Shrav Mehta, Secureframe: “navigating security and privacy compliance is a major headache”
Strict cybersecurity compliance requirements put additional pressure on companies to invest in cybersecurity. But the rules are often associated with much confusion and unclarity.
To combat persistent cyber threats, the cybersecurity industry is constantly evolving. Either at the office or at home, we use a VPN to feel safer and browse the net anonymously. Yet, one or two cybersecurity tools aren’t enough to protect a company’s digital assets.
With this in mind, how can businesses ensure compliance with security standards if they are usually run by people who are far from being IT professionals? To learn more about this, we have interviewed Shrav Mehta, CEO and Co-Founder of Secureframe, a company that helps businesses maintain cybersecurity certifications.
Can you tell us more about your platform?
The rise of cyber threats has created urgency around security compliance like never before. Increasingly, companies require their vendors to meet security standards like SOC 2 and ISO 2700 before even considering their software or services. This forces many startups, especially SaaS startups, to complete SOC 2 certification at an earlier stage of growth.
The problem is that navigating security and privacy compliance is a major headache. Today, getting compliant is a very long, manual process. It’s a process that startups don’t have the luxury of time or resources to learn and perform.
Technologies that turn a point-in-time compliance checkbox into a true continuous security model - like Secureframe - are drastically changing security. Security and compliance can increasingly be performed at scale through automation. The time saved and reduced complexity also ensures valuable team resources are dedicated to growing the business rather than staying compliant.
A security compliance platform is a necessity in the modern world as compliance models are inherently reactive, whereas a platform can evolve proactively. Companies need to react faster to sudden threats and stay up-to-date on the latest security trends.
Secureframe combines the power of technology and expert guidance to provide a true end-to-end security compliance automation solution. Secureframe makes it quick and easy for companies to get rigorous compliance reports and certifications like SOC 2, ISO 27001, HIPAA, and PCI DSS. Our product makes the entire process of achieving and maintaining your compliance certifications easy, from automating evidence collection to supporting you throughout the audit process.
Can you tell us about your vision for the industry?
We believe it should be simple for a company to have the right security and compliance practices without being security experts. Secureframe is uniquely positioned to become the security compliance platform of choice for every business, from startup to enterprise. Secureframe has had hundreds of customers get security compliant with a 100% success rate. We quickly get your security posture up to speed and ensure you maintain compliance as you scale. We are the control center for managing your security posture and compliance control standards.
How has the pandemic affected the demand for SOC 2 certifications?
The pandemic has seen a rise in the number of startups being formed as founders look to take advantage of the socially distanced world. A large majority of these are B2B SaaS companies, which in turn has increased the demand for SOC 2 certifications as many businesses require their vendors to be SOC 2 compliant to do business with them.
Were companies as hyper-aware of the need as they are now pre-pandemic?
The demand for security compliance automation was great and growing pre-pandemic, as evidenced by the fact that many startups (including Secureframe) were founded just before the pandemic and have grown into market leaders. When Secureframe was founded, all we had was a demo request landing page. Even without any marketing, the requests immediately started flooding in. This shows that companies were, and are, hyper-aware of the need for this type of solution.
What are the biggest misconceptions companies have about compliance?
One of the biggest misconceptions companies have is that the process can be entirely automated. Yes, you can automate much of the evidence collection, which our platform does, but a large portion of the compliance process is the actual audit, which will require significant time answering questions and finding additional evidence if the audit prep is not expertly done. This is why having a compliance expert assisting you throughout the process is important for a smooth audit experience.
How will the continued rise in threats shape the future of the compliance industry?
2021 was a record year for data breaches, with 1,243 security incidents affecting over 5 billion records. It’s increasingly difficult for companies to manage all of the disparate data across systems and teams. Government cybersecurity regulations are tightening worldwide, with GDPR and CCPA going into law in the last few years and a record $16 million in HIPAA violations in 2018. We see the compliance automation market as a $60 billion + market growing 11% year over year for the next five years. Compliance will only continue to grow in importance as a key initiative for technologies companies of all sizes and areas of focus.
What other certifications or regulations might arise in the future?
Regulations and certifications are often backward-looking, so any new ones are likely to arise based on currently unforeseen attacks. That said, with the rise of remote work and more and more workers using business devices on their home networks, there may be a certification specific to WFH employees. This would probably include a very strong MDM requirement with onboarding and offboarding requirements and controls around “bring-your-own-device” situations.
What’s next for Secureframe?
We want to make modern security and compliance accessible to organizations of any size. We plan to continue building a platform that automates the compliance process while expanding beyond the frameworks to help companies stay secure as new threats arise. Technology is evolving at an unprecedented pace, so we are committed to being a partner to all of our customers by building a cutting-edge security compliance platform.