Compliance automation may be the key to beating regulatory sprawl, Vanta raises $40M   

Compliance is an all or nothing game. An organization either complies with data protection regulations to the letter or it gets hit with fines mercilessly. However, the complexity of the regulatory landscape and a shortage of cybersecurity professionals makes it difficult to reduce risk.  

Yesterday, security and compliance automation platform Vanta announced it has raised $40 million as part of an extension to a series B funding round that closed in June, which valued the company at $1.6 billion. 

Vanta’s solution provides organizations with help to meet compliance standards including SOC 2, HIPAA, and the GDPR. 

This funding round reinforces that automation is the key to remaining compliant in an era of sprawling data protection regulations, from the GDPR to the California Consumer Protection Act (CCPA). 

Manual compliance isn’t practical 

The announcement comes shortly after Sephora and Meta received steep fines for violating the CCPA and the GDPR respectively. 

While these are isolated situations, most organizations recognize the need to comply with data protection regulations, but lack the in-house resources and expertise to secure their environments. 

Trying to prevent security incidents and implement data controls manually is often impractical for these organizations, leaving them open to cyberattacks and regulatory fines. 

The answer to this predicament isn’t necessarily to bolt-on compliance as an afterthought, but to build automated processes from the ground up so that security teams can scale to secure their environments at a high level, in compliance with the necessary regulatory frameworks. 

“Today, businesses have to think about security and compliance from Day 1,” said Christina Cacioppo, CEO of Vanta. 

“Most can’t afford to hire somebody full-time, but the cost of getting it wrong is huge. Vanta levels the playing field for software companies in a downturn, helping them win business and prove their compliance with less spend overall. We’re honored to have industry leaders like CrowdStrike support Vanta as a next-generation security company,” Cacioppo said. 

Vanta provides users with auditor-vetted controls and the capability to audit their environments for compliance gaps, for regulatory frameworks including SOC 2, ISO 27001, HIPAA, PCI DSS, GDPR and CCPA, that speed up the certification process and reduce the risk of non-compliance. 

A brief look at the compliance automation market 

Polaris Market Research anticipates that the enterprise governance, risk and compliance software market will be worth $97 billion by 2028 as more organizations look to get compliance sprawl under control. 

One of Vanta’s main competitors in the market is Drata, a compliance platform that enables enterprises to automatically monitor data protection controls, identifying gaps in complying with regulatory frameworks including SOC 2, ISO 27001, and HIPAA. Drata most recently announced raising $100 million in series B funding round. 

Another competitor is HyperProof, which raised $16.5 million as part of a series A funding round earlier this year, for an automated compliance platform for managing internal controls, automating audit processes and workflows, and assessing compliance posture.  

At this stage, Vanta is aiming to differentiate itself from other providers by helping organizations enhance their compliance standing on insights taken from other company’s compliance journeys.