Investing in Sprinto

Disrupting compliance automation


Arindam Chakraborty, Deepak Gaur

7th February 2022

In 2011, Dmitri Alperovitch, then the Vice President of Threat Research at McAfee, published his acclaimed report Operation Shady RAT, giving the world a reality check on the extent of these new age cyber wars. At that time Alperovitch, who later co-founded Crowdstrike, had said:

“There are only two types of companies - those that know they’ve been compromised, and those that don’t know."

Information Security (InfoSec) skeptics have been proven wrong, time and again. Remember Cambridge Analytica? The British consulting firm that scraped the data of 80 million users in violation of Facebook's terms of service to target voters with political ads in the 2016 US Presidential election. Again, in 2021, it was reported that Facebook had been the target of another data breach, where data of 500 million users was exposed online.

It is not just Facebook. Every company is vulnerable today and SaaS companies are no exception. In 2019, Docker reported that the online repository of their popular container platform suffered a data breach that affected 190,000 users. In 2020,news broke that 500,000 stolen Zoom account credentials were up for sale on the dark web.

There is no perfect solution, but better infosec practices can go a long way in strengthening security. Thus, regulators across the world are coming up with standards and certifications viz. GDPR, HIPAA, ISO27001, SOC2 etc. A compliance with one or more of these standards implies adherence to infosec best practices and inspires confidence in the data handling processes of these SaaS companies. Furthermore, being compliant can help SaaS businesses avoid heavy penalties and attract more enterprise deals. While being compliant to these standards seems the way to go, achieving and maintaining these certifications has been tedious.

Well, not anymore.

Sprinto is a compliance automation platform that helps SaaS companies obtain compliances, such as SOC 2, ISO27001, GDPR, HIPAA etc., in a quick and hassle-free manner. While the company would enable multiple compliances, SOC2 is the first use case.

Currently, obtaining and maintaining SOC2 compliance takes  300+ hours of work each year. Sprinto’s SaaS platform makes this process 10x faster. It helps customers create a real time monitoring system that provides visibility into the processes and policies governed by compliance checklists, tracks the status of these systems, and alerts relevant teams if a system is not operating within the required baseline limits or in case of any policy violations. Obtaining these compliances helps Sprinto customers close enterprise deals and pass vendor security assessments easily.

We met the founders Raghuveer (Raghu) Kancherla and Girish Redekar in early 2021 before they launched Sprinto publicly and we could readily connect with the pain point they had identified. Several companies in our portfolio had been complaining about how cumbersome and time consuming it was to get SOC2 compliant. We tracked them closely over the next few months and eventually got the opportunity to partner in September 2021.

Some of the reasons we are very excited to partner with Sprinto are:

1. Being SOC2 compliant is a revenue concern for SaaS companies

Almost all major organizations in Europe and the US now demand that their software vendors be SOC2 compliant. Thus, SaaS companies that are doing deals north of $10K in ACV view SOC2 as a must-have requirement during the sales process. Increasingly, companies of all sizes (including young start-ups) are spending tens of thousands of dollars on SOC2, making it one of the top three spend items along with Google Ads and AWS.

2. The current path to SOC2 compliance has been manual and painful, hence ripe for product led disruption

So far, most companies hire an infosec consultant to achieve SOC2 compliance. The process is highly manual and time-consuming, often taking upto 8 weeks to get ready for SOC2 assessment. With Sprinto, they can complete the readiness assessment within 2 weeks. Additionally, the time required for audit also reduces, as auditors have easy access to all the evidence, logs, and other required information on Sprinto's dashboard, without having to scout through paper trails, screenshots, and emails.

3. Sprinto created a slam dunk product that started winning against global competitors from day one

We spoke to several early customers of Sprinto who had evaluated it against global competitors before the purchase. Their feedback blew us away. The consistent narrative was that Sprinto could actually automate and productize a greater proportion (more than 90 percent) of the SOC2 readiness process and deliver compliance outcomes much faster and without any hassles. Unlike in the case of its competitors, with Sprinto, customers actually never had to talk to an auditor in the entire process!

4. Excellent early execution with customers already evangelizing the product

Sprinto had been able to solve the exact pain points for its TG by building a comprehensive set of integrations and checklists. Customers were actually witnessing faster and hassle-free audits. As a result, within a few months of the product launch, the company had acquired 40+ customers including enterprise-level accounts such as HP, Hackerrank etc, resulting in high velocity ARR growth.

5. A battle hardened founding team with a demonstrated precedence of building a successful business

The founding team of Raghuveer and Girish have a long history together. Both went to college together and have strong experience in building and selling SaaS products globally. Earlier, in 2011, they co-founded Recruiterbox, which is a SaaS-based applicant tracking system. The team bootstrapped and built a profitable $3.3 MM ARR business with over 2500+ global customers and eventually got acquired in 2018 by a private equity firm in an all-cash deal.

It is not everyday that one comes across a team as stellar as Sprinto. We are grateful to have the opportunity to be their early partners and look forward to building together the must-have Infosec OS for SaaS companies.