Two pervasive trends in modern enterprise computing could work out very nicely for Shujinko.
The Seattle startup is launching Tuesday with $2.8 million in seed funding after a stint inside incubator Pioneer Square Labs. It plans to develop software-as-a-service that addresses problems companies have in trying to replicate the years of work they’ve done on compliance systems for their on-premises infrastructure when moving some of those workloads to public cloud providers.
“We’re trying to eliminate the pain and agony of compliance in the cloud,” said Matt Wells, co-founder and chief technology officer at Shujinko.
There are two things driving the need for a service like this, according to Shujinko co-founder and CEO Scott Schwan. If you’ve made it this far, you’re probably aware of the first one: companies are increasingly adopting cloud services and moving workloads from their own data centers to Amazon Web Services, Microsoft Azure, and Google Cloud.
For many companies, that move offers lots of benefits but one drawback: they need to rebuild the systems they use to certify their compliance with various business regulations, such as the PCI standards required for any business that stores and processing credit-card numbers, or the HIPAA regulations that affect health-care companies.
And that leads to the second trend at play here: as the public takes an increasingly skeptical look at technology companies, the amount of time that businesses will have to spend on making sure they comply with any new laws is likely to increase. And the compliance process is often an ongoing one, with daily, weekly, and monthly tasks that companies have to complete, Schwan said.
Schwan and Wells worked together at Starbucks and at Cardfree, a mobile payments provider, and described the painful, fairly manual, process of ensuring that your systems comply with the regulations when the auditor shows up. Essentially, companies have to verify that every level of their computing infrastructure — from hardware to the application level — is following security industry best practices for workloads governed by the various regulations.
Cloud providers can certify their customers’ hardware configurations are up to snuff with regulations, but anything you build on top of a cloud provider is your responsibility to monitor and maintain. The burden of re-creating those compliance systems in a whole new environment is not fun, takes a long time, and can expose customer data in embarrassing or illegal ways thanks to cloud configuration errors.
That’s where Shujinko comes in. The company is working with customers who are moving older workloads to the cloud or starting new ones there, and its service provides upfront help building cloud environments with compliance standards in mind. It will also monitor a customer’s infrastructure on an ongoing basis, ensuring that the customer doesn’t experience “configuration drift” as it adds and tweaks its software on the cloud, Schwan said.
The company plans to support customers building new applications or moving old ones to AWS or Azure, and will also allow hybrid cloud customers to make sure their compliance systems are running smoothly both on the cloud and on their remaining on-premises servers. “The vast majority of customers that we talk to have a multicloud or hybrid cloud strategy,” Wells said.
Bay Area investors in Shujinko’s seed round include Unusual Ventures and Defy, and they were joined by Paul Allen’s Vulcan Capital, PSL Ventures, and Vas Ventures. The company currently has five employees split between Seattle and the Bay Area, and plans to hire three or four additional engineers to build out the service with the funding.