Meeting compliance standards like HIPAA and SOC 2 can be a critical, and often mandatory, part of the cross-check matrix to ensure proper organization, but it's also one of the hardest to watch, as it involves not just evaluating the systems as they currently appear, but also making sure they continue to adhere to the standards as they grow and shrink and work with other domains.
A startup called secure frame believes it has found a solution with a system to automate this process for organizations, and secured $56 million in funding to fuel its growth.
The Boston VC led the round with the participation of financial and strategic investors. They include Kleiner Perkins, Optum Ventures (United Health), Kaiser Permanente, Alphabet's Gradient Ventures, Soma Capital, Gaingels and Flexport; as well as a number of individual investors such as Jon Oberheide (CTO of Duo Security), Ash Devata (VP/GM of Zero Trust and Duo at Cisco), Leore Avidar (Alternate CEO). Michael Viscuso, who is a partner at Accomplice and was previously the founder of another cybersecurity company, Carbon Black, joins the board with this round.
secure frame currently covers some of the most widely used and well-known privacy and security compliance standards: HIPAA for health data SOC 2 y ISO 27001. for information security, and PCI DSS for financial information. Shrav Mehta, Founder and CEO of secure frame, said the plan will be to use the funds in part to continue expanding that list to a much broader set of standards, including those specific to certain regions and use cases.
Compliance with security standards has become, unsurprisingly, given the growth in security breaches globally, a more pressing issue within organizations, but as Mehta describes, the imperative has also spread to the way organizations interact with the rest of the world: Third parties now also require potential partners to meet security compliance as part of their own value before engaging in any business activity.
"The reality is that no one wants to end up as the focus of the next big data breach or big commercial data leak," he said. “Everyone expects companies to go through security reviews now. That is the main thing that drives compliance with safety standards.”
But saying that the organization needs it, and actually fulfilling it, are two different stories.
"Security compliance is not just about internal processes, but also about risk management," he said in an interview. “It has become a management committee issue. But achieving security compliance is harder than it seems. Many do not complete the certifications or are not updated and compliant.”
The implication is that this is generally creating more of a market for companies like secure frame provide tools to meet that need.
Mehta said he first encountered these challenges while working across different organizations in previous roles, where he found himself working not only with companies but also with their partners to help create checklists to ease the security standards compliance process. He effectively calls this the "first version" of secure frame.
He eventually founded a company to produce this process, and over time he and the team have incorporated an increasing amount of automation into the mix, although he still focuses on providing human teams to help implement processes and fix problems, and still produces the best. practice lists and provides training for customers, just as Mehta would have done before starting secure frame.
The opportunity here is not only to address local and international standards for data protection, security and privacy, but also the fact that these are likely to become even more ubiquitous and codified around specific use cases with time, to meet the reality of how everything we do now normally and that is carried out on digital platforms.
“I think we will see more security and privacy regulations,” Mehta said.
This, in turn, becomes a great business opportunity, if not also a very competitive area. Companies also helping organizations with their security standards compliance today include Vanta, Drata, and SolarWinds, as well as Anecdote, which also secured funding (not to mention companies like BlueVoyant that are incorporating solutions and also addressing how the ecosystem broader is managing its security).
"secure frame is on to something big,” Mike Viscuso, founder of Carbon Black, said in a statement. “They have the vision, talent and technology to drive a major transformation in continuous compliance certification. What excites me the most is that they have already become the go-to solution for high-growth and emerging companies that want to automate their entire compliance portfolio. It's clear why Accomplice leads Series B of secure frame, and I am delighted to join the board of directors to help play a role in the continued growth of the company.”
