Starting With SOC 2: How Drata Proves Invaluable for Young Startups

Asset Scanner v2

Scanner is a security data lake platform that supercharges security investigations with fast search and detections for petabyte-scale log data sets in AWS S3.

LocationSan Francisco, CA
A case on how Drata empowers Scanner to navigate challenges with confidence and efficiency—on their own.

Why Security Is #1 at Scanner

As a young and small company also in the cybersecurity landscape, our number one focus at Scanner is the security of our systems and customer data. Our target market is a highly security-aware persona, and we know that in order to grow our business and reach larger clients we need to meet a variety of stringent compliance expectations. Because we’re committed to demonstrating that security is our highest priority at Scanner, we chose to pursue SOC 2 Type 2 early on.

We knew when we started Scanner that having a SOC 2 report would be table stakes for our customers, and we’d need it as soon as possible if we wanted to grow. Because we don't have a huge number of people that can help with managing our compliance program, we desperately searched for a tool that would take the manual load off. 

Our goal was to become SOC 2 Type 2 compliant as efficiently as possible, and Drata kept their word in helping us do that.

Drata’s Solution Is Leaps Above Competitors

When we were looking for a compliance automation platform, we vetted three other vendors. Because this process was completely new for us, we thoroughly reviewed each vendor to avoid having to switch providers down the line.

We were almost ready to move forward with another competitor when Drata caught our attention with effective communication, a 10/10 sales team, and a top-notch product walkthrough. Drata stood out because of its ease of use, affordable pricing, and knowledgeable and responsive sales and support teams. We were able to get Drata up and running in days, and we were able to receive a clean SOC 2 Type 2 report much faster than we had expected. Here are some things that made Drata the obvious choice for us.

1. Best Sales Process We’ve Been Through

Our first interactions with Drata’s sales team were exceptional—easily one of the best sales processes we've experienced. They balanced expertise with a non-pushy approach and seamlessly guided us through the platform's capabilities.

I was also impressed by the technical knowledge of the sales team. Our rep was able to explain the intricacies of Drata’s integrations, system set up, and SOC 2 compliance. Drata's commitment to education and process transparency reassured us, and their ability to seamlessly blend technical knowledge with a customer-centric approach made the entire experience invaluable. This solidified our confidence in Drata as a trusted partner.

2. Seamless User Interface

Another standout aspect was the user interface. It's incredibly clean, intuitive, and straightforward, making navigation easy—especially for a company who needs a clear understanding of what steps to take to become compliant. The platform’s ease of use helped us achieve that, compared to some competitors that had clunky interfaces.

3. They Educated Us on Compliance

From my initial conversation with Drata, I gained a clear understanding of their operations, the specific requirements for achieving SOC 2 compliance, and a visual representation of how their product contributes to compliance success. In contrast, other tools lacked transparent guidance on the compliance journey. They didn’t educate us to the same level that Drata did, so the decision to move forward with Drata was easy.

Wrapping our heads around compliance nuances was no small feat, especially for Scanner venturing into SOC 2 for the first time. Drata was a trusted partner in helping us navigate these intricacies. Take the Trust Service Criteria for SOC 2 Type 2, for example—they pointed us in the right direction, highlighting the key criteria that matter most to our customers. Through this, we gained a strategic understanding that enabled us to concentrate on the critical specific Trust Service Criteria that resonated most with our customers.

Drata truly understood our problem and educated us on how we can get to a clear solution.

Fully Supported for Success

As the CEO, I'm balancing many responsibilities that span across the entire organization, including leading the technical elements required for SOC 2 by myself. With the help of Drata, I felt fully supported by their team in accomplishing our compliance goals every step of the way.

Not to mention, the daily email we get from Drata is one of the first things I read when I start my day. I just quickly skim to make sure everything is passing and carry on, or I’ll pop in to the platform if needed. They’ve made it so easy throughout our partnership, and their support team has proved to be absolute rock stars throughout our journey.

Drata has been pivotal in expediting the entire process—helping us achieve our compliance goals much faster than initially anticipated. Read on for more details on the benefits we’ve experienced since using Drata.

1. Elite Integrations

To contextualize how important Drata is for us, even their integration with GitHub was a huge time saver. We’ve seen some users ask about our code review process and whether every single commit is reviewed. Drata allows us to track that information using GitHub, so users must get a code review before they push code.

Drata’s strong integration with Amazon Inspector allows us to see all container vulnerability findings directly from within Drata. We can then prioritize projects to address the findings all from one place.

2. Top-Notch In-App Help Center

We heavily relied on Drata's Help Center throughout the road to SOC 2. Anytime we encountered issues, we promptly dove into their comprehensive resources to address the problem. I could access detailed help articles and follow step-by-step guidance to resolve issues promptly, eliminating the need to wait for someone else's response.

For example, the Help Center is filled with solid examples that demonstrate how to set up compliance controls manually in the AWS Console. Even though we use infra-as-code tools like Pulumi, using the Help Center to understand the manual process for actions like adding proper monitoring and versioning to S3 buckets was crucial for compliance. This insight demonstrated how easily we could remediate any issues that might arise during our preparation for the SOC 2 audit.

3. Policies Made Easy

Drata’s Policy Center is a dream come true. Having pre-built templates that cover around 90 percent of the boilerplate elements was extremely efficient—especially if you consider we’re a new company and we otherwise would have had to create those policies entirely from scratch with our own resources.

Leveraging Drata’s pre-built policy templates turned into significant savings for Scanner, in both time and money. Not having to use our own resources lifted a huge weight off of us and created a great starting point for us to keep our momentum towards achieving SOC 2 Type 2.

4. Exceptional Third-Party Vendor Management Capabilities

Drata's vendor management capabilities provide us with a streamlined solution for overseeing high-risk vendors. The process of evaluating SOC 2 reports for these vendors is highly efficient, and Drata plays a key role in guiding us through vendor assessments, offering insights into crucial elements to consider. Their guidance has proven instrumental in the ongoing scalability of Scanner's security program.

Audit Hub Is a Game Changer

In our SOC 2 compliance journey, Drata's Audit Hub simplified the entire process and set the stage for our success.

After achieving SOC 2 Type 1, we quickly moved to pursue Type 2, accompanied by a three-month observation period. Given the extended audit duration, we were slightly hesitant about the additional complexity and how that would affect our timeline to achieve SOC 2.

Luckily, Audit Hub was instrumental in this process, enabling seamless collaboration with our auditor, Prescient Assurance, by providing complete access to all evidence and information stored within Drata. Our auditor was then able to highlight key controls, pinpointing requirements that may become larger challenges. We felt prepared going into our audit and confidently navigated SOC 2 Type 2.

I am extremely pleased with the SOC 2 Type 1 and Type 2 reports we received, and Drata's Audit Hub played a pivotal role in ensuring a smooth and successful audit process.

Return on Investment

The primary return on investment we’ve seen since partnering with Drata is our ability to eliminate the need for a full-time hire to manage our compliance program.

From time saved on pre-built policy templates to pre-mapped SOC 2 controls, Drata’s approach has made compliance easily manageable for our small team and further contributed to our operational efficiency. 

With reduced time spent on day-to-day compliance tasks, we can more easily balance our focus between compliance and product development. The impact of achieving SOC 2 with Drata is not just internal; every user we engage with is inquiring about SOC 2, underscoring the strategic value of our compliance journey.

What’s Next for Scanner?

As Scanner continues to receive increased interest from within Europe, we’re excited to begin venturing into new verticals and plan to strategically direct our efforts towards incorporating GDPR into our compliance program. Our ongoing partnership with Drata has proven invaluable, and we look forward to collaborating on future frameworks.

The ability to quickly achieve SOC 2 Type 2 with Drata has proven instrumental in attracting prospective customers and advancing conversations with users. This success has significantly broadened our business prospects and opened doors to substantial business growth.

Cliff Crosland


Resources for you
New Launches From Drataverse

New Launches From Drataverse: Chart Your Course

Highlights From Drataverse: Chart Your Course

Highlights From Drataverse: Chart Your Course

Image - SOC 2 penetration test list

Penetration Tests and SOC 2: Preference, Tradition, or Requirement?

Be a Part of the Best

Join the thousands of companies who trust Drata with their evolving compliance needs.