 Hi, everyone. Welcome to this CUBE Conversation featuring Secure Frame. I'm your host, Lisa Martin, and today we are very excited to be joined by Shrav Mehta, the founder and CEO of Secure Frame. Shrav, great to have you. Thanks so much for joining me today. Thank you for having me, Lisa. My pleasure. Talk to the audience a little bit about Secure Frame, your mission, vision, founded back in 2020. But give us that history. Yeah, yeah. That's a great question. So with Secure Frame, we started it back in 2020, and we really started Secure Frame to help people secure their businesses and organizations and get compliant much faster than the regular ways of doing things. Typically, you'd have to take hundreds of screenshots just to prove, hey, my AWS S3 buckets are fully encrypted. And there's always been better ways to do this, all these cloud security services, have APIs. Most of the business systems that we have today have ways to collect this evidence automatically in a way that's more concrete. So we thought, hey, this is a great opportunity to introduce everyone to Secure Frame. And really our mission today is to help businesses become more secure and compliant, especially with everything happening today in the world of security and data breaches. Yeah, which is only just continuing to grow and grow. What were some of the inspirational elements that led you to start Secure Frame? What gaps in the market did you see? Yeah, great question. So there were a lot of issues with just very manual processes. So one of the big ones that you have to do is you have to take screenshots of everything to make sure, hey, we need to show proof that we're actually encrypting our S3 buckets that we're getting background checks for all employees that we're following all these rules and guidelines or security controls that we've set up internally. And that process has just been very manual. Getting a inventory of all your vendors and making sure that your vendors are secure, you're only as secure as your weakest link to some extent. So all these processes were super, super manual and very obviously, automatable, at least to us at the time. And we're wondering, hey, why didn't anyone do this? And we started working with some customers trying to help them automate their compliance. And they were immediately able to see the value. Things that were taking several months or even a year or two at a time could be done in just a couple of quick button clicks. And I think that was really the inspiration for Secure Frame. Like, hey, we really are adding a lot of value to these initial customers we've worked with. And I see so far you started in 2020, as you said, you raised so far 79 million in funding. Talk a little bit about the growth of the company in just a short time period. Yeah, so this is super interesting. When we, you know, one of the ways we ended up starting the company is, you know, we had a lot of people, you know, coming to myself and, you know, early members of our, you know, team just asking us, hey, you know, how do you, you know, how do you get SOC to compliant? And, you know, we used to help people with all sorts of like random things related to security. So we started getting more and more requests related to, you know, SOC 2 or ISO 27001 or how do we get HIPAA compliant? And we'd run these processes at, you know, other companies that we had worked for. So when we started asking some folks, hey, you know, if we were able to automate this for you, you know, would that be interesting? And, you know, a bunch of people were, you know, very interested. And, you know, immediately we probably had like around 30 to 40 people that were ready to use us. So we, you know, we got working on, you know, automating as much of, you know, the compliance and security processes as we really could. And people kept seeing a lot of value in that. And, you know, some of our first customers, you know, ended up, you know, introducing us to, you know, some of the people that ended up investing in Secure Frame where they invested themselves because of how much value they saw. You know, I don't think fundraising is an easy process, you know, for any founder. And I don't think it should be, you know, taken lightly. I think, you know, the best way to, to raise, you know, money is to build a great business. And I think fundamentally that's why, you know, we were able to raise this funding. Well, it sounds like the demand was pent up and it was really there. When you're in customer conversations, how do you define Secure Frame from a differentiation perspective? How is it different and better from other compliance automation platforms? Yeah. So, you know, one of the things about Secure Frame is we were founded and built, you know, by compliance experts. You know, we have done this, you know, for many companies, you know, we've brought in some of the premier experts in like FedRAMP, PCI, HIPAA. And, you know, we've really used this expertise to, you know, build our platform to, you know, architect how we do customer support and, you know, really deliver value to our customers. So, you know, one of the big things is like our platform architecture is built with a common control layer. So if you are trying to comply with multiple frameworks, which, you know, most companies do, especially as they scale, you're not going to have to be doing a lot of repetitive work. And that's something that we've really, you know, architected and thought through from the beginning and have talked to many CISOs and, you know, IT leaders about, and this is like a really, you know, big deal in just saving time and really scaling with businesses as they grow. Another big one that, you know, we launched recently is our quick and easy code remediation guidance with comply AI. So what this allows you to do is if you need to, you know, I'll go to my classic example of, you know, hey, you need to encrypt your AWS S3 buckets, you know, we will identify the resources that you haven't gotten compliant and we will actually give you, you know, the AWS CLI commands or the Terraform code to automatically remediate this information. So it takes a lot less time, you know, to do. And it's, you know, getting us closer to a world where we could start to auto remediate things that, you know, show up. So this is one of the, you know, big ways, you know, we've differentiated ourselves from competitors. But, you know, as far as like the, you know, broader landscape goes, you know, we've really been focused on, you know, launching new products like our secure frame questionnaires and secure frame trust products. So this product allows you to automatically answer our fees and security questionnaires using AI. And, you know, many of our customers, the way they come to us is they have a security questionnaire that they need to complete. And, you know, one of the items in that questionnaire might be, hey, I need to get, you know, SOC2 ready. And of course, you know, we help with that. But now we can actually help you, you know, automatically answer the security questionnaire and, you know, and or RFP that you might have. And we have all sorts of, you know, other products like our training product, which allows you to complete security awareness training or HIPAA training or PCI training that, you know, many of our customers need, you know, all in one place. And this is something that, you know, today our competitors don't really do. So a nice differentiation there. You mentioned HIPAA, SOC2, FedRAM. How does secure frame handle emerging compliance requirements and changes in regulations, as companies are facing, you know, kind of a evolving landscape there? Yeah. So this is really one of the things that, you know, I think we really do well at secure frame. We have a team internally that keeps track of all the changes to new compliance frameworks. You know, we have folks that, you know, help contribute and sit on committees to, you know, help define how these frameworks should look, you know, in the future. So we have some of the top experts that, you know, keep on top of these changes. We update them in the platform, you know, very carefully. So, you know, recently, you know, one of these, you know, very common frameworks, ISO 27,001 has gone through a series of updates. And, you know, since the first edition of these updates, you know, have come out, we've been keeping on top of it and making sure that there's a very simple, you know, couple button click, you know, type migration path, you know, so that customers who are compliant with the old version of the standard, you know, can quickly, you know, adapt to the new version without, you know, having to spend, you know, hours and hours of manual work and data entry to conform. And what are some, I'm hearing like massive time savings. What are some of your experience, some of the key benefits that secure frame customers are getting when they're dealing with emerging, changing compliance requirements and changes in regulations. What are some of those stellar standout benefits? Yeah. So, one of the things here is that oftentimes when these new frameworks are updated, they don't just give you, you know, a list of changes between the new version and the old version. They don't, you know, sometimes they, you know, leave things open to, you know, interpretation and these manuals, you know, are oftentimes like 300, 400 pages long. So, they're not easy to get through. So, one of the things that, you know, our team here does is like, you know, we read and go through all this stuff and really understand, you know, through a holistic view of our thousands of customers, you know, how would these apply, you know, what edge cases do we need to consider? And then, you know, our team goes in and implements this, you know, in the actual software so that, you know, there isn't as much work left, you know, for the company to do and just interpreting and implementing these new requirements. But also things like, hey, you know, we now need to collect, you know, evidence for, you know, a Google Cloud integration or a, you know, background check integration with Checker, you know, in a different way. You know, there could be, you know, loads of different things that, you know, might change and we, you know, handle that all, you know, behind the scenes so that you don't have to figure out, you know, how all that stuff is changing on your side. So, you mentioned thousands of customers. You guys have done a lot of work in just three, three and a half years. Do you have a favorite customer story that you think really articulates the value prop even better than you guys could yourselves? Um, yeah, that's a good question. I think one story that comes to mind, I won't name, um, you know, any names, uh, you know, over here, um, but we had, you know, one customer that, you know, is a security company and, you know, they came to us saying, hey, you know, we need to really tighten up our security. We really, you know, want to get, you know, talk to compliant. We want to get ISO 27001 compliant. You know, we have a fairly, you know, large code base and, you know, we've done a lot of the basics, but, you know, we still have a lot of room to go. Um, and as a security company, you know, we want to be, you know, in the, um, you know, tier one of, uh, like, you know, all the compliance and stuff that we should be doing. And when we first, you know, started helping them, you know, there were clearly a lot of gaps that they didn't even recognize. You know, they had so many resources, you know, across their, you know, multiple, you know, cloud accounts that, you know, were not compliant that they assumed were compliant that, you know, because we were using automation and API integrations, there's no way to miss something. Whereas in the old ways, like, you know, you'd look through, you know, maybe all the regions that you have in AWS, I think there's like 20 or some crazy number of these days. And it's so easy when you have like thousands of servers or something to miss, you know, one or two instances that, you know, maybe aren't encrypted or maybe aren't set up the right way or don't have backup setup. And with secure frame, we scan all that information. And so there's no way really for us to miss things. And I think this was really eye opening moment, you know, for the company and also for us and seeing like, you know, hey, even if you think you're secure, there's just so many things that are easy to miss when you're not using automation. And I think in that way, we've actually, you know, helped companies become even more secure than they would have otherwise, you know, anticipated. It sounds like from a security posture perspective that you're able to really impact organizations there. And as we see the cybersecurity landscape has changed and evolved so much in the last few years alone, how do you see the compliance and cybersecurity landscape evolving as we go forward? Yeah, that's a great question. So, you know, I think in the last few years, you know, cybersecurity, privacy, all the stuff has, you know, become, you know, very important, especially, you know, to enterprises, no one wants to be caught up in the next data breach or privacy breach and everyone wants to be doing the right things. So I think over the next, you know, a few years, I think, you know, getting secure and compliant is just going to be table stakes for every company, you know, a few years ago, it's like, hey, if you want to sell to the, you know, enterprise, you need to get compliant, you need to meet this minimum bar of, you know, security, maybe that's in the form of a soft two certification or, you know, something else. But now I think this is applicable to every software company. And one of the things I'm excited about with Secure Frame is that we're making this more accessible and simpler for every company to do. You know, we're not taking any shortcuts or anything, but we're literally just automating, you know, a lot of these processes that probably always should have been automated to make it just more accessible, more affordable to everyone. So I think, you know, security and compliance is just going to be table stakes for every company. I think it's going to get a lot more sophisticated over time, but I think this will lead to just a much more secure world in software. Which sounds like a pretty good future. So for organizations that are maybe just kicking off their compliance journey, what guidance can you provide them for getting started with Secure Frame? Yeah. So I mean, one, if you're getting started with Secure Frame, I think, you know, you're off on a really great start. I think the biggest things are to really protect, you know, where you have the most risk, right? You know, there's an infinite number of things that you could do to make your business, you know, more and more secure. There are, you could spend countless hours on that. I think for our customers, it's like really the basics. Things like, hey, make sure that you're using two-factor auth, a password manager. Make sure that, you know, you're encrypting everything and backing everything up in your cloud security services that you're using things like AWS guard duty, right? Like these are, you know, very basic simple things that you could do that, you know, don't take more than a few minutes to enable in most cases that I'd recommend, you know, every company do. But if you're using something like Secure Frame, you know, we guide you through our onboarding process and everything that, you know, you might want to do to get compliant, but, you know, even beyond that. So, you know, and if you have any, you know, other questions or things beyond that, that's where our customer support and customer success teams can really help. So you guys have made a big impact in a short amount of time in probably a wide variety of industries. What's your vision for the future of Secure Frame? What does it look like to you? So our vision at Secure Frame is to be the premier security privacy and compliance platform that you go to if you have any needs around your security and compliance program. That's what we're here to do at Secure Frame. We want to make that process simple, secure and effective for all our customers. I love it. Drop the mic there. Shraab, great to have you on the program. Thank you for joining me. Talking to us about Secure Frame, what differentiates you, why you were inspired to start the company and the benefits that the company and its technologies are delivering to customers? We appreciate your time. We appreciate your insights. Thank you for having me, Lisa. Oh, my pleasure. We want to thank you for watching and remind you to keep it right here on theCUBE for more action. theCUBE is your leader in hybrid tech event coverage.