Cloud compliance automation platform raises $7.5M to address growing cloud risk

Enterprise danger is dynamic. As cloud adoption will increase and organizations’ environments develop, so do the dangers dealing with underlying essential knowledge property. This implies CISOs want the power to mechanically assess danger because it evolves all through the surroundings.

Suppliers like Scrut Automation, which yesterday introduced $7.5 million in funding, are aiming to allow CISOs to observe their safety posture within the cloud by way of automation. This enables them to keep up compliance with SOC 2, ISO 27001 and the GDPR with out being overwhelmed by guide administrative duties. 

Scrut Automation’s resolution presents a cloud safety posture administration (CSPM) module, which allows CISOs to observe cloud property for misconfigurations and keep a real-time cyber asset stock. There may be additionally a danger administration module to allow CISOs to attain dangers based mostly on severity. 

Extra broadly, the funding displays the fact that organizations can’t afford to depend on guide approaches to measure danger within the cloud as trendy hybrid and multicloud environments are just too advanced and fast-moving.

Automating compliance within the cloud 

The announcement comes as extra organizations are struggling to keep up compliance within the cloud. The 2022 Thales Cloud Security Report discovered that 45% of companies have skilled a cloud-based knowledge breach or failed audit previously 12 months.

“In the previous few years, the frequency, depth and complexity of breaches have elevated drastically,” stated Aayush Ghosh Choudhury, CEO and cofounder of Scrut Automation. “Furthermore, governing our bodies and prospects the world over are demanding higher safety from corporations the world over.”

In such an surroundings, steady monitoring isn’t simply good to have, however essential. “This has made it crucial for cloud-native enterprises to constantly monitor their safety posture and adjust to a number of frameworks throughout geographies,” stated Choudhury.

Scrut Automation’s method to streamlining compliance is to conduct computerized danger assessments throughout cloud environments and show them to the consumer through a dashboard, which contextualizes them by way of a danger rating.

If the consumer then needs to handle a specific danger, they’ll use automated workflows alongside alerts and reminders to drive the remediation course of.

The GRC and compliance automation market 

At a excessive degree, Scrut Automation’s resolution falls inside the governance, danger and compliance (GRC) market, which researchers valued at $39.4 billion in 2022 and can attain $76.4 billion by 2028. 

One among Scrut Automation’s principal rivals available in the market is Vanta, an automatic safety and compliance administration supplier valued at $1.6 billion. Vanta presents steady monitoring, centralized entry administration, and real-time alerts for compliance dangers throughout enterprise instruments and companies. 

One other competitor is Drata, which raised $200 million in funding in December 2022 and presents enterprises a cloud-based GRC platform to automate the gathering of compliance proof with safety posture notifications delivered through electronic mail, Slack and Microsoft Groups. 

Choudhury argues that the important thing differentiator between Scrut Automation and these different options is Scrut’s give attention to supporting CISOs in cloud-native organizations.

“For these stakeholders, the standard alternative is between compliance automation platforms — which lack the depth of safety controls a CISO wants — or a plethora of enterprise level safety options, that are heavy-weight, advanced, and costly, and result in device fatigue with out actually fixing the crux of the issue,” stated Choudhury.