Discover how companies are responsibly integrating AI in production. This invite-only event in SF will explore the intersection of technology and business. Find out how you can attend here.
In the midst of the COVID-19 pandemic and various states of interruption three years ago, a startup called Drata was founded in San Diego, California, by the trio of former rocket scientist Adam Markowitz (previously of Aerojet Rocketdyne), recurrent chief technology officer Daniel Marashlian, and experienced business development exec Troy Markowitz, who now serve as Drata’s CEO, CTO, and COO, respectively.
The three had previously worked together and two of them had co-founded digital portfolio startup Portfolium before it was acquired in 2019, and decided to solve a common pain point seen across their various previous endeavors: ensuring software written by engineers and developers is compliant with the myriad, ever-evolving and consistently expanding wave of regulations and standards enacted by world governments, laws, and internal policies.
“Our vision here is to be able to democratize access to something that’s so important for companies to be able to build: trust,” Adam Markowitz told VentureBeat in a video conference interview earlier this week.
Drata’s suite streamlines audit preparation by integrating automation across its offerings, speeding up compliance processes fivefold. It offers a comprehensive library of pre-mapped controls, automatic evidence collection through native integrations with dozens of cloud platforms and common developer tools such as Github, Google Cloud Platform, AWS and AWS GovCloud, and more; as well as continuous monitoring to ensure audit readiness and highlight security improvements.
VB Event
The AI Impact Tour – San Francisco
Join us as we navigate the complexities of responsibly integrating AI in business at the next stop of VB’s AI Impact Tour in San Francisco. Don’t miss out on the chance to gain insights from industry experts, network with like-minded innovators, and explore the future of GenAI with customer experiences and optimize business processes.
Request an invite
The platform provides over 20 auditor-approved templates for managing security policies, tools for audit readiness assessment to prevent surprises, and expert support available 24/5 to guide users through compliance challenges.
Automating compliance checks with Compliance as Code
But rather than taking the approach followed by many companies to-date — waiting till the software is written and then having it evaluted by managers or legal departments for compliance — Drata seeks to automate this and offer compliance checks in realtime, while engineers are actually programming.
Today it is announcing the acquisition of another startup, oak9 in Chicago, to help with this mission, including all of oak9’s employees and tech, merging them into Drata (oak9’s products will be sunsetted and customers moved over to Drata.)
“We’re announcing a fully integrated solution this week that we’re calling ‘Compliance as Code,’” Drata CEO Markowitz said.
This new platform allows for real-time, automated testing and adjustments before issues can escalate into production problems, streamlining processes and significantly reducing the time required for manual compliance checks.
In a blog post, Markowitz likens the service to writing and editing tool Grammarly, which offers realtime suggestions to writers on how to rephrase words.
Except, in the case of Compliance as Code, the suggestions are for different code strings that meet the compliance standards set by customers before an engineer even begins coding.
If an engineer or their dev tool generates non-compliant code, Drata’s Code as Compliance platform “would detect it, notify you and then actually suggest the remediation at the code level,” Markowitz told VentureBeat. “It’ll show you the code changes to make.”
Then, it’s up to the developer or their manager or whoever is reviewing the code to accept the changes.
The platform is currently in beta and will be showcased at the upcoming RSA conference in San Francisco from May 6-9.
What the oak9 acquisition means for Drata
Oak9 has already established a reputation around its “infrastructure-as-code” approach, which is the process of managing datacenters through machine-readable definition files, rather than hardware configurations.
With its pre-loaded blueprints oak9’s customers can visually depict their server infrastructure as code and make security design changes with a drag-and-drop interface, ensuring adherence to security and compliance standards across any cloud platform.
Critically, oak9 achieves this by continuous monitoring and making realtime security updates based on what it detects. As a spokesperson previously told VentureBeat: “Every time a developer makes changes to the infrastructure as code, oak9 dynamically applies the right security requirements to the application, based on an understanding of the business use case, the application’s compliance and regulatory needs, and the customer’s best practices,” the spokesperson continued.
Now, Drata has integrated some of this technology into its own platform, allowing Drata to insert itself into critical stages of the software development life cycle (SDLC), such as the code repository and the continuous integration and deployment (CI/CD) pipeline.
This integration equips GRC teams with tools to scan infrastructure code, flag discrepancies, and take corrective action before the code is deployed, enhancing both efficiency and confidence in the run-up to audits.
“With this acquisition, we’re basically going to be the only compliance automation solution to go from code to production, so the before and after deployment,” said Markowitz.
It also works alongside other popular developer tools, including emerging ones such as Devin, which can automatically generate code on behalf of a user’s typed natural language description and notes.
Om Vyas, Co-Founder and CEO of oak9, also reflected on the acquisition in a press statement provided to VentureBeat, stating, “Being integrated into Drata’s platform is exceptional validation of our team’s commitment to realizing this mission. This sets a new standard in how teams tackle cloud native security and compliance.”
Drata’s Compliance as Code is offered throughout its suite of software-as-a-service (SaaS) subscription offerings, starting at $7,500 per year for startups.
As Drata continues to integrate oak9’s capabilities, it seeks to offer of a secure development environment that’s more efficient and less burdensome to remain code compliant than ever.
