compliance
Auto Added by WPeMatico
Auto Added by WPeMatico
Relyance AI, an early-stage startup that is helping companies stay in compliance with privacy laws at the code level, announced a $25 million Series A today. At the same time, they revealed a previously unannounced $5 million seed round.
Menlo Ventures and Unusual Ventures led the A round, while Unusual was sole lead on the seed. Serial entrepreneur Jyoti Bansal from Unusual will join the board under the terms of the deal. His partner John Vrionis had previously joined after the seed round. Matt Murphy from Menlo is coming on as a board observer. The company has now raised $30 million.
Relyance takes an unusual approach to verifying that data stays in compliance working at the code level, while ingesting contracts and existing legal requirements as code to ensure that a company is in compliance. Company co-CEO and co-founder Abhi Sharma says that code-level check is key to the solution. “For the first time, we are building the legal compliance and regulation into the source code,” Sharma told me.
He added, “Relyance is actually embedded within the DevOps pipeline of our customers’ infrastructure. So every time a new ETL pipeline is built or a machine learning model is receiving new source code, we do a compiler-like analysis of how personal sensitive data is flowing between internal microservices, data lakes and data warehouses, and then get a metadata analysis back to the privacy and compliance professionals [inside an organization].”
Leila R. Golchehreh, the other founder and co-CEO, brings a strong compliance background to the equation and has experienced the challenge of keeping companies in compliance firsthand. She said that Relyance also enables companies to define policy and contracts as code.
“Our approach is specifically to ingest contracts. We’ve actually created an algorithm around how [you] actually write a good data protection agreement. We’ve extracted those relevant provisions and we will compare that against [your] operational reality. So if there’s a disconnect, we will be able to raise that as an intelligent insight of a data misalignment,” she said.
With 32 employees, the co-founders hope to double or perhaps even triple that number in the next 12-18 months. Golchehreh and Sharma are a diverse co-founder team and they are attempting to build a company that reflects that. They believe being remote-first gives them a leg up in this regard, but they also have internal policies to drive it.
“The recruiters we work with have a mandate internally to say, ‘Hey, we really want to hire good people and diverse people.’ Relyance as a company is the genesis of two individuals from two completely different ends of the spectrum coming together. And I think hopefully, we can do our job of relaying that into the company as we scale,” Sharma said.
The two founders have been friends for several years and began talking about forming a company together in 2019 over a pizza dinner. The idea began to gel and they launched the company in February 2020. They spent some time talking to compliance pros to understand their requirements better, then in July 2020 began building the solution they have today. They released a beta in February and began quietly selling it in March.
Today they have a number of early customers working with their software, including Dialpad, Patreon, Samsara and True.
Powered by WPeMatico
When it comes to meeting compliance standards, many startups are dominating the alphabet. From GDPR and CCPA to SOC 2, ISO27001, PCI DSS and HIPAA, companies have been charging toward meeting the compliance standards required to operate their businesses.
Today, every healthcare founder knows their product must meet HIPAA compliance, and any company working in the consumer space would be well aware of GDPR, for example.
But a mistake many high-growth companies make is that they treat compliance as a catchall phrase that includes security. Thinking this could be an expensive and painful error. In reality, compliance means that a company meets a minimum set of controls. Security, on the other hand, encompasses a broad range of best practices and software that help address risks associated with the company’s operations.
It makes sense that startups want to tackle compliance first. Being compliant plays a big role in any company’s geographical expansion to regulated markets and in its penetration to new industries like finance or healthcare. So in many ways, achieving compliance is a part of a startup’s go-to-market kit. And indeed, enterprise buyers expect startups to check the compliance box before signing on as their customer, so startups are rightfully aligning around their buyers’ expectations.
One of the best ways startups can begin tackling security is with an early security hire.
With all of this in mind, it’s not surprising that we’ve witnessed a trend where startups achieve compliance from the very early days and often prioritize this motion over developing an exciting feature or launching a new campaign to bring in leads, for instance.
Compliance is an important milestone for a young company and one that moves the cybersecurity industry forward. It forces startup founders to put security hats on and think about protecting their company, as well as their customers. At the same time, compliance provides comfort to the enterprise buyer’s legal and security teams when engaging with emerging vendors. So why is compliance alone not enough?
First, compliance doesn’t mean security (although it is a step in the right direction). It is more often than not that young companies are compliant while being vulnerable in their security posture.
What does it look like? For example, a software company may have met SOC 2 standards that require all employees to install endpoint protection on their devices, but it may not have a way to enforce employees to actually activate and update the software. Furthermore, the company may lack a centrally managed tool for monitoring and reporting to see if any endpoint breaches have occurred, where, to whom and why. And, finally, the company may not have the expertise to quickly respond to and fix a data breach or attack.
Therefore, although compliance standards are met, several security flaws remain. The end result is that startups can suffer security breaches that end up costing them a bundle. For companies with under 500 employees, the average security breach costs an estimated $7.7 million, according to a study by IBM, not to mention the brand damage and lost trust from existing and potential customers.
Second, an unforeseen danger for startups is that compliance can create a false sense of safety. Receiving a compliance certificate from objective auditors and renowned organizations could give the impression that the security front is covered.
Once startups start gaining traction and signing upmarket customers, that sense of security grows, because if the startup managed to acquire security-minded customers from the F-500, being compliant must be enough for now and the startup is probably secure by association. When charging after enterprise deals, it’s the buyer’s expectations that push startups to achieve SOC 2 or ISO27001 compliance to satisfy the enterprise security threshold. But in many cases, enterprise buyers don’t ask sophisticated questions or go deeper into understanding the risk a vendor brings, so startups are never really called to task on their security systems.
Third, compliance only deals with a defined set of knowns. It doesn’t cover anything that is unknown and new since the last version of the regulatory requirements were written.
For example, APIs are growing in use, but regulations and compliance standards have yet to catch up with the trend. So an e-commerce company must be PCI-DSS compliant to accept credit card payments, but it may also leverage multiple APIs that have weak authentication or business logic flaws. When the PCI standard was written, APIs weren’t common, so they aren’t included in the regulations, yet now most fintech companies rely heavily on them. So a merchant may be PCI-DSS compliant, but use nonsecure APIs, potentially exposing customers to credit card breaches.
Startups are not to blame for the mix-up between compliance and security. It is difficult for any company to be both compliant and secure, and for startups with limited budget, time or security know-how, it’s especially challenging. In a perfect world, startups would be both compliant and secure from the get-go; it’s not realistic to expect early-stage companies to spend millions of dollars on bulletproofing their security infrastructure. But there are some things startups can do to become more secure.
One of the best ways startups can begin tackling security is with an early security hire. This team member might seem like a “nice to have” that you could put off until the company reaches a major headcount or revenue milestone, but I would argue that a head of security is a key early hire because this person’s job will be to focus entirely on analyzing threats and identifying, deploying and monitoring security practices. Additionally, startups would benefit from ensuring their technical teams are security-savvy and keep security top of mind when designing products and offerings.
Another tactic startups can take to bolster their security is to deploy the right tools. The good news is that startups can do so without breaking the bank; there are many security companies offering open-source, free or relatively affordable versions of their solutions for emerging companies to use, including Snyk, Auth0, HashiCorp, CrowdStrike and Cloudflare.
A full security rollout would include software and best practices for identity and access management, infrastructure, application development, resiliency and governance, but most startups are unlikely to have the time and budget necessary to deploy all pillars of a robust security infrastructure.
Luckily, there are resources like Security 4 Startups that offer a free, open-source framework for startups to figure out what to do first. The guide helps founders identify and solve the most common and important security challenges at every stage, providing a list of entry-level solutions as a solid start to building a long-term security program. In addition, compliance automation tools can help with continuous monitoring to ensure these controls stay in place.
For startups, compliance is critical for establishing trust with partners and customers. But if this trust is eroded after a security incident, it will be nearly impossible to regain it. Being secure, not only compliant, will help startups take trust to a whole other level and not only boost market momentum, but also make sure their products are here to stay.
So instead of equating compliance with security, I suggest expanding the equation to consider that compliance and security equal trust. And trust equals business success and longevity.
Powered by WPeMatico
Every tech vendor has to pass security muster with customers, typically a tedious activity involving answering long questionnaires. Kintent, a new startup that wants to automate this process, announced a $4 million seed today led by Tola Capital with help from a bunch of tech industry angel investors.
After company co-founder and CEO Sravish Sridhar sold his previous startup Kinvey, which provided backend as a service to mobile app developers, he took a couple of years off while he decided what to do next. The sale to Progress Software in 2017 gave him that luxury.
He knew firsthand from his experience at Kinvey that companies like his had to adhere to a lot of compliance standards, and the idea for the next company began to form in his head. He wanted to create a new startup that could make it easier to figure out how to become compliant with a given standard, measure the current state of compliance and get recommendations on how to improve. He created Kintent to achieve that goal.
“So the big picture idea is can we build a system of record for trust and our first use case is information security and data privacy compliance, specifically if you’re a company that is building a SaaS business and you’re storing customer data or PHI, which is health information,” Sridhar explained.
The company’s product is called Trust Cloud. He says that they begin by looking at the lay of your technology land in terms of systems and the types of information you are storing, looking at how compliant each system is with whatever standard you are trying to adhere to.
Then based on how you classify your data, the Trust Cloud generates a list of best practices to stay in compliance with your desired standard, and finally it provides the means to keep testing to validate what you’ve done and that you are remaining in compliance.
The company launched in 2019, spent the first part of 2020 developing the product and began selling it last October. Today, it has 35 paying customers. “We’re in the high six figures in revenue. We’ve been growing at about 20-30% month-over-month consistently since we launched in October, and the customers are across 11 verticals already,” he said.
With 14 employees and some money in the bank from this funding round, he is thinking ahead to adding people. He says that diversity has to be more than something you just talk about, and he has made it one of the core founding values of the company, and one he takes very seriously.
“I’m very conscious with every hire that we make that we’re really pushing to extend ourselves to [find] people from different walks of life, different statuses and so on,” he said.
The company is also working on a DEI component for the Trust Cloud, which it will be offering for free, which enables companies to provide a set of diversity metrics to measure against and then report on how well you are doing, and how you can improve your numbers.
Powered by WPeMatico
Egnyte announced today it was combining its two main products — Egnyte Protect and Egnyte Connect — into a single platform to help customers manage, govern and secure the data from a single set of tools.
Egynte co-founder and CEO Vineet Jain says that this new single platform approach is being driven chiefly by the sheer volume of data they are seeing from customers, especially as they shift from on-prem to the cloud.
“The underlying pervasive theme is that there’s a rapid acceleration of data going to the cloud, and we’ve seen that in our customers,” Jain told TechCrunch. He says that long-time customers have been shifting from terabytes to petabytes of data, while new customers are starting out with a few hundred terabytes instead of five or ten.
As this has happened, he says customers are asking for a way to deal with this data glut with a single platform because the volume of data makes it too much to handle with separate tools. “Instead of looking at this as separate problems, customers are saying they want a solution that helps address the productivity part at the same time as the security part. That’s because there is more data in the cloud, and concerns around data security and privacy, along with increasing compliance requirements, are driving the need to have it in one unified platform,” he explained.
The company is doing this because managing the data needs to be tied to security and governance policies. “They are not ultimately separate ideas,” Jain says.
Jain says, up until recently, the company saw the data management piece as the way into a customer, and after they had that locked down, they would move to layer on security and compliance as a value-add. Today, partly due to the data glut and partly due to compliance regulations, Jain says, these are no longer separate ideas, and his company has evolved its approach to meet the changing requirements of customers.
Egnyte was founded in 2007 and has raised over $138 million on a $460 million post valuation, according to Pitchbook data. Its most recent round was $75 million led by Goldman Sachs in September, 2018. Egnyte passed the $100 million ARR mark in November.
Powered by WPeMatico
As more enterprise developers make use of open source, it becomes increasingly important for companies to make sure that they are complying with licensing requirements. They also need to ensure the open-source bits are being updated over time for security purposes. That’s where FOSSA comes in, and today the company announced an $8.5 million Series A.
The round was led by Bain Capital Ventures, with help from Costanoa Ventures and Norwest Venture Partners. Today’s round brings the total raised to $11 million, according to the company.
Company founder and CEO Kevin Wang says that over the last 18 months, the startup has concentrated on building tools to help enterprises comply with their growing use of open source in a safe and legal way. He says that overall this increasing use of open source is great news for developers, and for these bigger companies in general. While it enables them to take advantage of all the innovation going on in the open-source community, they need to make sure they are in compliance.
“The enterprise is really early on this journey, and that’s where we come in. We provide a platform to help the enterprise manage open-source usage at scale,” Wang explained. That involves three main pieces. First it tracks all of the open-source and third-party code being used inside a company. Next, it enforces licensing and security policy, and, finally, it has a reporting component. “We automate the mass reporting and compliance for all of the housekeeping that comes from using open source at scale,” he said.
The enterprise focus is relatively new for the company. It originally launched in 2017 as a tool for developers to track individual use of open source inside their programs. Wang saw a huge opportunity inside the enterprise to apply this same kind of capability inside larger organizations, which were hungry for tools to help them comply with the myriad open-source licenses out there.
“We found that there was no tooling out there that can manage the scale and breadth across all the different enterprise use cases and all the really complex mission-critical code bases,” he said. What’s more, he found that where there were existing tools, they were vastly underutilized or didn’t provide broad enough coverage.
The company announced a $2.2 million seed round in 2017, and since then has grown from 10 to 40 employees. With today’s funding, that should increase as the company is expanding quickly. Wang reports that the startup has been tripling its revenue numbers and customer accounts year over year. The new money should help accelerate that growth and expand the product and markets it can sell into.
Powered by WPeMatico
Risk and compliance management platform VComply announced today that it has picked up a $2.5 million seed round led by Accel Partners for its international growth plan. The funding will be used to acquire more customers in the United States, open a new office in the United Kingdom to support customers in Europe and expand its presence in New Zealand and Australia.
The company was founded in 2016 by CEO Harshvardhan Kariwala and has customers in a wide range of industries, including Acreage Holdings, Ace Energy Solutions, CHD, the United Kingdom’s Department of International Trade and Burger King. It currently claims about 4,000 users in more than 100 countries. VComply is meant to be used by all departments in a company, with compliance information organized into a central dashboard.
While there are already a roster of governance, risk and compliance management solutions on the market (including ones from Oracle, HPE, Thomson Reuters, IBM and other established enterprise software companies), VComply’s competitive edge may be its flexibility, simple user interface and easy deployment (the company claims customers can on-board and start using the solution for compliance tasks in about 30 minutes). It also seeks out smaller companies whose needs have not been met by compliance solutions meant for large enterprises.
Kariwala told TechCrunch in an email that he began thinking of creating a new risk and compliance solution while working at his first startup, LIME Learning Systems, an education management platform, after being hit with a $4,000 penalty due to a non-compliance issue.
“Believe me, $4,000 really hurts when you’re bootstrapped and trying to save every single cent you can. In this case, I had asked our outsourced accounting partners to manage this compliance and they forgot!,” he said. After talking to other entrepreneurs, he realized compliance posed a challenge for most of them. LIME’s team built an internal compliance tracking tool for their own use, but also shared it with other people. After getting good feedback, Kariwala realized that despite the many governance, risk and compliance management solutions already on the market, there was still a gap in the market, especially for smaller businesses.
VComply is designed so organizations can customize it for their industry’s regulations and standards, as well as their own workflow and data needs, with competitive pricing for small to medium-sized organizations (a subscription starts at $3,999 a year).
“Most of the traditional GRC solutions that exist today are expensive, have a steep learning curve and entail a prolonged deployment. Not only are they expensive, they are also rigid, which means that organizations have little to no control or flexibility,” Kariwala said. “A GRC tool is often looked at as an expense, while it should really be treated as an investment. It is particularly the SMB sector that suffers the most. With the current solutions costing thousands of dollars (and sometimes millions), it becomes the least of their priorities to invest in a GRC platform, and as a result they fall prey to heightened risks and hefty penalties for non-compliance.”
In a press statement, Accel partner Dinesh Katiyar said, “The first generation of GRC solutions primarily allowed companies to comply with industry-mandated regulations. However, the modern enterprise needs to govern its operations to maintain integrity and trust, and monitor internal and external risks to stay successful. That is where VComply shines, and we’re delighted to be partnering with a company that can redefine the future of enterprise risk management.”
Powered by WPeMatico
Technology has been used to manage regulatory risk since the advent of the ledger book (or the Bloomberg terminal, depending on your reference point). However, the cost-consciousness internalized by banks during the 2008 financial crisis combined with more robust methods of analyzing large datasets has spurred innovation and increased efficiency by automating tasks that previously required manual reviews and other labor-intensive efforts.
So even if RegTech wasn’t born during the financial crisis, it was probably old enough to drive a car by 2008. The intervening 11 years have seen RegTech’s scope and influence grow.
RegTech startups targeting financial services, or FinServ for short, require very different growth strategies — even compared to other enterprise software companies. From a practical perspective, everything from the security requirements influencing software architecture and development to the sales process are substantially different for FinServ RegTechs.
The most successful RegTechs are those that draw on expertise from security-minded engineers, FinServ-savvy sales staff as well as legal and compliance professionals from the industry. FinServ RegTechs have emerged in a number of areas due to the increasing directives emanating from financial regulators.
This new crop of startups performs sophisticated background checks and transaction monitoring for anti-money laundering purposes pursuant to the Bank Secrecy Act, the Office of Foreign Asset Control (OFAC) and FINRA rules; tracks supervision requirements and retention for electronic communications under FINRA, SEC, and CFTC regulations; as well as monitors information security and privacy laws from the EU, SEC, and several US state regulators such as the New York Department of Financial Services (“NYDFS”).
In this article, we’ll examine RegTech startups in these three fields to determine how solutions have been structured to meet regulatory demand as well as some of the operational and regulatory challenges they face.
Powered by WPeMatico
Startups are but one species in a complex regulatory and public policy ecosystem. This ecosystem is larger and more powerfully dynamic than many founders appreciate, with distinct yet overlapping laws at the federal, state and local/city levels, all set against a vast array of public and private interests. Where startup founders see opportunity for disruption in regulated markets, lawyers counsel prudence: regulations exist to promote certain strongly-held public policy objectives which (unlike your startup’s business model) carry the force of law.
Snapshot of the regulatory and public policy ecosystem. Image via Law Office of Daniel McKenzie
Although the canonical “ask forgiveness and not permission” approach taken by Airbnb and Uber circa 2009 might lead founders to conclude it is strategically acceptable to “move fast and break things” (including the law), don’t lose sight of the resulting lawsuits and enforcement actions. If you look closely at Airbnb and Uber today, each have devoted immense resources to building regulatory and policy teams, lobbying, public relations, defending lawsuits, while increasingly looking to work within the law rather than outside it – not to mention, in the case of Uber, a change in leadership as well.
Indeed, more recently, examples of founders and startups running into serious regulatory issues are commonplace: whether in healthcare, where CEO/Co-founder Conrad Parker was forced to resign from Zenefits and later fined approximately $500K; in the securities registration arena, where cryptocurrency startups Airfox and Paragon have each been fined $250K and further could be required to return to investors the millions raised through their respective ICOs; in the social media and privacy realm, where TikTok was recently fined $5.7 million for violating COPPA, or in the antitrust context, where tech giant Google is facing billions in fines from the EU.
Suffice it to say, regulation is not a low-stakes table game. In 2017 alone, according to Duff and Phelps, US financial regulators levied $24.4 billion in penalties against companies and another $621.3 million against individuals. Particularly in today’s highly competitive business landscape, even if your startup can financially absorb the fines for non-compliance, the additional stress and distraction for your team may still inflict serious injury, if not an outright death-blow.
The best way to avoid regulatory setbacks is to first understand relevant regulations and work to develop compliant policies and business practices from the beginning. This article represents a step in that direction, the fifth and final installment in Extra Crunch’s exclusive “Startup Law A to Z” series, following previous articles on corporate matters, intellectual property (IP), customer contracts and employment law.
Given the breadth of activities subject to regulation, however, and the many corresponding regulations across federal, state, and municipal levels, no analysis of any particular regulatory framework would be sufficiently complete here. Instead, the purpose of this article is to provide founders a 30,000-foot view across several dozen applicable laws in key regulatory areas, providing a “lay of the land” such that with some additional navigation and guidance, an optimal course may be charted.
The regulatory areas highlighted here include: (a) Taxes; (b) Securities; (c) Employment; (d) Privacy; (e) Antitrust; (f) Advertising, Commerce and Telecommunications; (g) Intellectual Property; (h) Financial Services and Insurance; and finally (i) Transportation, Health and Safety.
Of course, some regulations may touch on multiple regulatory areas, for example, the “Fair Credit Reporting Act” is a law ultimately about privacy, but it impacts many financial and employment-related services as well. Certain laws may therefore be cross-listed in more than one regulatory area. Also, since we can’t look at every U.S. state and city, this article will focus primarily on the federal and California state laws.
After you focus on the particular regulatory areas that may implicate your business, next reference the short quotations and links to relevant primary and secondary sources below, then work to identify the specific compliance risks you face. This is where other Extra Crunch resources can help. For example, the Verified Experts of Extra Crunch include some of the most experienced and skilled startup lawyers in practice today. Use these profiles to identify attorneys who are focused on serving companies at your particular stage and then seek out any further guidance you need to address the regulatory matters pertinent to your startup.
With that as context, the Startup Law A to Z – Regulatory Compliance checklist is below:
Before diving into further detail, it may be helpful for some readers to note the distinction between a law and a regulation. Simply put, regulations provide more detailed direction on how certain laws should be followed. So regulations are not technically laws, but they carry the force of law (including penalties for violation), since they are adopted by governmental agencies under authority granted by statute. Beyond that, understanding how laws and regulations are actually enacted is helpful to illustrate the extent to which the process is politically driven.
In the U.S., a bill must first pass both legislative branches of government, then, if signed by the executive branch, it will be codified in statute as law (Schoolhouse Rock anyone?). Once codified, the legislative branch will authorize the relevant executive department or agency to determine whether specific regulations are necessary to give the law effect. If so, those executive departments or agencies will determine what further rules are needed, and in turn, work to enforce them.
At the federal level, for example, proposed regulations are developed first through a “Notice of Proposed Rulemaking,” listed in the Federal Register and filed in the corresponding executive agency’s official docket (available at Regulations.gov). This affords the public an opportunity to comment on the regulations. After receiving comments, the filing agency may revise the proposed regulation before final rules are issued, which again will be published in the Federal Register and then filed in the agency’s official docket at Regulations.gov, before they are codified in the Code of Federal Regulations (CFR).
At nearly every step in this process then, institutions, government, and interest groups are working – sometimes at cross purposes – to shape what the law will be and how it will impact your startup.
The Startup Law A to Z – Regulatory Compliance reference guide is below:
Powered by WPeMatico
Slack and other consumer-grade productivity tools have been taking off in workplaces large and small — and data governance hasn’t caught up.
Whether it’s litigation, compliance with regulations like GDPR or concerns about data breaches, legal teams need to account for new types of employee communication. And that’s hard when work is happening across the latest messaging apps and SaaS products, which make data searchability and accessibility more complex.
Here’s a quick look at the problem, followed by our suggestions for best practices at your company.
The increasing frequency of reported data breaches and expanding jurisdiction of new privacy laws are prompting conversations about dark data and risks at companies of all sizes, even small startups. Data risk discussions necessarily include the risk of a data breach, as well as preservation of data. Just two weeks ago it was reported that Jared Kushner used WhatsApp for official communications and screenshots of those messages for preservation, which commentators say complies with record keeping laws but raises questions about potential admissibility as evidence.
Powered by WPeMatico
Just a day after Google decided to drop out of the Pentagon’s massive $10 billion, 10-year JEDI cloud contract bidding, Microsoft announced increased support services for government clients. In a long blog post, the company laid out its government focused cloud services.
While today’s announcement is not directly related to JEDI per se, the timing is interesting just three days ahead of the October 12th deadline for submitting RFPs. Today’s announcement is about showing just how comprehensive the company’s government-specific cloud services are.
In a blog post, Microsoft corporate vice president for Azure, Julia White made it clear the company was focusing hard on the government business. “In the past six months we have added over 40 services and features to Azure Government, as well as publishing a new roadmap for the Azure Government regions providing ongoing transparency into our upcoming releases,” she wrote.
“Moving forward, we are simplifying our approach to regulatory compliance for federal agencies, so that our government customers can gain access to innovation more rapidly. In addition, we are adding new options for buying and onboarding cloud services to make it easier to move to the cloud. Finally, we are bringing an array of new hybrid and edge capabilities to government to ensure that government customers have full access to the technology of the intelligent edge and intelligent cloud era,” White added.
While much of the post was around the value proposition of Azure in general such as security, identity, artificial intelligence and edge data processing services, there were a slew of items aimed specifically at the government clients.
For starters, the company is increasing its FedRAMP compliance, a series of regulations designed to ensure vendors deliver cloud services securely to federal government customers. Specifically Microsoft is moving from FedRAMP moderate to high ratings on 50 services.
“By taking the broadest regulatory compliance approach in the industry, we’re making commercial innovation more accessible and easier for government to adopt,” White wrote.
In addition, Microsoft announced it’s expanding Azure Secret Regions, a solution designed specifically for dealing with highly classified information in the cloud. This one appears to take direct aim at JEDI. “We are making major progress in delivering this cloud designed to meet the regulatory and compliance requirements of the Department of Defense and the Intelligence Community. Today, we are announcing these newest regions will be available by the end of the first quarter of 2019. In addition, to meet the growing demand and requirements of the U.S. Government, we are confirming our intent to deliver Azure Government services to meet the highest classification requirements, with capabilities for handling Top Secret U.S. classified data,” White wrote.
The company’s announcements, which included many other pieces that have been previously announced, is clearly designed to show off its government chops at a time where a major government contract is up for grabs. The company announced Azure Stack for Government in August, another piece mentioned in this blog post.
Powered by WPeMatico