Compliance and security are critical to Stormboard’s competitive advantage. Their compliance partner needs to offer a superior product backed by a proven reputation.
Stormboard is a fast-growing company supported by small, high-performing teams. To stay laser-focused on business development, they need a solution that saves them as much time as possible.
Stormboard needs a modern platform to efficiently and continuously safeguard its business at all times.
“When we did SOC 2 Type I ourselves it took months. When we used Vanta to get our SOC 2 Type II, it took days.”
The company
Remote collaboration done right
Stormboard is a leading provider of visual collaboration and digital workspace solutions. Stormboard enables businesses to remotely hold meetings, design projects, and get work done every day no matter where they are located.
Stormboard is an international organization that does business with startups and enterprises across 181 countries. Because Stormboard’s SaaS product is designed for telecommunication, data organization and security are integral components of the business. Their virtual whiteboard app has the option to export content to the cloud—a valuable feature that requires responsible data management.
Michael Bollman, Cofounder, CTO, and CSO, says that Stormboard is a security-first company that puts compliance high on the business’s list of priorities. Much of Stormboard’s competitive advantage is based in part by the way the company thinks about security. “Our big enterprise clients love the way we can host their own dedicated servers anywhere in the world,” Michael says.
The challenge
Unlocking new revenue streams
Stormboard experienced a significant surge of growth in 2020. In order to do business with many of the prospective customers inquiring about their product, especially at the enterprise level, Stormboard needed to prove their security standards with SOC 2 compliance. “To do business with large enterprises, SOC 2 was table stakes,” Michael says.
After earning SOC 2 Type I on their own—“the hard way,” according to Michael—Stormboard wanted to take a more efficient approach to meet SOC 2 Type II requirements. The internal DIY approach to Type I was “solid work,” Michael says. “It took me four months to write the policies, find templates, and figure out how to automate controls. It was challenging.”
For a company experiencing a new stage of growth, it was critical for Michael and his teams to dedicate all their energy to unlocking revenue, not maintaining compliance. “As a CTO and founder, I need time back,” Michael says. For the next phase of Stormboard’s security and compliance program Michael required an external solution.
The solution
Choosing a proven compliance partner
When it came time to pursue SOC 2 Type II, Michael began searching for the right compliance partner. “I spent a fair bit of time learning what Vanta was going to do for me, and at that point, it was a no-brainer.”
Creating policies, evidence collection, offboarding templates, and continuous monitoring are the primary use cases for Stormboard. Vanta’s automation platform greatly reduced the time commitment required Michael to ensure Stormboard was continuously secure and compliant. “When we did SOC 2 Type I ourselves it took months. When we used Vanta to get our SOC 2 Type II, it took days.”
After partnering with Vanta to earn their SOC 2 Type II, GDPR was the next goal on Stormboard’s list of compliance goals. Many of Stormboard’s customers are located in the EU, making GDPR another compliance necessity. “The nice thing about SOC 2,” Michael says, “is that you have a lot of the building blocks for GDPR. The Vanta platform continually monitored our progress.”
The impact
Security confidence and efficiency
Now that Stormboard complies with GDPR and SOC 2 Type II through Vanta, Michael and his teams are able to scale the business more efficiently and with confidence. “Our customers are giving us control of intellectual property—it’s sensitive data,” says Michael.
As Stormboard’s products and workflows change over time, Vanta is able to iterate and adapt to their needs. In particular, Vanta’s ability to integrate with Stormboard’s cloud tech stack has become a core element. At the enterprise level, these kinds of integrations demand reputable compliance protocols. “Security is important to us,” Michael says. “It helps me sleep at night knowing our systems are secure, monitored, and audited.”
{{quote-2}} “I don’t think we would have been able to get SOC 2 Type II properly without a tool like Vanta. That would have been my only job.”