Vanta

Businesses cannot afford to spend time on non-core tasks, especially now when companies are grappling with global uncertainties occasioned by an economic slowdown. There is an urgent need to cut costs, increase efficiency and grow revenues.

Vanta is an automated security and compliance platform to help companies scale security and automate compliance for the most sought-after standards like SOC 2, ISO 27001, HIPAA, and GDPR. Vanta enables businesses to meet compliance and security standards faster and at a lower cost than traditional audit processes involving expensive consultants. It helps founders and management teams save time spent on pursuing certifications, allowing them to focus on strategic work.

Tags

Cybersecurity

Founding Date

Jun 1, 2017

Headquarters

San Francisco, California

Total Funding

$203M

Stage

Series B

Employees

369

Careers at Vanta

Memo

Updated

February 10, 2023

Reading Time

9 min

Thesis

With businesses increasingly moving online, the importance of online security and data privacy is growing. This shift has significantly changed the security threat landscape, and bad actors now have more opportunities to attack individuals, businesses, and institutions — a trend that has only accelerated with the impact of the COVID-19 pandemic on digital transformation and the transition to remote work. Businesses are now continually exposed to various sources of risk from cyberattacks and vendors to their employees and customers.

In the new environment, businesses must demonstrate that they aren't an easy target for attacks. Customers want the assurance that a business can be trusted to provide the necessary privacy for data and not expose them to attacks. The cost of non-compliance and security breaches is huge; the average cost of a data breach incident is expected to exceed $5 million in 2023. Also, specific privacy standards and security certifications must be met depending on the market a company is operating in or targeting to expand into. For instance, GDPR and ISO 27001 certifications are required to operate in international markets, while in the US companies have to possess CCPA/CPRA and SOC2 certifications.

Vanta is an automated security and compliance platform to help companies scale security and automate compliance for the most sought-after standards like SOC 2, ISO 27001, HIPAA, and GDPR. Vanta enables businesses to meet compliance and security standards faster and at a lower cost than traditional audit processes involving expensive consultants. It helps founders and management teams save time spent on pursuing certifications, allowing them to focus on strategic work. Businesses cannot afford to spend time on non-core tasks, especially now when companies are grappling with global uncertainties occasioned by an economic slowdown. There is an urgent need to cut costs, increase efficiency and grow revenues.

Founding Story

San Francisco-based Vanta was founded in 2016 by current CEO Christina Cacioppo and co-founder Erik Goldman, who left the company in 2020.

Cacioppo majored in Economics at Stanford and held a Master's Degree in Management Science and Engineering. She taught herself how to code and build a number of apps and websites. After graduating she worked on the investment team at Union Square Ventures and co-founded a software development house called Nebula Labs.

The idea for Vanta occurred to Cacioppo when she was working at Dropbox from 2014 to 2016. She was working as a product manager and experienced friction with the compliance department in the attempt to roll out her product, and subsequently left Dropbox to build a solution to this problem.

Vanta was then accepted Y Combinator in 2018, after which it raised a $3 million funding round and was able to acquire Notion as one of its earliest customers.

Product

Source: Vanta

Vanta helps companies strengthen their security with compliance automation software and has 4 products: Vanta Platform, Vanta Trust Reports, Vanta for Risk Management, Access Reviews and includes a plethora of compliance frameworks and integrations.

Vanta Platform

Source: Vanta

The Vanta platform is designed to enable fast-growing businesses to get compliant, demonstrate trustworthiness, and scale their security programs. It aims to minimize risk, maximize trust, and demonstrate security. For continuous monitoring of threats and breaches, it has 70+ pre-built integrations for common startup software tools and offers an API to technology partners to allow them to build integrations to specialized tools to extend the scope of real-time monitoring to other services. In addition, it provides access to a 360-partner ecosystem that includes ‍auditors, service partners, startup partners, and technology partners.

Vanta Trust Reports

Source: Vanta

Vanta Trust Reports is designed to allow companies to build trust with customers by demonstrating a commitment to security through transparent reporting. The product is intended to streamline security reviews and shorten sales cycles by making it easier for companies to produce customizable, real-time, shareable reports through an automated NDA process. Vanta Trust Reports communicate security information in a dashboard alongside commonly requested security documents and certifications.

Vanta for Risk Management

Source: Vanta

Vanta’s Risk Management tool is built to simplify and automate the process of assessing risk and optimize workflows so that they more quickly and effectively identify and reduce risk on a continuous basis. The Vanta for Risk Management tool is based on the ISO 27005 risk assessment guidelines which capture the industry’s best practices. It includes pre-built content and workflow round risk library, risk prioritization calculations, mitigation controls, mitigation tracking, ownership assignment, and risk reporting.

Access Reviews

Source: Vanta

Monitoring and managing the rights and privileges of every user interacting with the organization’s information system is crucial. Vanta automates workflows to ensure users have authorized access to the appropriate systems depending on their roles. The solution comes pre-built with system integrations, review workflows, and remediation management, allowing for timely review, adjustment, and reporting.

Market

Customer

Vanta’s current customers include government agencies, large enterprises, and small and medium-sized companies. It has more than 4,000 customers including companies like AI Insurance, Quora, Modern Treasury, Gem, Shortcut, Calm, Autodesk, and Chili Piper, among others. Its global footprint spans 58 countries.

Market size

The compliance market reached $30 billion in 2022 and is expected to grow to more than $59 billion by 2027; meanwhile, the Identity and Access Management market is expected to grow to $35.7 billion by 2030. Additionally, insider threats have grown 44% over the past two years, with costs per incident increasing to $15.4 million.

Competition

Some of Vanta’s key competitors include Drata, Kintent, Secureframe*, Ethyca, and Soveren.

Drata: Drata is a security and compliance automation platform that continuously monitors and collects evidence of a company's security controls. It raised $200 million in funding in its latest round of funding, a Series C announced in December 2022.

Kintent: Kintent is a company that helps pass audits, manage risk, and complete security reviews. It uses API-based control and risk verification to automate workflows and evidence collection. It has raised $22 million in funding.

Secureframe: Secureframe automated security, privacy, and compliance platform cover HIPAA, SOC 2, ISO 27001, and PCI DSS. It has raised $78 million in funding.

Ethyca: Ethyca allows organizations to identify where sensitive data may be used and provides an API to create permissions, reporting, and analytics. It has raised $27.5 million in funding.

Soveren: Soveren is a company that proactively detects unapproved or unlawful collection, usage, and sharing of sensitive data before it harms businesses and consumers. It has raised $6.5 million in funding.

Business Model

Vanta operates a subscription model. Customers pay an annual recurring fee for its products. It may also charge a one-off fee for other services like consultancy and integration.

Traction

Vanta started with just SO2 compliance in 2017 and has now expanded to automated compliance of over a dozen security and privacy frameworks. It had more than 3K customers and reached $10 million in annual recurring revenue by the time it raised a Series A round in May 2021. In 2022, the company nearly doubled its customer base to serve over 4,000 companies across 58 countries and expanded its global footprint with offices in Australia, Ireland, and the US.

Valuation

After raising a seed round of $3 million from Y-Combinator, the firm grew silently and found product-market fit. The Series A round of $50 million in May 2021 was led by Sequoia Capital and raised the company’s valuation to $500 million. It reached unicorn status at a $1.6 billion valuation in June 2022 after a $110 million Series B round led by Craft Ventures. The latest funding raised $40 million in a Series B extension round to finance the automation of its cybersecurity compliance, customer acquisition, go-to-market activities, and R&D. Total funding to date stands at $203 million.

Key Opportunities

New Markets

The digital revolution and increasing cloud usage across industries drive demand for compliance and security products. Besides verticals like healthcare, finance, retail, and the public sector where the company operates, there is room to expand into other industries. Emerging markets also present a growth opportunity for the company.

Evolving Expectations

High-profile data breaches and compliance failures have increased awareness of proactive ways of securing data on the internet, the need to stay compliant with required standards and regulations, and continuous monitoring of internal systems. Vanta has an early mover advantage and sits at the intersection of the right headwinds to see more growth.

Key Risks

Innovation Risk

In SaaS, a firm has to continuously innovate and improve its existing products to retain market share and grow. Building a moat is difficult due to the low barriers to entry. It took Vanta years to go beyond the offerings it started with. The last few years have seen a number of fast-moving, well-funded players enter the space. Vanta has to go the extra mile to stay at the top despite being a first mover in the space.

Regulatory Tailwinds

The compliance space is constantly and rapidly evolving, and the firm has to keep up with these changes and adjust accordingly. There is a push for real-time visibility and access to data by authorities to increase transparency in tech firm operations. 2022 saw widespread legislative activity across various geographies on data privacy bills.

Evolving Cybersecurity Threats

Threats are rapidly evolving and becoming more sophisticated, and Vanta has to continually review and upgrade the platform to safeguard its customers against these threats.

Summary

Vanta is a security and compliance software company that provides real-time proof of security that meets industry standards. It automates compliance for startups and reduces complexities associated with the process. The platform runs continuous tests to ensure the customer remains compliant and also collects evidence needed to prove ongoing compliance. Vanta streamlines those processes by integrating with other enterprise software commonly used by businesses.

*Contrary is an investor in Secureframe through one or more affiliates.

Important Disclosures

This material has been distributed solely for informational and educational purposes only and is not a solicitation or an offer to buy any security or to participate in any trading strategy. All material presented is compiled from sources believed to be reliable, but accuracy, adequacy, or completeness cannot be guaranteed, and Contrary LLC (Contrary LLC, together with its affiliates, “Contrary”) makes no representation as to its accuracy, adequacy, or completeness.

The information herein is based on Contrary beliefs, as well as certain assumptions regarding future events based on information available to Contrary on a formal and informal basis as of the date of this publication. The material may include projections or other forward-looking statements regarding future events, targets or expectations. Past performance of a company is no guarantee of future results. There is no guarantee that any opinions, forecasts, projections, risk assumptions, or commentary discussed herein will be realized. Actual experience may not reflect all of these opinions, forecasts, projections, risk assumptions, or commentary.

Contrary shall have no responsibility for: (i) determining that any opinions, forecasts, projections, risk assumptions, or commentary discussed herein is suitable for any particular reader; (ii) monitoring whether any opinions, forecasts, projections, risk assumptions, or commentary discussed herein continues to be suitable for any reader; or (iii) tailoring any opinions, forecasts, projections, risk assumptions, or commentary discussed herein to any particular reader’s objectives, guidelines, or restrictions. Receipt of this material does not, by itself, imply that Contrary has an advisory agreement, oral or otherwise, with any reader.

Contrary is registered with the Securities and Exchange Commission as an investment adviser under the Investment Advisers Act of 1940. The registration of Contrary in no way implies a certain level of skill or expertise or that the SEC has endorsed Contrary. Investment decisions for Contrary clients are made by Contrary. Please note that, although Contrary manages assets on behalf of Contrary clients, Contrary clients may take any position (whether positive or negative) with respect to the company described in this material. The information provided in this material does not represent any investment strategy that Contrary manages on behalf of, or recommends to, its clients.

Different types of investments involve varying degrees of risk, and there can be no assurance that the future performance of any specific investment, investment strategy, company or product made reference to directly or indirectly in this material, will be profitable, equal any corresponding indicated performance level(s), or be suitable for your portfolio. Due to rapidly changing market conditions and the complexity of investment decisions, supplemental information and other sources may be required to make informed investment decisions based on your individual investment objectives and suitability specifications. All expressions of opinions are subject to change without notice. Investors should seek financial advice regarding the appropriateness of investing in any security of the company discussed in this presentation.

Please see www.contrary.com/legal for additional important information.

Authors

Erick Mokaya

Fellow

See articles

Resources

Software at Scale 19 - Vanta
Vanta: Securing the Internet
Why We Invested in Vanta
SOC 2 Demystified: The Key to Closing Enterprise Deals with Vanta CEO Christina Cacioppo
Why Startups Suck at Security w/ Vanta's Head of Engineering, Matt Spitz
Christina Cacioppo - Building the New Standard in Security

Discover

CompaniesDeep DivesConversationsFellowshipAbout

Connect

Email
LinkedIn
Twitter
Subscribe

Powered by

© 2024 Contrary Research · All rights reserved

Privacy Policy

By navigating this website you agree to our privacy policy.