CASE STUDY
ÉTUDE DE CAS

Clozd drives efficiency and business growth with Vanta

COMPANY
ENTREPRISE
Clozd
EMPLOYEES
EMPLOYÉS
Not shared
LOCATION
EMPLACEMENT
Lehi, Utah
INDUSTRY
INDUSTRIE
General Software
VANTA CUSTOMER SINCE
ANNÉES AVEC VANTA
2021
Time savings and increased leverage

By partnering with Vanta for SOC 2 automation, Clozd saved two quarters worth of work and achieved compliance in 6 months.

Automated risk monitoring

Vanta’s 300+ integrations enable Clozd to maintain holistic compliance with minimal effort, allowing the team to focus on driving customer value.

Trust as a growth lever

Clozd utilizes Trust Center externally to proactively demonstrate trust and accelerate new deals.

“If we’re able to spend our time focusing on value delivery for our customers, that to me is success when it comes to a good security program and the value that Vanta provides.”

Daryl Pinkal
CTO, Clozd
The company

World-class technology and services for win-loss analysis 

Clozd, headquartered in Utah, is a software and services organization specializing in win-loss analysis, helping customers understand why they win or lose sales opportunities to drive strategic improvements and enhance sales performance. Founded in 2017, the company works with customers of all sizes – from large businesses like Stripe and Workday to startups and small businesses. 

Clozd goes beyond typical market research by going directly to buyers to understand why they chose to purchase (or not to purchase). By using unbiased feedback directly from buyer interviews, Clozd helps teams understand the decision drivers that have the largest impact on sales outcomes, so teams can make more informed strategic decisions. Clozd has continued to expand its capabilities and recently partnered with Gong to further integrate customer interaction data into the Clozd platform. 

Clozd delivers its products primarily through AWS, using a wide range of AWS services. This includes AWS Elastic Container Service (ECS) in their VPC to run their application, storage services like AWS RDS, AWS EC2, and AWS S3, Lambdas that take operations based on events from AWS Kinesis, as well as AWS Elastic Load Balancers for traffic routing. Clozd also uses a range of AWS governance tools such as AWS CloudWatch, AWS Control Tower, and AWS GuardDuty to continuously monitor and manage their infrastructure. Many of these resources are in scope for SOC 2 and ISO 27001 audits.

Daryl Pinkal, CTO at Clozd, came to Clozd in 2020 to lead engineering, product management, DevOps, and infosec. As Clozd grew, the team began receiving more questions about their security posture and it became clear that attaining a SOC 2 or ISO 27001 would be critical to Clozd’s growth and expansion. 

The challenge

Achieving compliance while continuing to drive new customer value

Around a year after joining Clozd, it became clear to Daryl that Clozd would need to invest in compliance frameworks to support company growth. There was increasing demand for more information about Clozd’s security posture, but there weren’t enough resources to achieve compliance standards like SOC 2 or ISO 27001 while also handling a growing number of security reviews and demands of a growing business. 

As Daryl explored compliance options for Clozd, he knew from previous experience that the manual way wouldn’t work. Having achieved FedRamp compliance at his past company, Daryl experienced first-hand the pain of completing audits and evidence collection manually. In the old world, achieving compliance meant devoting time to large group meetings with inefficient workflows that distracted focus from driving new customer value. “We went into business to build great products for customers,” Daryl says. “So it was super frustrating for us to go through all of these different controls necessary for compliance, and still feel like we were being productive and focused on the right needs for our customers and the business.” 

Clozd also needed a partner that could automate evidence collection from their wide set of AWS resources. Automation was essential to limiting the amount of manual evidence collection required for audit as well as reducing back and forth with IT and cloud teams to gather evidence.

Daryl prioritized finding a partner that could automate compliance with minimal effort and transform Clozd’s approach to security from a point-in-time check into a real-time system with continuous monitoring and alerting. The need for a solution that enabled Clozd to be proactive in achieving and maintaining security posture — all without scaling the size of his internal team — meant Daryl had to find a unique partner. 

{{quote-2}}

The solution

Holistic risk visibility that goes beyond point-in-time compliance 

In his search for a security and compliance partner, Daryl found Vanta was the only offering that satisfied his requirements for an automated compliance solution. Once Daryl made the decision to partner with Vanta, Clozd quickly realized value, achieving their SOC 2 report with the help of a Vanta partner auditor within 6 months. 

Beyond achieving compliance quickly, Daryl also saw massive time savings for his team, “Between all of the policy documents that we were able to accelerate with the templates in Vanta, to just having the checklist that managed the to-dos and action items across the organization, we’re saving two full quarters worth of work.

Much of the time savings came from the deep integration between Vanta and AWS. Because both Clozd and Vanta are built on AWS, the strong scalability and configurability powered by rich SDKs and APIs make it simple to integrate Clozd’s cloud environment with Vanta. As Vanta pulls resources, inventory, users, groups, and permissions data from AWS CloudTrail and AWS APIs to gather evidence for audit, Vanta uses automated tests to identify misconfigurations or security improvements that can be resolved within AWS and other tools in Clozd’s tech stack.

By integrating their infrastructure with Vanta, Daryl has a real-time view of Clozd’s security posture, which helps him go beyond acquiring a point-in-time compliance attestation. Daryl believes that maintaining compliance is key to his organization's success and finds value in Vanta’s automated alerts, “It’s almost like having an [internal] auditor full-time on the team, just constantly auditing our business, and that’s super helpful for us.” This has allowed Daryl and his team to save time on manual tasks and streamline their processes, enabling them to focus on building new products and driving customer value.  

Vanta’s Trust Management Platform and commitment to continuous security monitoring has enabled Clozd to make security a company-wide effort and influence Clozd’s culture. With Vanta, Daryl has been able to seamlessly involve cross-functional teams, like finance, to help ensure Clozd remediates any issues in a timely manner and maintains its security posture. 

The impact

Maintaining compliance and driving new growth with trust

Daryl’s approach to proactive security means he will continue to focus on maintaining SOC 2 and ISO 27001 accreditations as his organization scales. He also plans to continue prioritizing rapid SLAs on security reviews, further expediting deal cycles. 

Finally, Daryl is eager to increase utilization of Clozd’s Trust Center as a way to demonstrate trust externally and directly influence growth. “By giving our customers access to everything we’re doing, we build trust with our customers that [security] is top of mind, that it’s a priority for us and something we’re investing in.” By pushing compliance up the funnel and directly into sales conversations, Daryl is making Clozd’s proactive approach to security a point of confidence for prospective customers. 

{{quote-3}}

“I wasn’t interested in consulting services. I was interested in something product-led, something that would enable me and my team to do this.”

Daryl Pinkal
CTO, Clozd

“If we’re able to spend our time focusing on value delivery for our customers that to me is a success when it comes to a good security program and the value that Vanta provides.”

Daryl Pinkal
CTO, Clozd