Today marks two years since Drata officially launched out of stealth and we’re incredibly proud of how far we’ve come, and more importantly, where we’re going.
Two years ago, we first launched our compliance automation platform with an automated SOC 2 offering, often considered the gold standard of data protection and an increasingly “must-have” framework for selling any software solution. With just 15 of us and a handful of amazing beta customers, we’ve since built off our trust- and customer-centric approach to achieve the following:
Thousands of customers across small, medium, and enterprise businesses rely on Drata to automate their compliance and risk journey.
300+ employees who amplify our core values of trust and integrity and exemplify daily why we’re the leader in our space.
More than 14 compliance frameworks, standards, and regulations, a dynamic Trust Center, as well as a Risk Management solution.
Paired with $328M in total funding from the world’s leading venture firms, corporations, and individual thought leaders and operators over four financing rounds, we’ve earned the support of our auditor community and strategic partners who have joined us in our mission of making compliance effortless and accessible to companies of all sizes.
It’s been an absolute whirlwind as a cofounder of Drata, with many milestones, challenges, and lessons learned along the way. So to reflect, here are three takeaways from our first two years of growth.
Trust Is Everything
As a company with ambitious goals to transform how compliance is achieved and maintained, earning trust in such a long-standing industry would be our biggest initial hurdle. Ironically, our company’s very existence and purpose is to allow others to earn trust by proving they deserve it.
We wanted to walk the walk, to “drink our own champagne” (I learned “eating your own dogfood” didn’t sound as good) and earn our own clean SOC 2 attestation using our own product. So we delayed our launch to January 2021 until we had our clean SOC 2 report in hand. At a time where even other players in the space didn’t have their own SOC 2 report, we prioritized our security posture using our own product to do so, establishing early trust, legitimacy, and validation in the market. This decision was among the first of many where we lived our values of trust and integrity, not cutting corners or taking shortcuts, earning every inch of the market we’d win. Trust was critical in our ability to secure our first 100 customers in just 45 days after our launch, but the champagne drinking didn’t end there.
Since then, we’ve also achieved ISO 27001 certification, adhered to HIPAA, obtained SOC 1 and SOC 2 Type 2 reports, GDPR, CCPA, and more. Our vision of being the trust layer between our customers and those they do business with is built on a foundation of doing things the right way, instead of the easiest.
This permeates into every aspect of the business. We focus on hiring people we trust to take the wheel (drivers, not passengers) and live our values every day.
Your Customers’ Success Is Your Success
Throughout my career, I’ve experienced a number of products firsthand that failed to address my pain points. Drata has maintained a customer-centric approach from the start, and we actively and continuously engage with our customers so that we can design a platform for them and with them.
While a lot of conventional wisdom would tell you to invest heavily in your go to market motion at the start, we invested heavily in product and customer success, making sure our customers had and continue to have what they needed to become successful. They in turn have become our strongest advocates.The frameworks we’ve launched and solutions like Risk Management have everything to do with what pains our customers needed us to solve.
Utilize the beta periods, communicate the roadmap, and ask your customers what they would like to see next. We are always learning and always iterating.
"Drata is the most modern and frictionless product we've adopted to orchestrate security efforts. The platform is continuously improving which benefits our own systems and processes. We have a very impactful and efficient security program thanks to Drata!"
—Ian Logan, VP of Engineering, Rose Rocket
Execute. Learn. Iterate. Repeat.
Time is never on a startup’s side, but it’s not uncommon to see companies stall for the sake of perfection or get complacent with “if it ain’t broke, don’t fix it.” Drata fosters an open and transparent environment to take risks—from product development to engineering and marketing, and everything in between, we encourage our teams to try new processes and technologies and to make decisions quickly when they’re easily reversible. Nothing is ever perfect. Failing is okay as long as you can take what you learned and iterate on it next time. New ideas and breakthroughs spawn from achievements and shortcomings alike.
As we move into our third year in the market, Drata will be focused on further building out an automated GRC platform, re-investing in our customers as they scale, and turning risk and compliance from a pain point to a competitive advantage.
We are incredibly grateful to everyone who has helped us get here.
Here’s to two years, and many many more.
