San Francisco, CA-based Aptible has raised $12 million in a Series A funding round led by Maverick Capital, with additional investors Thrive Capital and Western Technology Investment.
Aptible was founded in 2013 by Chas Ballew (CEO, and formerly a regulatory specialist at the Pentagon) and Frank Macreery (CTO). Its purpose is to take the pain out of compliance — originally focusing on HIPAA. The new funding will be used to launch the firm’s new security management platform, Comply — which is now expanded to include other regulatory regimes, such as GDPR.
“We’ve taken everything we’ve learned about security and compliance and turned that into Aptible Comply,” said Ballew. “We’ve been fortunate enough to help hundreds of innovative companies deploy assets to the cloud securely, and assist them in passing compliance audits along the way.”
Over the last decade, compliance requirements have become so complex that they have a deterrent effect on the small firms that lead innovation. It increases development costs — especially for small firms — and lengthens development cycles. “As regulatory pressures and public scrutiny about privacy practices increase,” explains Matt Kinsella, managing director of Maverick Capital, “building a strong security management program is paramount for companies of all sizes. Aptible helps companies automate away the pain of complying with security rules, while increasing confidence in data privacy and protection.”
Comply works like an automated compliance consultant — it automates much of the compliance process and puts in place best practices that integrate with modern workflows for maintaining on-going security. It provides audit frameworks while also helping customers continuously improve security and privacy.
For example, it helps companies build a central record of what should happen around security, and what did or does happen. This makes it easier to see what must be done in order to prove the compliance of development and developers to regulators.
This central record can also be used for sales. With increasing concern over supply chain attacks and third-party security, buyers are demanding more complex proof of security — often using complex questionnaires that slow down the sales cycle. “Comply,” says the firm, “gives companies a single source of truth; a best-in-class security program that they can export and hand to a customer or bring the customer in and point to in order to say ‘This is what we’re doing around security’.”
But Comply has an additional benefit. Compliance regulations are not introduced in a vacuum — they are designed to enforce an acceptable level of security. The process of ensuring compliance will generally improve a firm’s data protection. Ensuring demonstrable compliance with Comply will simultaneously improve the security posture of a firm, and the built-in security of its products.