I was recently in London recording some podcasts for a Data Centre client, Asanti, and two of the areas we discussed were – surely not – AI and… compliance.
It seems to that Asanti’s Co-Lo customers are looking for reassurance that the increasing AI traffic can be managed – both in terms of quantity and delivery-wise – and ensure that their data is compliant, among ever increasing regulations and guidelines, both on the data provenance and the security side of compliance. Obviously, DCs like Asanti need to keep ahead of the game and – by a strange coincidence – I also had a most excellent conversation with Drata: – about automating compliance and managing the security risks.
The timing also coincided with Drata’s recent acquisition of SafeBase, so I was able to get the low-down on why the allied forces create the complete solution, in conversation with their respective leaders, Adam Markowitz and Al Yang (take me to your leaders). It turns out that there was serious chemistry between the two, via an early meeting, with both companies in their first year of operation and heading down parallel paths. So, put simply, the Drata element provides the compliance automation platform; the SafeBase element provides the AI-based capabilities of demonstrating – beyond doubt – of a company’s compliance, security status and ROI. Some things are meant to be.
The merging of the two vendors obviously provides significant benefits – otherwise they wouldn’t have done it – but these can be highlighted as:
- Proactive Trust Building: Real-time, dynamic trust centres to enhance transparency and streamline self-serve security reviews.
- Faster Security Reviews: AI-powered automation to accelerate questionnaire responses and close deals.
- Effortless Compliance: Advanced automation to scale compliance and simplify audits.
- Enhanced Vendor Risk Management: Greater efficiency and continuous visibility across third-party vendors and suppliers.
- Scalable GRC Programs: Meeting enterprise needs as they grow and modernize their programs.
As a number of use cases have shown, what we have with Drata is the classic “before and after” scenario; before we had insanely long timescales for manually managing and validating compliance within a company – afterwards the streamlining and acceleration produces some standout results. For example, customer Tealium’s results showed 40% faster audits, enabling a strategic focus, and gave them ongoing, real-time compliance.
Another customer Vidyard – a hosting and analytics platform – was struggling to maintain compliance demands; being SOC 2 compliant meant a huge annual load of SOC 2 Type 2 audits, routine pen testing and vulnerability scans, meaning human resource was being monopolised for the wrong reasons, from a business advancing perspective. The results of Drata’s implementation not only saw a significant reduction in time spent on audits and related assessments, but the sales process, with Drata enabling legal teams to self-serve necessary security documents, resulted in an estimated 75-80% increase in sales-enablement efficiency. And, as we know, it’s all about sales!
It will be interesting to see just how effective the new, improved, merged Drata-SafeBase model can become. Compliance regs, whether data or security related, are only getting more complex and widespread, and automation is the only way forward, at least in most parts of the world.
Definitely a case of “watch this space”…