Announcing Secureframe
The QuickBooks for Compliance
A huge congratulations to my friend, Shrav Mehta, who is launching Secureframe today to simplify the compliance and audit processes for businesses. Secureframe is an all-in-one platform for integrated security compliance and audit readiness to make sure companies are SOC 2 and ISO 27001 ready.
Why does this matter?
The problem is painful today - Obtaining SOC 2 compliance typically takes six to twelve months and requires companies to regularly revisit their systems to ensure compliance standards are continuously met. Navigating the audit itself is tricky for two reasons:
The process is ambiguous: There is no one-size-fits-all requirement list that all companies can follow. Instead, there are criteria that can be selected to demonstrate an organization is compliant. Navigating and picking which criteria to meet is hard to navigate and obscure.
It’s a time suck: The audit process itself is long, where a company has to walk through various evidence to prove the organization is compliant with the practices, procedures, and controls they have claimed to have implemented. This is on top of the numerous hours it takes for employees to gather all that evidence and implement any additional controls they want to be included in the report.
Enter Secureframe
Secureframe allows companies to become SOC 2 compliant within weeks, rather than months - the platform automatically monitors 25+ services, including Amazon Web Services, Google Cloud, Microsoft Azure, Github, and JAMF, to ensure compliance standards are met.
This is a huge time saver since lot of SOC 2 compliance work is manual work that is unwieldy (e.g. creating a PDF of your company’s org chart (?!) and related tedious tasks). And what’s interesting is there’s a network effect baked into this business - when companies use Secureframe, and security flaws are detected in their vendors, customers provide more customers that need SOC 2 certifications. As mid-market companies scale towards enterprise, security and compliance certification isn't just an arms race to defend your business anymore. You’re able to change the narrative of becoming enterprise ready when approaching new enterprise companies as a vendor.
Why now
The enterprise governance, risk, and compliance (eGRC) market is expected to grow from 32.3 billion USD in 2020 to 60.8 billion USD by 2025 - however, org compliance is currently served by a mix of legal teams and outsourced security auditors, resulting in a slow, pricey, and cumbersome process.
On top of that, security compliance overhead is shifting from being initiated by companies to being mandated by governments as we’ve seen with GDPR and CCPA. These new legislations have increased business compliance costs and most companies lack the expertise or budget to ensure compliance with these new laws.
And in light of COVID which has shifted the paradigm to a growing number of distributed companies, compliance overhead has taken a forefront as security teams are adopting a zero-trust approach, ensuring applications are explicitly authenticated and tightly audited. Regularly conducted audits to ensure security and compliance are now table stakes for companies working with other businesses or any type of customer data.
SOC 2 is now a standard that every business is expected to meet and maintain, a time and capital intensive endeavor to stay compliant and also gear up enterprise readiness amidst this environment. I have no doubt this trend will become more and more important with the growing number of organizations in the cloud today.
Why Shrav
I’ve known Shrav for over five years - From the first time we met, I knew he was someone to look out for because of his immense persistence, courage, and curiosity (ex. He’s helped multiple high growth startups scale from $0 to $50mm+ in revenues). It’s incredibly rare to meet a founder who has strong product vision and an intuitive sense around distribution and how a company can scale effectively - even before Shrav started Secureframe, he consistently demonstrated excellence on both fronts. So when he told me he was going to start this company, it was a no brainer to invest and support.
Good news - they are hiring so visit their career page to apply!