compliance

Laika laps up $50M for its automated security compliance platform • ZebethMedia

By zebethcontrolPosted on November 8, 2022Posted in compliance, data protection, Enterprise, laika, SecurityNo Comments

Compliance with privacy and security frameworks like SOC 2, HIPAA and GDPR has become a central component not just of how organizations build trust with their users, but of how organizations work together these days: fail to meet the requirements of these frameworks, and you might lose your business relationship. Today, Laika — one of the bigger startups providing tools to help meet those compliance demands — is announcing $50 million in funding, underscoring the growth in this space. Laika will be using the equity, a Series C, to continue expanding the functionality of its platform and its wider business funnel. Laika today has some 500 customers, with that number growing four-fold in the last 12 months; and it provides integrations for some 100 different software packages to measure how client compliance stacks up across them, with tools including integrated audits, penetration testing and security questionnaires (which are using in RFPs and due diligence ahead of securing contracts). In an interview, Austin Ogilvie, Laika’s co-founder and co-CEO, said the plan will be to expand in both customer numbers and the number of sources Laika can tap to measure data protection and other compliance metrics across an organization’s wider digital footprint. Fin Capital is leading this round, with new backers Centana Growth Partners and previous investors J.P. Morgan Growth Equity Partners, Canapi, and ThirdPrime all also participating, among others not being named. Other notable past investors have included some very big names in the world of fintech, including PayPal, and fintech specialist VCs NYCA and Dash Fund — a fuller list that points to Laika’s traction in financial services in particular. The finance sector has for years at this point been a significant user of compliance software for regulatory and business reasons. But, as Ogilvie pointed out to me, we are long past the point of financial companies being the primary users of compliance tools: that is one reason why growth is motoring along for companies like Laika right now, and why Laika specifically is able to raise a decent round at a time when funding is much harder to come by for startups. On top of this, combined with Laika’s other co-founders Sam Li and Eva Pittas (respectively the co-CEO and COO, with all three pictured above), the three have collective exposure and experience across insurance, data science and risk protection that speaks to the bigger opportunity that the company is tackling. Including this latest Series C, Laika has now raised $98 million in total. While it’s not disclosing valuation, Ogilvie confirmed it was a “healthy step up” from its Series B, which PitchBook notes was $235 million post-money when that closed in 2021. (In other words it’s now more than $335 million.) For a little more context, two of Laika’s close competitors in the world of monitoring data protection compliance, Vanta and Drata, each raised rounds this year that valued them at or just above $1 billion. (See here and here.) Laika’s growing coffers come at a timely moment, and that’s not just because its competitors are also raising. First, the number of compliance frameworks being formed globally is growing; and second, the bigger an organization or its operations, the more complicated the task of ensuring compliance becomes. “Compliance has been a top for at least the last 10 years, but it’s really dialed up in the last three, where there has been just an explosion of these, some regulatory but others like PCI just a non-option when it comes to compliance,” Ogilvie said. “If you sell or work with any brand of consequence, they will do due diligence that includes security assessments, and you also have to demonstrate that you are continuously operating according to those principles.” The biggest customers might have as many as 5,000 vendors that need to be assessed and regularly audited, a task in itself that necessitates automation and a platform approach. But smaller organizations need software, too, often for a slightly different set of reasons, he said. “Some come to us having never needed to look at this. Using Laika will be the first time seeing security assessment document,” Ogilvie said. Others might be using Laika in place of having adequate staff or infosec teams in-house to monitor and maintain these data relationships. Covid, he added, increased the need for these tools, with more working remotely and in the cloud typically needing more apps and more generally a different kind of security and data protection environment. There are a number of compliance tools in the market today — no surprise considering the ever-persistent cybersecurity threats and a growing awareness among regulators and the general public of data protection. Even before Covid really became a vector, the industry was already worth some $32 billion annually. That number is projected to reach nearly $75 billion by 2028. Investors say that Laika — named after the Russian dog, the first non-human sent into space, and a “gentle nod towards pioneering and exploration,” said Ogilvie — stands out by being one of the easier tools to adopt and regularly use. “Laika has filled a unique gap in the rapidly-growing compliance automation and audit management space, by providing the only comprehensive, centralized compliance platform,” said Christian Ostberg, a partner at Fin Capital, in a statement. “By combining automation of InfoSec workflows with the integrated, tech-enabled audits, Laika has set themselves as the clear market leader shaping this fast-growing category.”

DataGrail announces automated risk assessment tool and $45M investment • ZebethMedia

By zebethcontrolPosted on October 12, 2022Posted in compliance, DataGrail, Enterprise, Privacy, third point venturesNo Comments

DataGrail has always focused on helping companies comply with the growing world of privacy regulation, building plug-ins to common data-heavy applications to help automate data discovery and compliance. Today, it’s building on that with a new automated risk monitoring solution that helps companies build third-party application risk assessments quickly. While they were at it, the startup also announced a $45 million Series C investment. Company CEO and co-founder Daniel Barber says that overall the product has evolved into a data privacy control center where customers can have a better understanding of their customer’s data privacy requirements. “We’ve seen the market move towards needing to control [privacy] because largely businesses have been out of control with how they’re managing privacy, while consumers are expecting control. And so we’ve really formed this thesis around the need for a privacy control center,” Barber explained. To help, the company has over 1400 plug-ins, up from 900 when we spoke last year, which help monitor what kinds of data are being collected and how the data moves across applications inside a company. He said they built the new Risk Monitor tool as a way to take advantage of the company’s understanding of these data flows and the risks involved. “We’re announcing this product called Risk Monitor, and what we’re really talking about here is as part of regulatory requirements, many of them require businesses to do assessments of risk,” he said. The tool is designed to help build these assessments, known as Data Protection Impact Assessments (DPIAs), in an automated way, reducing the amount labor involved to build a DPIA on the data used in a particular tool. This reduces the workload for privacy managers, while showing others inside a company what good privacy practice looks like. “What we’ve done is using our 1400 plus integrations and the existing information we know about risk and the third-party risk associated with those applications, we can pre-fill and create intelligent workflows that automate the entire [DPIA process] here to reduce the number of people involved and needed in the privacy program, while effectively centralizing that risk,” he said. In spite of the economic uncertainty that exists today, Barber says the company has grown revenue 3x since we spoke in March 2021 at the time of his company’s $30 million Series B announcement. It has also grown from 40 employees since last year to over 100 today with plans to perhaps double that in the next year powered by the new capital from the Series C investment. He says that as he builds the workforce, he is focused on building a diverse and inclusive company. “It’s something that’s kind of built into the DNA of the business from the beginning. So at the board level, we have equal women and men on the board, which is quite unusual for boards to have equal representation by gender, and we have equal representation at the executive level level as well,” he said. And they also have gender parity at the management level. While he understands that there are many dimensions to diversity, he has achieved gender diversity across all levels of the company. As for the $45 million Series C, that was led by Third Point Ventures with participation from Thomson Reuters Ventures and Sixty Degree Capital along with previous investors Felicis Ventures, Operator Collective, Next47, Cloud Apps Capital and other unnamed investors. The startup has now raised over $84 million.

Vanta lands $40M to automate cybersecurity compliance • ZebethMedia

By zebethcontrolPosted on October 12, 2022Posted in compliance, crowdstrike, cybersecurity, Falcon Fund, funding, Security, Sequoia, startup, Startups, Vanta, Y CombinatorNo Comments

Vanta, a security compliance automation startup, today announced that it raised $40 million in an extension of its Series B funding round that closed in June, which valued the company at $1.6 billion. Notably, Crowdstrike invested in the extension — which was led by Craft Ventures — through its Falcon Fund, joined by Sequoia, Y Combinator and unnamed existing investors. CEO Christina Cacioppo tells ZebethMedia that the new cash will be used to support Vanta’s customer acquisition, product R&D and go-to-market efforts. It brings the company’s total capital raised to $203 million. Cacioppo founded Vanta in 2016 to — in her words — “help companies achieve and maintain a strong security posture.” Previously a professor at the School of Visual Arts in New York, Cacioppo co-founded Nebula Labs, a software development house, before joining Dropbox as a product manager on Dropbox Paper. “With massive breaches on the rise — like Uber, Sony, Equifax — companies understand that proving their security is a must to doing business. Why? Because enterprises won’t buy a product that is not secure and regulators will crack down on any company with a weak security posture,” Cacioppo told ZebethMedia via email. “The problem is emerging companies lack the resources and expertise in-house to properly secure their perimeter, leaving them open to incoming threats and penalties for non-compliance, and they have no way to prove to their customers that their critical business assets are safe from threats.” Vanta offers services designed to enable businesses to meet regulations, compliance standards and laws, like HIPA and GDPR. The company provides workflows and controls for various apps and services to ensure compliance, allowing auditors to complete audits within Vanta and delivering alerts and guidance via email and apps like Slack. Vanta recently began offering what it calls “Trust Reports,” which aim to summarize a company’s compliance position. Behind the scenes, a monitoring engine collects data from Vanta customers’ software-as-a-service app and cloud stack and runs analyses to surface potential security threats. Cacioppo explained: “A customer’s journey in Vanta is guided by data-driven insights from the thousands of companies that have used Vanta to build and demonstrate their security. Each new customer benefits from the experience of all previous Vanta customers.” Certainly, compliance is a tricky field — one many companies struggle with. A 2021 survey from The Harris Poll found that nearly two-thirds (63%) of organizations see compliance issues as critical barriers to growth. In a separate, recent study from Telos, an IT cybersecurity firm, organizations reporting having to comply with an average of 13 different IT security and privacy regulations and spend $3.5 million annually on compliance activities, with audits taking close to two months each fiscal quarter. That’s been good for business. San Francisco-based Vanta, which employs more than 350 people, now has a customer base numbering north of 4,000 organizations that includes brands like Quaro, Modern Treasury and Autodesk. When asked, Cacioppo didn’t reveal annual recurring revenue figures — save for that revenue has grown “significantly faster” than Vanta’s valuation. “Vanta continues to drive innovation in the space by building beyond ‘check the box compliance’ to a scalable set of security tools that help address the risks inherent in running businesses in the cloud,” Cacioppo said, citing a report from Polaris Market Research that predicts the enterprise governance, risk and compliance software market will be worth $96.98 billion by 2028. “‘Growth at all costs’ has never been our MO. [I] bootstrapped the company until it hit $10 million annual recurring revenue to make sure there was strong product-market fit and the company could stand on its own … The metrics that investors are scrutinizing now — burn rate, capital efficiency, gross margins — are ones Vanta has always excelled at.” The challenge for Vanta will be beating back competitors in the increasingly crowded risk and compliance space. Just in May, Kintent, a startup providing enterprise compliance and security solutions, raised $18 million in venture capital. Earlier this year, Secureframe landed $56 million for its platform that automates an enterprise’s compliance with standards like HIPPA and SOC 2. Other rivals include Ethyca, Ketch, Soveren and Anecdotes, the last of which secured $25 million in its Series A. There’s cash to go around, fortunately. Investors poured $5.1 billion into governance, risk and compliance startups in Q2 2021, a 113% increase from Q2 2020, according to Crunchbase data cited by The Wall Street Journal. In the first 10 weeks of 2022 alone, funding reached nearly $1 billion — spurred by international sanctions and data privacy legislation like the California Consumer Privacy Act. In an emailed statement, CrowdStrike CTO Michael Sentonas said: “Compliance is no longer a siloed function — it’s a boardroom priority and an essential component of the modern security stack. We invested in Vanta because they created a way for every company, large and small, to achieve and maintain compliance by automating the process end-to-end.”