After more than 20 years of reselling security software and services, an encounter with cloud giant Amazon Web Services led Anitian founder and CEO Andrew Plato in a very new direction.
AWS, a customer of Anitian, realized that the Portland security company’s automation platform could also be used to automate one of the fastest-growing headaches in modern business: compliance. A survey of customers conducted by Anitian last year concluded that a major reason why big companies were delaying a move to cloud computing was due to the painstaking process of making sure those new cloud-based application environments were compliant with industry regulations or government requirements, and if there’s one thing that tech executives like to do, it’s automate things, Plato said in a recent interview with GeekWire.
At its annual re:Invent conference last year, AWS announced a new ATO (Authority to Operate) service with dozens of partners, including Anitian, designed to make it easier and faster to obtain certifications such as FedRAMP and PCI that are required to do business with the U.S. government. Soon after that, after being shown a demonstration of Anitian’s product, one tech executive told Plato “you guys solved a really big problem that haunts every shop I’ve ever worked in,” he recalled.
That led to $11 million in funding in February 2019, and now Anitian is planning to nearly double headcount both in its office just over the Portland city line in Tigard and around the country to around 60 employees by the end of the year, Plato said.
“If you’re a company that needs to get an application PCI compliant, we are the fastest way to do that,” Plato said. “We took Smartsheet from nothing to FedRAMP compliant in 60 days,” a process that can otherwise take months, he said.
Compliance is turning into one of the hotter software-as-a-service markets in 2019, thanks to new regulations enacted in Europe last year and the growing possibility of similar tech regulation in the U.S. And as the federal government modernizes its aging tech infrastructure, companies that want a piece of that business opportunity need to show that their applications or services are certified in line with rules for handling data.
But the process of becoming compliant in a new cloud environment is perhaps the ultimate expression of yak shaving, an old expression describing long-running source of frustration for software developers tasked with busy work that has to be done in service of a larger goal. These are the kinds of tasks that well-funded and fast-moving tech departments are happy to pay someone else to automate for them, opening up a huge opportunity for companies that specialize in this sort of task.
A couple of notable Seattle startups launched last year to tackle this market. Former Azuqua co-founder and chief technology officer Craig Unger founded HyperProof to help companies automate their compliance needs, and Shujinko spun out of Pioneer Square Labs last year with the same goal in mind.
It’s quite a shift going from a security consulting and services-oriented company to a product-oriented company, but it was a welcome move in many ways, Plato said.
“When you’re in an audit business, you’re not in the business of solving problems,” he said. “Nobody really likes their auditor.”
This new direction also points to an ongoing trend in enterprise-oriented SaaS companies.
Older enterprise tech companies built comprehensive but complicated suites of software that they promised would solve all your problems, but usually wound up creating different types of headaches. Newer enterprise tech companies — including public companies like Box and PagerDuty and newer startups like Portland’s Twistlock or Seattle’s Usermind — have grown by zeroing in on a single problem that affects a wide swath of business customers, and nailing the product experience.
The security industry has been a little slower to embrace this trend, Plato said, but it is catching up quickly. And compliance is an even better fit for this type of approach, because everybody knows exactly what they want their compliance vendor to accomplish: “the end state is a pretty obvious one.”
[Editor’s note: This post was updated to clarify that Anitian conducted the study of potential cloud computing customers, not AWS.]