Cloud compliance automation platform raises $7.5M to address growing cloud risk

Enterprise risk is dynamic. As cloud adoption increases and organizations’ environments expand, so do the risks facing underlying critical data assets. This means CISOs need the ability to automatically assess risk as it evolves throughout the environment.

Providers like Scrut Automation, which yesterday announced $7.5 million in funding, are aiming to enable CISOs to monitor their security posture in the cloud through automation. This allows them to maintain compliance with SOC 2, ISO 27001 and the GDPR without being overwhelmed by manual administrative tasks. 

Scrut Automation’s solution offers a cloud security posture management (CSPM) module, which enables CISOs to monitor cloud assets for misconfigurations and maintain a real-time cyber asset inventory. There is also a risk management module to enable CISOs to score risks based on severity. 

More broadly, the funding reflects the reality that organizations can’t afford to rely on manual approaches to measure risk in the cloud as modern hybrid and multicloud environments are simply too complex and fast-moving.

Automating compliance in the cloud 

The announcement comes as more organizations are struggling to maintain compliance in the cloud. The 2022 Thales Cloud Security Report found that 45% of businesses have experienced a cloud-based data breach or failed audit in the past 12 months.

“In the last few years, the frequency, intensity and complexity of breaches have increased drastically,” said Aayush Ghosh Choudhury, CEO and cofounder of Scrut Automation. “Moreover, governing bodies and customers across the world are demanding better security from companies across the world.”

In such an environment, continuous monitoring isn’t just nice to have, but critical. “This has made it imperative for cloud-native enterprises to continuously monitor their security posture and comply with multiple frameworks across geographies,” said Choudhury.

Scrut Automation’s approach to streamlining compliance is to conduct automatic risk assessments across cloud environments and display them to the user via a dashboard, which contextualizes them through a risk score.

If the user then wants to address a particular risk, they can use automated workflows alongside alerts and reminders to drive the remediation process.

The GRC and compliance automation market 

At a high level, Scrut Automation’s solution falls within the governance, risk and compliance (GRC) market, which researchers valued at $39.4 billion in 2022 and will reach $76.4 billion by 2028. 

One of Scrut Automation’s main competitors in the market is Vanta, an automated security and compliance management provider valued at $1.6 billion. Vanta offers continuous monitoring, centralized access management, and real-time alerts for compliance risks across enterprise tools and services. 

Another competitor is Drata, which raised $200 million in funding in December 2022 and offers enterprises a cloud-based GRC platform to automate the collection of compliance evidence with security posture notifications delivered via email, Slack and Microsoft Teams. 

Choudhury argues that the key differentiator between Scrut Automation and these other solutions is Scrut’s focus on supporting CISOs in cloud-native organizations.

“For these stakeholders, the typical choice is between compliance automation platforms — which lack the depth of security controls a CISO needs — or a plethora of enterprise point security solutions, which are heavy-weight, complex, and expensive, and lead to tool fatigue without really solving the crux of the problem,” said Choudhury.

VentureBeat’s mission is to be a digital town square for technical decision-makers to gain knowledge about transformative enterprise technology and transact. Discover our Briefings.