Secureframe is an automated compliance platform built by experts in the field. Pulse 2.0 interviewed Secureframe founder and CEO Shrav Mehta to learn more about the company.
Shrav Mehta’s Background
What is Mehta’s background? Mehta said:
“We help thousands of companies build, maintain, and streamline the time-consuming yet critical tasks that compliance procedures require. After my own experiences dealing with clunky security and compliance processes at previous startups, I founded Secureframe to automate and streamline those critical services.”
“For as long as I can remember, I’ve been passionate about technology and entrepreneurship. As a teenager, I developed more than a dozen Android apps that garnered millions of installs. This early success showed me the incredible potential of building useful, digital products.”
“I’m driven by the desire to build great products that solve real problems for businesses. With Secureframe, we’re making compliance achievable for companies of all sizes. It’s immensely fulfilling to see the positive impact our platform is having for our customers every day.”
Formation Of Secureframe
How did the idea for Secureframe come together? Mehta shared:
“A few years ago, we were exploring different ideas within the world of software security and I started asking people in my network if they would be interested in tools to automate some of the SOC 2 compliance process. Many people said yes, but I didn’t really know how serious they were. One person I talked to called me back a month later and asked where the product was. I quit my job that week and started building the minimum viable product (MVP) for what is now Secureframe.”
“We got the customer done with their SOC 2 and they were incredibly happy. And that was the impetus for why we decided to focus on this idea — clearly, it was something people needed. We had 40+ companies on the waitlist by the time we actually had an MVP that we could utilize with all these customers.”
Favorite Memory
What has been your favorite memory working for the company so far? Mehta reflected:
“When we were first building Secureframe, many of the big auditors told us that automating compliance was not really possible. However, my team and I thought otherwise. We realized that many of the manual and time-intensive tasks we were doing, such as screenshotting an AWS dashboard or a GitHub repo to pull down information, could be streamlined through automation.”
“Despite the skepticism we faced, we were convinced that with the right approach and technology, many parts of the compliance process could indeed be automated. We recognized that the belief that it couldn’t be done was more of a preconceived notion rather than a fact.”
“Drawing from our experiences at previous startups, we knew that other companies were facing similar challenges and were actively seeking automated solutions to simplify their compliance efforts. This further motivated us to develop Secureframe and provide the much-needed automation in the compliance space.”
Core Products
What are the company’s core products and features? Mehta explained:
“Secureframe’s platform helps organizations achieve and maintain compliance with standards like SOC 2, ISO 27001, HIPAA, CIS, and NIST frameworks to name a few. We automate risk assessments and monitor third-party vendors’ compliance status, ensuring they adhere to necessary security and privacy standards. Our platform also streamlines internal risk management processes, including automating risk assessments, mapping controls to risks, and continuously monitoring for non-conformities. We assist companies in preparing for audits and our customers range from startups to large global enterprises, with our platform flexibly adapting to their specific compliance needs.”
Challenges Faced
What challenges have Mehta and the team faced in building the company? Mehta acknowledged:
“One challenge we’ve faced is keeping up with the rapid pace of AI. At Secureframe, we decided to utilize AI where we think it’ll really help our customers, which we believe is risk mediation and vendor management. We’re using it to make the whole compliance process even faster and easier.”
“We also created a broader range of frameworks, including the NIST AI Risk Management Framework (NIST AI RMF) and ISO 42001, enabling teams to automate their compliance protocols.”
Evolution Of Secureframe’s Technology
How has Secureframe’s technology evolved since launching? Mehta noted:
“We used to be highly focused on compliance automation but now AI is the core of our product focus. Automation is where we started and will always be a critical part of the product but AI is where we’re going. We’ve already made huge leaps in using our proprietary AI technology to solve our customer’s compliance issues and continue to roll out product features and updates on an ongoing basis.”
Significant Milestones
What have been some of the company’s most significant milestones? Mehta cited:
“The thing we’re really excited about these days is the traction we’re seeing with enterprise customers. Most enterprises still have the same problems with security and compliance that they’ve always had — the process is too slow and very manual, and they need deeper levels of automation. But there are so many frameworks and regulations that they need to comply with. The problem is just much bigger than it is for smaller companies, but it’s one that Secureframe is able to solve.”
“We’ve also raised $78.5 million in total funding and achieved a remarkable 10x annual recurring revenue growth in 2021, milestones that wouldn’t be possible without our dedicated team and loyal customers.”
Customer Success Stories
After asking Mehta about customer success stories, he highlighted:
“Customers like Akooda, OttoMoto, and Stream have praised Secureframe’s expertise, efficiency, and AI-driven enhancements that dramatically reduce administrative burdens:
- ‘We can approach larger companies and move a lot quicker. And, we don’t need to do a bunch of security questionnaires anymore. We can simply show our SOC 2 report and keep the process moving.’ — Yuval Gonczarowski, Founder and CEO, Akooda.
- ‘Secureframe’s latest AI-driven enhancements have dramatically reduced our administrative burden, enabling us to reallocate resources more effectively.’ — Athena Kennedy, Director of Product Management, OttoMoto.
- ‘Secureframe was instrumental in helping us get SOC 2 and ISO 27001 certified. We always felt like we were talking to experts in the field. Compared to other competitors, choosing Secureframe is a no-brainer.’ — Tommaso Barbugli, Co-Founder and CTO, Stream.”
Differentiation From The Competition
What differentiates the company from its competition? Mehta affirmed:
“Secureframe stands out with unparalleled compliance expertise and agility in keeping our platform updated with our customers’ evolving needs. We have the most configurable platform with 300+ deep integrations with core business systems, so companies can adjust Secureframe to work with their existing compliance processes. Secureframe also has out-of-the-box support for over 40 frameworks, the most of anyone in the space, including PCI DSS 4.0, ISO 42001, and more.”
“For example, let’s say your organization was compliant with PCI DSS v3.2.1 and now has to comply with the latest version, PCI DSS 4.0. Within Secureframe, as many applicable controls from 3.2.1 as possible were mapped to 4.0 so organizations can see an accurate difference between their work in the old report versus the new report. Many similar solutions don’t offer this level of control mapping or at all so it’s difficult to understand what additional work is required to comply with v4.0, which may force you to waste time repeating the same activities and delay your new report.”
Future Company Goals
What are some of the company’s future goals? Mehta concluded:
“At Secureframe, we are committed to continually investing in and enhancing our AI product capabilities. Our goal is to provide a comprehensive, AI-driven solution that can handle even the most complex compliance tasks with unparalleled efficiency. This includes generating compliant policies, ensuring proper implementation, answering security questionnaires, conducting risk assessments, and monitoring third-party vendor compliance status seamlessly.”
