Security and Compliance - Moving at the Speed of Drata

December 7, 2022

ICONIQ Growth deepens its partnership with Drata, a prominent security and compliance automation platform, by leading the company's $200M Series C. 

Written by: Will Griffith, Murali Joshi, Richa Mehta, and Rishab Bhandari

Drata’s co-founders (left to right): Troy Markowitz, Adam Markowitz, and Daniel Marashlian

We have been highly impressed by the execution from Drata's founders Adam Markowitz, Daniel Marashlian, Troy Markowitz, and the entire Drata team and we are thrilled to deepen our partnership with the category-defining security and compliance automation platform. After we led Drata’s Series B a little over a year ago, ICONIQ Growth is honored and excited to lead the company's $200M Series C fundraise, alongside our friends at GGV Capital.

Companies of all sizes have begun heavily prioritizing compliance and security adherence in response to ever-increasing cybersecurity incidents and rapidly changing global regulations. Even in today's challenging macro environment, complying with standards such as SOC 2, ISO 27001, and HIPAA is a prerequisite to conducting business. Yet compliance workflows are still largely manual, incredibly time-consuming, and antiquated relative to today's cloud-centric environment. With these problems extending to navigating broader governance and risk concerns, IDC projects the global GRC market to reach $15 billion in the next three years.

Drata has streamlined the traditionally laborious process of achieving and maintaining compliance by automating control monitoring and evidence collection and integrating with more than 75 robust applications and systems, providing customers with an intuitive, sleek, real-time, and automated compliance platform.

Since first partnering with Drata, we have been impressed with the speed and care with which the team delivers an exemplary solution that makes compliance effortless and accessible. When we first met Adam Markowitz, Drata's co-founder and CEO, his vision for Drata was captivating and informed by the personal pain his team experienced in achieving and maintaining compliance at their previous startup. The deep understanding and authentic passion that we felt from our very first conversation with Adam, Daniel, and Troy resonated with us in the same way we felt when we met with other ICONIQ Growth founders from some of the largest infrastructure and security companies. The team demonstrated infectious passion about creating cutting-edge software to automate compliance workflows and generate a full-scale GRC solution to make their customers successful.

We knew there was something rare about "Drata Speed" and the company's product launch velocity when we first met the team, but the past year we have been amazed about what is possible to achieve in record time. Drata's innovative platform initially helped customers achieve compliance with SOC 2. This past year, Drata has accelerated that pace, addressing customer needs by launching support for HIPAA, ISO 27001, GDPR, PCI DSS, and more than fourteen compliance frameworks.

Drata has also released a set of new, market-defining products to automate further customer compliance workflows, notably a Risk Management solution that tracks vendor security posture and a Trust Center that helps companies display their security controls in real-time, eliminating static security questionnaires. Security teams become captivated by Drata's ease of set-up and robust, enterprise-grade security functionality, intuitive UI, and powerful automation technology. Customers have cited frustrations with other solutions in the market while commenting that "Drata's automation has been a breath of fresh air" and the platform has been "incredibly intuitive… making compliance effortless."

We have spoken to over 100 market experts (competitors, customers, industry leaders, and others) in the security and compliance automation space. Drata is unanimously recognized for its product leadership and remarkable pace of innovation. A customer shared, "There is a product enhancement every couple of weeks; it's like they have added a million updates." Hearing customers rave about a compliance solution is rare, except when they talk about Drata. Accordingly, we have seen hundreds of customers churn away from competing incumbents to work with Drata's market-leading platform. These migrations' velocity is a testament to Drata's differentiated and superior product capabilities. 

From securing its first hundred customers less than 45 days out of stealth, to reaching more than 2,000 customers – ranging from large public businesses to startups – in less than twenty months is a true testament to the company's clear and defining market leadership. Yet it is clear to us that we are still at the beginning of Drata's story. The team's relentless focus on product innovation and impressive execution has positioned Drata, unlike its peers, to work with many mid-market and enterprise companies. Nineteen ICONIQ Growth portfolio companies have procured Drata, including BambooHR, Fivetran, Loom, Monte Carlo, Orca Security, Notion, Ramp, WordPress VIP, and more – confirmation of the company's category leadership and product excellence. Through this tremendous success, the team remains incredibly humble and focused, never wavering from their commitment to customer care and constant solicitation of product feedback. 

We are grateful to be a part of Drata's journey alongside GGV, Cowboy Ventures, Alkeon Capital Management, Salesforce Ventures and, SentinelOne (S Ventures), in addition to industry luminaries and operators who deeply believe in Drata's category leadership, including Jeff Weiner (Chairman and Former CEO of LinkedIn), Frank Slootman (CEO of Snowflake), Satya Nadella (CEO of Microsoft), Amit Agarwal (President of Datadog), Olivier Pomel (CEO and Co-Founder of Datadog), Jonathan Rubinstein (Board of Director at Amazon and Former Co-CEO of Bridgewater Associates), Ed Norton (Actor and Activist), Jennifer Tejada (CEO of PagerDuty) and many others. We're also thrilled to be supporting Drata alongside the Financial Operators Guild (FOG Ventures), a group of industry-leading operators, and CISOs at Elastic, Flexport, Discord, and Postman, who have unwavering conviction in Drata's vision to automate compliance.

In this next wave of growth, we look forward to continuing to support Drata as they further define their category-leading position in the GRC space through their determined efforts to help organizations swiftly and seamlessly navigate the complexities of compliance.

The views expressed in this presentation are those of ICONIQ Growth ("ICONIQ" or the "firm"), are the result of proprietary research, may be subjective, and may not be relied upon in making an investment decision. This presentation is for educational purposes only and does not constitute investment advice or an offer to sell or a solicitation of an offer to buy any securities which will only be made pursuant to definitive offering documents and subscription agreements, including, without limitation, any investment fund or investment product referenced herein. Any reproduction or distribution of this presentation in whole or in part, or the disclosure of any of its contents, without the prior consent of ICONIQ, is prohibited. This presentation may contain forward-looking statements based on current plans, estimates and projections. The recipient of this presentation ("you") are cautioned that a number of important factors could cause actual results or outcomes to differ materially from those expressed in, or implied by, the forward-looking statements. The numbers, figures and case studies included in this presentation have been included for purposes of illustration only, and no assurance can be given that the actual results of ICONIQ or any of its partners and affiliates will correspond with the results contemplated in the presentation. No information is contained herein with respect to conflicts of interest, which may be significant. The portfolio companies and other parties mentioned herein may reflect a selective list of the prior investments made by ICONIQ. Certain of the economic and market information contained herein may have been obtained from published sources and/or prepared by other parties. While such sources are believed to be reliable, none of ICONIQ or any of its affiliates and partners, employees and representatives assume any responsibility for the accuracy of such information. All of the information in the presentation is presented as of the date made available to you (except as otherwise specified), and is subject to change without notice, and may not be current or may have changed (possibly materially) between the date made available to you and the date actually received or reviewed by you. ICONIQ assumes no obligation to update or otherwise revise any information, projections, forecasts or estimates contained in the presentation, including any revisions to reflect changes in economic or market conditions or other circumstances arising after the date the items were made available to you or to reflect the occurrence of unanticipated events. For avoidance of doubt, ICONIQ is not acting as an adviser or fiduciary in any respect in connection with providing this presentation and no relationship shall arise between you and ICONIQ as a result of this presentation being made available to you. ICONIQ is a diversified financial services firm and has direct client relationships with persons that may become limited partners of ICONIQ funds. Notwithstanding that a person may be referred to herein as a "client" of the firm, no limited partner of any fund will, in its capacity as such, be a client of ICONIQ. There can be no assurance that the investments made by any ICONIQ fund will be profitable or will equal the performance of prior investments made by persons described in this presentation.