Interview with Nylas and Drata

Exploring compliance automation and security with Drata’s CISO 

8 min read

In an era where cyber threats are escalating and data breaches make headlines, businesses can no longer afford to be lax about compliance and security. Automation, more than a mere convenience, has become a critical and differentiating tool. It ensures tailored, industry-best practices are in place, boosting security and minimizing risks. 

Learn more: Nylas’ 2023 compliance audits: A benchmark in trust and security

As technology advances, the complexity of business operations, data management, and cybersecurity also grows. These developments have prompted regulatory bodies worldwide to implement more rigorous standards for companies, the biggest and most complex being SOC2 and ISO27001 for security and GDPR, CCPA, and HIPAA for privacy. Security- and privacy-first companies today know that seamless compliance isn’t about dodging penalties but about building trust in a digitally skeptical world. 

We spoke with Matt Hillary, VP of Security and Chief Information Security Officer (CISO) at Drata, who is guiding and evolving Drata’s global cybersecurity strategy, including protecting its customers and internal operations. Hillary shared his views on the future of compliance and security, the difference between the concepts, and why automation is the key to ensuring both are effectively integrated and maintained in our rapidly evolving digital world. 

Can you explain some key programs and features Drata offers to support organizations in maintaining regulatory compliance?

Over the years, Drata has moved beyond traditional compliance approaches, offering innovative solutions tailored to the dynamic nature of today’s regulatory challenges. Rather than just aiding organizations in achieving compliance, our platform integrates compliance effortlessly into their daily workflows.

Our platform features automated compliance workflows, ensuring alignment with regulations, and a real-time monitoring system that promptly detects security and compliance issues. We provide a centralized Evidence Library for compliance evidence and a tool for creating and managing robust security policies. Our Risk Assessment feature tackles risks from all sources. 

We turn compliance from obligation to strategic, differentiating advantage by integrating cutting-edge technology into our services. Whether a company is starting its compliance journey or seeking enhanced effectiveness, Drata is ready to help.

How does Drata’s compliance automation solution help Nylas meet and demonstrate compliance with industry-specific regulations, and how does this benefit Nylas’ customers who rely on the company’s services?

Drata monitors the controls Nylas has put in place to protect their customer’s data. Things like emails, calendars, schedulers, and contact information can be highly sensitive, so using Drata to stay compliant and protected gives customers peace of mind and can help minimize the risk of costly data breaches.

By seamlessly integrating with Nylas’ existing infrastructure, Drata continuously assesses and monitors compliance with Nylas’ security and compliance controls. This real-time monitoring ensures that Nylas can proactively identify potential compliance issues as they arise, allowing for timely corrective actions and reducing the risk of non-compliance. Drata’s automated compliance tracking and reporting also simplifies the audit process, providing Nylas with a comprehensive and up-to-date view of its compliance status, ultimately allowing the company to focus on its core business while maintaining the highest security and data protection standards. This allows Nylas to confidently communicate to its customers all the company does to ensure data stays protected and secure.

Developing an internal culture of security is crucial (and sometimes challenging) to any SaaS organization. By providing engaging and up-to-date content, Drata helps Nylas foster a culture of compliance awareness within the organization. If a team is confident about its security and compliance posture, that confidence and integrity will shine through in conversations with existing and potential customers.

By providing real-time visibility into compliance status, continuous risk assessment, and automated tickets for remediation, Drata helps Nylas proactively address potential gaps before they impact the trust of their customers. This translates into a more secure and reliable service for Nylas’ customers, improving user experiences and strengthening relationships.

With data breaches and cyber threats on the rise, what is your perspective on the future of compliance and security? 

We’ve seen more companies adopt a continuous and automated compliance approach, and we believe that trend will continue accelerating. Continually monitoring an organization’s compliance status allows them to address any control failure or potential threat as soon as it pops up. Additionally, most security and compliance leaders want to have a strong grasp of their state of compliance all audit-period long, and not just right before or during the actual audit. Programmatically collecting and using automated means to audit and monitor evidence all audit-period long allows them to have this level of confidence to support predictable, favorable, and smooth audits. This means companies can become hyper-vigilant about protecting their data and have another capability to help ensure continuous compliance with standards, regulations, and frameworks they’ve committed to complying with. 

How does Drata incorporate emerging technologies and industry best practices to ensure organizations stay ahead of potential risks?

Within the regulatory realm, there’s a distinction between companies that simply adhere to rules and those that proactively and holistically want to do the right thing. Nylas is a great example of the latter, harnessing technology and teamwork for adept compliance and risk management to truly protect their customers’ data. While no company is impenetrable, we’re all working towards reducing risk to a reasonable level, and Nylas is working alongside all security-aware and security-first companies out there to do so as effectively as possible.

At Drata, we collaborate with forward-thinking organizations like Nylas, integrating cutting-edge technology and valuable industry insights to help them navigate and thrive amidst the shifting regulatory environment. 

Some examples include: 

  • Automation: Our automation-first approach helps us streamline and consolidate our own compliance program and those of our customers. We use automation to continuously monitor and analyze controls and identify any control exceptions in real time.
  • Continuous improvement: We are always enhancing our product. We take customer feedback seriously and use it to prioritize what gets built. We now offer compliance automation for over 17 different frameworks. Drata has a powerhouse of development talent that continues to iterate and accelerate on providing the capabilities customers need to directly improve their programs.
  • Industry collaboration: Our partners, as well as our auditor alliance, offer crucial insight into how to optimize our solution for all parties involved. We’re changing how the industry thinks about and approaches compliance with this automation-first approach to collecting, monitoring, and alerting on the operating effectiveness of controls.
  • Risk management: By continuously monitoring and assessing organization-wide risks, compliance gaps, and emerging threats, Drata equips customers with real-time insights and actionable recommendations to mitigate risks promptly, safeguarding their operations and ensuring ongoing business resilience.

What are the five key takeaways you want technical leaders and developers to understand about compliance and security?

  1. Continuous compliance is hands down the best way to approach compliance because it offers ongoing, real-time insights into an organization’s security compliance program posture. This means potential compliance gaps are identified using automated means and more real-time, enabling organizations to take immediate corrective actions on identified issues. By staying ahead of issues, organizations can help prevent losing the trust of customers who depend on the ongoing effectiveness of security controls, potentially costly breaches caused by ineffectively operating controls, or compliance violations, ultimately saving time, money, and reputational damage.
  1. Prioritizing security and compliance accelerates your business. By maintaining a strong security and compliance posture, you are helping protect your business from a costly data breach, instilling trust with your customers, and maybe, most importantly, differentiating yourself from your competitors in the best way. Companies that don’t keep up with this will quickly fall behind.
  1. Security and compliance do not have to be a long, painful, manual, and arduous process. Automated compliance is a game-changer, making the process more efficient, cost-effective, and less stressful. It enables organizations to focus on their core business while maintaining high security and compliance.
  1. Security and compliance are NOT the same, but it is a mutually beneficial relationship. Maintaining compliance can lay the path for a secure company. Implementing strong security practices can keep your company compliant. Incorporating both will make them stronger and more effective than individually on their own.
  1. Most data breaches are linked to a human (employee) element. Require regular, effective security training for your employees. Educate them on identifying all types of risk, fraud, and cyber attack threats—you will be so glad you did! Ultimately, move past simply having security awareness, and move towards giving your team members a sense of good security judgment with a strong culture of security and compliance. 

If you’re interested in discovering how Nylas safeguards customers’ data through our multi-layered physical and technical security program, check out Security at Nylas. Or, you can get in touch with a platform specialist.

Related resources

How to safeguard your users’ data with a secure email API

Learn how to protect your users’ communication data and about the importance of investing in a secure email API.

Nylas’ 2023 compliance audits: A benchmark in trust and security

Explore Nylas’ 2023 compliance journey, highlighting our dedication to trust, security, and industry excellence for partners and stakeholders.

What is a third-party API, and why should you use one for your app?

Learn what a third-party API is, how it works, its security benefits, and how using one in your application will save your business both time and money.