Note: In preparation for your opportunity to invest in the Innovation Fund later this month, we wanted to share this exciting announcement regarding the fund’s first investment, in Vanta, a company in one of the fund’s target sectors, Modern Data Infrastructure, which we shared an update on earlier this week.
We’re excited to announce that the Fundrise Innovation Fund has invested $5 million in Vanta, as part of their Series B round, investing alongside Craft Ventures, Sequoia, Y Combinator, and Crowdstrike, among others. Previously, investing in a business of Vanta’s caliber alongside storied VCs was highly inaccessible to individual investors. Together, we are disrupting the establishment status quo.
Vanta fits within the data infrastructure thesis we laid out in our last note and is poised to be the market leader at the intersection of cybersecurity and compliance. With the proliferation of software products moving vast amounts of data, it is critical that these software solutions are safe and secure.
Major companies, such as those in the Fortune 500, must ensure that when they purchase and use third-party software it doesn’t put their own data at risk. Done wrong, the purchased software can expose customer data or leave the enterprise vulnerable to cybersecurity attacks, data theft, and malware. To address this risk, firms require specific certifications to provide assurance that the software vendors properly manage information security.
While this may sound a bit obscure, it is a prerequisite to sell software to any company. In other words, it is a big business. Before Vanta, obtaining the necessary certifications and achieving compliance was a manual process. Auditors pushed paper and collected evidence of compliance by hand. Considering the number of new SaaS products and widespread adoption of software as a service, the need to automate security and other compliance has become acute.
Vanta was first to help companies automate compliance for the industry’s most sought after security and privacy standards. We believe Vanta, with thousands of customers already, is the clear market leader and has achieved an impressive amount of scale in a short time. Vanta is exactly the kind of business that we look to partner with from team, sector, stage, differentiation, momentum, and financial profile perspectives.
Why we invested
-
Critical, high-growth opportunity: Automating corporate compliance processes is essential, if not inevitable, in the era of data. We believe Vanta is the clear leader in the space and has continued to innovate, by, for example, launching Trust Reports, which moves assurance from point-in-time annual certificates to continuous, real-time reporting.
-
Preferred equity: During this period of great economic volatility, we made our investment as preferred equity, meaning it is senior to all common equity.
-
Efficient growth: Vanta combines “top-tier growth rate with excellent capital efficiency, as reflected by a superb burn multiple,” writes David Sacks of Craft Ventures, who led this round. We couldn’t agree more. A track record of success and prudence is a necessity during the coming tech winter, and one we deeply value.
Industry background and company business plan
In order to sell software to any major enterprise, companies require assurance that the software product won’t compromise their own information security. To address the issue of trust in cybersecurity, the software industry has adopted a set of compliance frameworks focused on the safe handling of customer data. The industry has standardized these requirements, insisting on third-party accreditation and audits, most notably SOC 2, ISO 27001, HIPAA, and GDPR, before purchasing a company’s software.
While this laundry list of acronyms may sound complicated, they are an unavoidable precondition to sell any software solution. Every major software product sold in the world is certified and recertified annually, which means the companies requiring certification comprise a large addressable market with obvious recurring revenue.
The most common compliance standard for software businesses is called SOC 2. It was created in 2010 and is administered by the AICPA, the accreditation body of certified public accountants. Software buyers can rely on the fact that a software provider with SOC 2 compliance has the infrastructure and practices in place to handle customer data securely.
Standardized certificates, like SOC 2, allow buyers of software to more easily evaluate a wider range of compliant vendors without having to dedicate significant resources to assess the cybersecurity risk themselves. This allows small startups to more easily sell to large enterprises. However, achieving SOC 2 compliance has historically been a labor-intensive process. Companies typically have to spend valuable engineering and IT time on a manual, months-long process to demonstrate their security practices to an auditor.
Vanta improves this process by integrating with a company's existing technology stack to seamlessly demonstrate that the security practices are in place. Instead of manually providing evidence that access controls are implemented in a company’s cloud environment or that background checks have been performed on new hires, Vanta integrates with cloud and HR providers to create and present reports in a unified dashboard. Vanta replaces the manual, annual inspections with continuous, automated review and reporting.
Companies typically engage Vanta when they want to land an enterprise customer that requires certification. A certification is only good for 12 months, but in helping companies achieve compliance initially, Vanta then provides ongoing monitoring to make the process even faster and easier the next year. While the whole process isn’t yet fully automated, achieving compliance through Vanta is significantly faster, easier, and cheaper than the DIY or consultant-heavy approaches companies were forced to rely on before Vanta.
More growth to unlock
Vanta has built a substantial business but still has enormous growth in front of it, most notably including:
-
Expanding Internationally - Expand internationally as many of Vanta’s customers operate in multiple countries, which often have their own sets of standards.
-
Increasing Integrations - Grow their list of integrations with key major software vendors that enable even greater efficiency and automation.
-
Adding Frameworks - Offer even more security and privacy frameworks to address the same fundamental problems that complicate compliance accreditation in other subsectors.
-
Launching New Initiatives - Launch new product initiatives aimed more squarely at the underlying problem of facilitating trust between buyers and sellers of software. Vanta’s new product, Trust Reports, allows their customers to demonstrate their strong security practices in real time.
Suffice to say, Vanta has many different avenues to drive further growth, by broadening their product suite, deepening their offerings, and entering new markets.
–
Fundrise is thrilled to partner with Vanta as they continue to build a long-term, category-defining business. We’re excited our investors will participate in their growth as a long-term investor in the company.
The Fundrise Team
P.S. - If you are looking for assistance with a SOC 2 or other certifications, you can learn more about Vanta’s offerings here. The more our investors drive value, the more quality deal flow we gain.
