devata (VP/GM for Zero Trust and Duo at Cisco), and Leore Avidar (Alt CEO). In addition, Michael Viscuso, who is a partner at Accomplice and, in a previous life, was the founder of another cybersecurity company, Carbon Black, is joining the board in this round. Secureframe does not disclose valuation, but claims that annual recurring revenues will have increased tenfold by 2021 (but does not specify how much).Customers also grew 7x in that period, with the list including companies like Stream, Dooly, Lob, Instabase, Slab, and Doodle.
Customers increased by 7x at that time, with names like Stream, Dooly, Lob, Instabase, Slab, and Doodle on the list.
Secureframe now supports some of the most commonly used and well-known security and privacy compliance standards, such as HIPAA for health data, SOC 2 and ISO 27001 for information security, and PCI DSS for financial data.The objective, according to Shrav Mehta, Secureframe’s creator and CEO, is to use the cash in part to expand that list to a far broader set of standards, including those particular to specific locations and use cases. It interfaces with about 100 typical corporate applications to scan for compliance-related concerns, and the company claims that operations that could take six to eight weeks can be cut in half.
Compliance with security standards has become a more pressing issue within organisations, which is unsurprising given the rise in global security breaches, but as Mehta points out, the imperative has also spread to how organisations interact with the rest of the world: third parties now require their would-be partners to meet security compliance as part of their own due diligence before engaging in any business activity. (In fact, I just wrote about BlueVoyant, a cybersecurity firm whose customers rely on it to continuously audit, identify, and perhaps remediate potential breach scenarios in their supply chains—another example of how outsourcing,
The security policies of companies have spread outside their own borders.
“The truth is that no one wants to be the target of the next big data breach or business data leak,” he said. “These days, everyone expects businesses to undergo security audits. That is the primary factor pushing compliance with security standards. “
However, stating that your business needs this and actually implementing it are two different things.