Amid the COVID-19 pandemic and various states of disruption three years ago, a startup got here calling wired was founded in San Diego, California, by the trio of former rocket scientist Adam Markowitz (previously at Aerojet Rocketdyne), current chief technology officer Daniel Marashlian, and veteran business development manager Troy Markowitz, who now serves as Drata's CEO, CTO, and COO, respectively .
The three had worked together before and two of them had previously co-founded the digital portfolio startup Portfolio Acquired in 2019and decided to unravel a standard problem that arose of their various previous efforts: ensuring that software written by engineers and developers complies with the countless, ever-evolving and ever-growing wave of regulations and standards imposed by governments, laws and Internal guidelines are issued worldwide.
“Our vision here is to democratize access to something that’s so essential for firms to construct: trust,” Adam Markowitz told VentureBeat in a video conference interview earlier this week.
Drata's suite streamlines exam preparation by integrating automation across all offerings, accelerating compliance processes by five times. It offers a comprehensive library of pre-mapped controls and native automatic evidence capture Integrations with dozens of cloud platforms and popular developer tools like Github, Google Cloud Platform, AWS and AWS GovCloud and more; and continuous monitoring to make sure audit readiness and highlight security improvements.
The platform offers over 20 auditor-approved templates for managing security policies, audit readiness assessment tools to avoid surprises, and 24/7 expert support to assist users with compliance challenges.
Automate compliance checks with Compliance as Code
But as a substitute of taking the approach that many firms have taken to date – waiting until the software is written after which having managers or legal departments check it for compliance – Drata is attempting to automate this and offer real-time compliance checks, while the engineers actually program.
This can be announced today acquisition one other startup, Oak9 in Chicago, to assist with this mission, including all of Oak9's employees and engineers being merged into Drata (Oak9's products can be discontinued and customers can be moved to Drata).
“We're announcing this week a completely integrated solution that we call 'Compliance as Code,'” said Markowitz, CEO of Drata.
This latest platform enables automated testing and adjustments in real time before problems escalate into production issues. This streamlines processes and significantly reduces the time required for manual compliance checks.
In a blog post, Markowitz compares the service for the writing and editing tool Grammarly, which provides writers with real-time suggestions for rephrasing words.
With the exception of Compliance as Code, the suggestions consult with different code strings that meet compliance standards set by customers before an engineer even starts coding.
If an engineer or their development tool generates non-compliant code, Drata's Code as Compliance platform would “detect it, notify you, after which actually suggest remediation on the code level,” Markowitz told VentureBeat. “It shows you the code changes it is advisable make.”
Then it's as much as the developer or his manager or whoever reviews the code to simply accept the changes.
The platform is currently in beta and can be showcased on the upcoming RSA conference May 6-9 in San Francisco.
What the Oak9 Acquisition Means for Drata
Oak9 has already made a reputation for itself with its “infrastructure-as-code” approach, which is the technique of managing data centers through machine-readable definition files reasonably than hardware configurations.
With pre-installed blueprints, Oak9 customers can visually represent their server infrastructure as code and make security design changes via a drag-and-drop interface to make sure adherence to security and compliance standards on any cloud platform.
Crucially, Oak9 achieves this through continuous monitoring and real-time security updates based on insights discovered. As a spokesperson previously told VentureBeat: “Every time a developer makes changes to the infrastructure as code, Oak9 dynamically applies the proper security requirements to the appliance based on an understanding of the business use case, the appliance’s compliance and regulatory requirements, and the appliance .” “Our customers’ best practices,” the spokesperson continued.
Now Drata has integrated a few of this technology into its own platform, enabling Drata to suit into critical phases of the Software Development Life Cycle (SDLC), similar to the code repository and the Continuous Integration and Deployment (CI/CD) pipeline .
This integration equips GRC teams with tools to scan infrastructure code, flag inconsistencies, and take corrective actions before code is deployed, increasing each efficiency and confidence upfront of audits.
“With this acquisition, we’ll essentially be the one compliance automation solution that goes from code to production, before and after deployment,” Markowitz said.
It also works alongside other popular developer tools, including latest tools like Devin, which may robotically generate code on behalf of the user-entered description and natural language notes.
Om Vyas, co-founder and CEO of Oak9, also commented on the acquisition in a press statement to VentureBeat, stating: “The integration into Drata’s platform is a rare validation of our team’s commitment to achieving this mission.” This sets a brand new one Standard for a way teams approach cloud-native security and compliance.”
Drata's Compliance as Code is obtainable across its suite of Software-as-a-Service (SaaS) subscription offerings. from $7,500 per yr for startups.
As Drata continues to integrate Oak9's capabilities, the corporate goals to offer a secure development environment that’s more efficient and fewer burdensome than ever to take care of code compliance.
