0
0
Transforming AI Integration in Production
In the year 2021, amidst the challenges posed by the global COVID-19 pandemic and various states of disruption, a pioneering startup named Drata emerged in San Diego, California. Driven by the collective expertise of former rocket scientist Adam Markowitz, distinguished chief technology officer Daniel Marashlian, and experienced business development executive Troy Markowitz – who now respectively serve as Drata’s CEO, CTO, and COO – the company was founded to address a widespread pain point observed across their previous ventures. That pain point involved ensuring that software developed by engineers and developers remained compliant with the diverse and continually evolving landscape of regulations, standards, and policies set forth by governments, laws, and internal frameworks.
“Our vision revolves around democratizing access to a critical building block for companies: trust,” expressed Adam Markowitz during a recent video conference interview with VentureBeat.
Drata’s Innovative Suite of Solutions
Drata’s suite of tools revolutionizes audit preparation by infusing automation across its array of offerings, thereby enhancing compliance processes by up to five times. The platform boasts a comprehensive library of pre-mapped controls, seamless evidence collection through native integrations with various cloud platforms and popular developer tools such as Github, Google Cloud Platform, AWS, AWS GovCloud, and more. Furthermore, Drata provides continuous monitoring to ensure audit readiness and accentuate security enhancements.
In addition, the platform offers over 20 auditor-approved templates for managing security policies, tools for effective audit readiness assessments to preempt any surprises, as well as expert support services available 24/7 to guide users through compliance challenges.
Revolutionizing Compliance with “Compliance as Code”
However, Drata doesn’t align with the conventional industry approach of conducting compliance evaluations post-software development. Instead, the company seeks to automate compliance checks in real-time, concurrently as engineers are coding. To further this mission, Drata recently announced the acquisition of Chicago-based startup oak9. This acquisition will enable Drata to integrate oak9’s technology and employees into its operations to usher in a new era of compliance automation, aptly named “Compliance as Code.”
This groundbreaking platform facilitates real-time, automated testing and adjustments before compliance issues escalate into production challenges, thereby expediting processes and significantly reducing the time consumed by manual compliance checks.
Notably, Drata’s CEO Markowitz compared the service to a popular writing and editing tool, Grammarly, which offers real-time suggestions to writers. Similarly, in the realm of Compliance as Code, the platform furnishes engineers with compliant code suggestions even before they commence their coding tasks. Should an engineer or their development tool generate non-compliant code, Drata’s platform swiftly identifies, notifies, and proposes the necessary code-level remediation.
The platform is currently in its beta phase and is slated to be showcased at the forthcoming RSA conference in San Francisco from May 6-9.
Efficiency Amplification through the Oak9 Acquisition
Oak9 has garnered acclaim for its “infrastructure-as-code” approach, a methodology that manages data centers through machine-readable definition files rather than hardware configurations. With oak9’s pre-loaded blueprints, customers can visually map out their server infrastructure with a drag-and-drop interface, ensuring adherence to security and compliance mandates across diverse cloud platforms.
Additionally, oak9 employs continuous monitoring and real-time security updates based on detected changes. This unique functionality now seamlessly integrates with Drata’s platform, allowing the company to engage at pivotal stages of the software development life cycle (SDLC) like the code repository and continuous integration and deployment (CI/CD) pipeline. Drata’s integration equips Governance, Risk, and Compliance (GRC) teams with tools to scan infrastructure code, flag disparities, and take corrective measures proactively prior to code deployment.
Markowitz emphasized, “With this acquisition, we aim to establish Drata as the sole compliance automation solution spanning from code creation to production – covering both pre- and post-deployment phases.” Moreover, Drata works harmoniously with a spectrum of developer tools, encompassing emerging solutions like Devin, which automatically generates code based on natural language descriptions and notes provided by users.
Oak Vyas, Co-Founder, and CEO of oak9 also articulated his outlook on the acquisition, accentuating the synergy between the two companies in advancing cloud-native security and compliance practices.
As Drata continues to integrate oak9’s capabilities into its suite of software-as-a-service (SaaS) offerings, the company aims to deliver a secure developmental environment that streamlines compliance adherence for organizations, thus rendering it more efficient and less cumbersome than ever before.
Image/Photo credit: source url
