How Air Used Compliance Automation to Sell to Enterprise

air-team
About

Air is a workplace collaboration tool for images and videos that immediately replaces cloud storage for brand-forward businesses. Founded in 2017 and headquartered in New York City, Air currently works with 1000+ companies across the globe.

LocationBrooklyn, NY
IndustrySaaS
Socials
A case of an early-stage company being committed, resourceful, and open to wearing many hats in order to successfully meet SOC 2.

The Challenge

As a quickly growing startup, we knew that our approach to sales would change once we started to go after enterprise deals. And sure enough, we started to see some of our larger prospects asking questions about our internal security measures. We never, ever wanted this to be a blocker to building relationships and growing our company.


That said, we didn’t have anyone on the team fully dedicated to security and compliance. While meeting compliance requirements was a natural next step in becoming a better product for our enterprise customers, we knew we were going to need a strong level of support and guidance in order to get it done.


The Solution

Some quick research showed us that there were numerous software solutions available on the market. We wanted something highly automated, proven, and supplemented by best-in-class support to ensure a successful audit. To be honest, we struggled a bit with choosing between a bulkier, more mature platform vs. something new with a potentially better user experience.


In the end, Drata’s demo won over our CTO, as did just how incredibly approachable the team was. We felt like Drata was going to be extremely hands-on with us and work with us every step of the way. They were patient, great listeners, and were willing to do whatever it took to ensure we were successful.


How Did Drata Contribute to or Ease the Audit Experience?

We had heard horror stories about how intense the whole audit process was, how manual and tedious. Our internal lead on this (also our head of marketing and operations!) wasn’t exactly thrilled at the thought of dealing with an endless array of screenshots and downloads.


Our concerns were immediately put to rest as soon as we accessed the platform and saw how quickly our tech integrations were set up. Onboarding was a breeze with Drata. We started clicking around right away, gained immediate visibility into our controls, and saw what we needed to collect and remediate. It was immediately impactful. From thereon, we worked closely with Drata’s customer service team to take the process one, digestible step at a time.


How Would a Manual Approach Have Changed Your Audit Readiness?

The experience would have gone from enjoyable and educational to downright brutal. Drata provided a level of automation that helped us get a massive headstart. The policy templates were a huge win for us in terms of time and effort, employee onboarding was seamless, and we loved how easily Schneider Downs, the audit firm that Drata recommended to us, got access to the data they needed for our audit.


The product TAUGHT US how to be a more secure company. We had to adapt our practices, take a look at what we had, and learn to think, act, and communicate as a security-focused organization. The language of security and compliance is not spoken by everyone, particularly a company of Air’s size. Drata helped translate this for us and put it into action.


What Advice Would you Give to Others Preparing For Their Audit?

Look for the platform that’s as automated as possible and one that will keep monitoring your controls even after you receive SOC 2. Daily monitoring is total peace of mind and with it, we can always see where we are, where we’ve been, and have the utmost confidence in where we’re going. We recently received our SOC 2 Type 1 report with Drata and now have exactly what we need to start going for our Type II.


Finally, it’s imperative that you pick the right partners, particularly if you’re a small company with no dedicated compliance resources. Work with a group of people you feel good about and that make you feel confident in the process.


We're leaning more and more heavily into enterprise relationships, and so the bar for our security status just continues to rise. Our team will continue to work with Drata to ensure we stay one step ahead and continue to lead in our security posture.

Carmi Medoff

Strategy & Ops Lead, Air

Resources for you
PCI Compliance Cost What It Takes to Become Certified

PCI DSS Compliance Cost: What It Takes to Become Certified

Cybersecurity Asset Management

Why Cybersecurity Asset Management Matters and How to Prioritize It

Drata Leadership Update

Drata Brings On New CRO and First-Ever COO to Fuel Hyper Growth

Be a Part of the Best

Join the thousands of companies who trust Drata with their evolving compliance needs.