Chicago’s Sprout Social prices IPO mid-range at $17 per share, raising $150M

On the heels of Bill.com’s debut, Chicago-based social media software company Sprout Social priced its IPO last night at $17 per share, in the middle of its proposed $16 to $18 per-share range. Selling 8.8 million shares, Sprout raised just under $150 million in its debut.

Underwriters have the option to purchase an additional 1.3 million shares if they so choose.

The IPO is a good result for the company’s investors (Lightbank, New Enterprise Associates, Goldman Sachs and Future Fund), but also for Chicago, a growing startup scene that doesn’t often get its due in the public mind.

At $17 per share, not including the possible underwriter option, Sprout Social is worth about $814 million. That’s just a hair over its final private valuation set during its $40.5 million Series D in December of 2018. That particular investment valued Sprout at $800.5 million, according to Crunchbase data.

So what?

Sprout’s debut is interesting for a few reasons. First, the company raised just a little over $110 million while private, and will generate over $100 million in trailing GAAP revenue this year. In effect, Sprout Social used less than $110 million to build up over $100 million in annual recurring revenue (ARR) — the firm reached the $100 million ARR mark between Q2 and Q3 of 2019. That’s a remarkably efficient result for the unicorn era.

And the company is interesting, as it gives us a look at how investors value slower-growth SaaS companies. As we’ve written, Sprout Social grew by a little over 30% in the first three quarters of 2019. That’s a healthy rate, but not as fast as, say, Bill.com . (Bill.com’s strong market response puts its own growth rate in context.)

Thinking very loosely, Sprout Social closed Q3 2019 with ARR of about $105 million. Worth $814 million now, we can surmise that Sprout priced at an ARR multiple of about 7.75x. That’s a useful benchmark for private companies that sell software: If you want a higher multiple when you go public, you’ll have to grow a little faster.

All the same, the IPO is a win for Chicago, and a win for the company’s investors. We’ll update this piece later with how the stock performs, once it begins to trade.

Adobe turns it up to 11, surpassing $11B in revenue

Yesterday, Adobe submitted its quarterly earnings report — and the results were quite good. The company generated a tad under $3 billion for the quarter, at $2.99 billion, and reported that revenue exceeded $11 billion for FY 2019, its highest-ever mark.

“Fiscal 2019 was a phenomenal year for Adobe as we exceeded $11 billion in revenue, a significant milestone for the company. Our record revenue and EPS performance in 2019 makes us one of the largest, most diversified, and profitable software companies in the world. Total Adobe revenue was $11.17 billion in FY 2019, which represents 24% annual growth,” Adobe CEO Shantanu Narayen told analysts and reporters in his company’s post-earnings call.

Adobe made a couple of key M&A moves this year that appear to be paying off, including nabbing Magento in May for $1.7 billion and Marketo in September for $4.75 billion. Both companies fit inside its “Digital Experience” revenue bucket. In its most recent quarter, Adobe’s Digital Experience segment generated $859 million in revenue, compared with $821 million in the sequentially previous quarter.

Obviously buying two significant companies this year helped push those numbers, something CFO John Murphy acknowledged in the call:

Key Q4 highlights include strong year-over-year growth in our Content and Commerce solutions led by Adobe Experience Manager and success with cross-selling and up-selling Magento; Adoption of Adobe Experience Platform, Audience Manager and Real-Time CDP in our Data & Insights solutions; and momentum in our Marketo business, including in the mid-market segment, which helped fuel growth in our Customer Journey Management solutions.

All of that added up to growth across the Digital Experience category.

But Adobe didn’t simply buy its way to new market share. The company also continued to build a suite of products in-house to help grow new revenue from the enterprise side of its business.

“We’re rapidly evolving our CXM product strategy to deliver generational technology platforms, launch innovative new services and introduce enhancements to our market-leading applications. Adobe Experience Platform is the industry’s first purpose-built CXM platform. With real-time customer profiles, continuous intelligence and an open and extensible architecture, Adobe Experience Platform makes delivering personalized customer experiences at scale a reality,” Narayan said.

Of course, the enterprise is just part of it. Adobe’s creative tools remain its bread and butter, with the creative tools accounting for $1.74 billion in revenue and Document Cloud adding another $339 million this quarter.

The company is talking confidently about 2020, as its recent acquisitions mature and become a bigger part of the company’s digital experience offerings. But Narayan feels good about the performance this year in digital experience: “When I take a step back and look at what’s happened during the year, I feel really good about the amount of innovation that’s happening. And the second thing I feel really good about is the alignment across Magento, Marketo and just call it the core DX business in terms of having a more unified and aligned go-to-market, which has not only helped our results, but it’s also helped the operating expense associated with that business,” he said.

It is no small feat for any software company to surpass $11 billion in trailing revenue. Consider that Adobe, which was founded in 1982, goes back to the earliest days of desktop PC software in the 1980s. Yet it has managed to transform into a massive cloud services company over the last five years under Narayan’s leadership.

Grading the final tech IPOs of 2019

As the holiday slowdown looms, the final U.S.-listed technology IPOs have come in and begun to trade.

Three tech, tech-ish or venture-backed companies went public this week: Bill.com, Sprout Social and EHang. Let’s quickly review how each has performed thus far. These are, bear in mind, the last IPOs of the year that we care about, pending something incredible happening. 2020 will bring all sorts of fun, but, for this time ’round the sun, we’re done.

Pricing

Our three companies managed to each price differently. So, we have some variety to discuss. Here’s how each managed during their IPO run:

How do those results stack up against their final private valuations? Doing the best we can, here’s how they compare:

So EHang priced low and its IPO is hard to vet, as we’re guessing at its final private worth. We’ll give it a passing grade. Sprout Social priced mid-range, and managed a slight valuation bump. We can give that a B, or B+. Bill.com managed to price above its raised range, boosting its valuation sharply in the process. That’s worth an A.

Performance

Trading just wrapped, so how have our companies performed thus far in their nascent lives as public companies? Here’s the scorecard:

  • EHang’s Friday closing price: $12.90 (+3.2%)
  • Sprout Social’s Friday closing price: $16.60 (-2.35%)
  • Bill.com’s Friday closing price: $38.83 (+76.5%)

You can gist out the grades somewhat easily here, with one caveat. The Bill.com IPO’s massive early success has caused the usual complaints that the firm was underpriced by its bankers, and was thus robbed to some degree. This argument makes the assumption that the public market’s initial pricing of the company once it began trading is reasonable (maybe!) and that the company in question could have captured most or all of that value (maybe!).

Bill.com’s CEO’s reaction to the matter puts a new spin on it, but you should at least know that the week’s most successful IPO has attracted criticism for being too successful. So forget any chance of an A+.

Image via Getty Images / Somyot Techapuwapat / EyeEm

macOS Update | What’s New With Catalina 10.15.2?

It’s been two months since Apple dropped the initial release of macOS Catalina, and after a rapid few supplemental updates and a first point upgrade in the first month, things appear to have slowed down to a normal cadence. This week, Apple dropped the public release of 10.15.2, a full month after showing developers the first beta. So, what’s changed in this update? Let’s take a look and see!

image catalina update

Features and Tweaks

After installing the 10.15.2 update, users should find they are now on build 19C57. While point updates are not typically opportunities for Apple to add new features, 10.15.2 does bring a small number of user level additions.

image of Catalina 10.15.2

Apple News receives a new layout and now carries content from the Wall Street Journal and other “leading newspapers”, while Stocks adds links to related content at the end of articles. The Music app restores column browser view for managing the music library, while iTunes Remote now supports using an iOS device to remotely control the Music and TV apps on a Mac. More details are provided by Apple here.

Bug Fixes

The 10.15.2 update brings six patches for what appear to be privilege escalations in, among other APIs and services, CFNetwork Proxies (CVE-2019-8848), the Kernel (CVE-2019-8833, ) and Security (CVE-2019-8832).

There is also a fix for an arbitrary code execution bug in FaceTime (CVE-2019-8830) when handling a maliciously crafted video, and Catalina’s Bluetooth receives a patch for CVE-2019-8853 which could allow an application to read restricted memory.

Apple also finally applied a patch for the opensource tcpdump and libpcap networking utilities. That patch has been available since September, but for reasons only Apple know this didn’t make the cut for the initial release of Catalina in October or the first point update after that. Having now just made it into macOS, it’s worth noting that the tcpdump 4.9.3 and libpcap version 1.9.1 are exclusive to Catalina, at least at the moment. Mojave and earlier OSs haven’t received the updated versions, which plug an astonishing 32 vulnerabilities with CVEs stretching back all the way from 2017 to 2019. While the vulns all have ‘Modified’ status in the NIST database, they at least have a description indicating the issue, save for the most recent one, CVE-2019-15167, which remains reserved.

image of tcpdump new version

Apple’s security notes also gave additional recognition to Kishan Bagaria and Tom Snelling for their assistance in what Apple have only described as an issue in “Accounts”. The same recognition also appears in the iOS and iPadOS 13.3 release notes. Bagaria has published a blog post detailing an iOS/iPadOS bug that allows a malicious user to cause a Denial-of-Service attack on nearby devices that have AirDrop enabled. Whether the bug applied to macOS as well hasn’t been mentioned, but credit in the Catalina security release notes suggests that macOS may have either been susceptible to some version of “AirDoS”, as Bagaria has dubbed it, or needed some kind of update to maintain AirDrop compatibility with patched mobile devices.

Security Changes Apple Didn’t Announce

As usual with macOS updates, there’s a few things under the hood that have occurred that Apple do not make public statements about but which are nevertheless of interest to the security community. As described by researcher Scott Knight and independent macOS developer and blogger Howard Oakley, 10.15.2 has seen some important changes to XProtect.

Let’s take a look at the two XProtect bundles side by side to see how they differ. Here, I’ve made local copies of the original 10.15.1 and 10.15.2 bundles so that I can safely mess with them.

image of Xprotect comparison

As we can see, the version number has been bumped in the Info.plist and version.plist files from v2108 to v2109.

The most obvious change is in the XProtect.yara files, with the updated file having increased in size from 44KB to 51KB. Let’s run a diff on them and output only the additions to a new text file (here I’ve changed the respective file names to make it easier to see which is which).

$ diff XProtect_10_15_1.yara XProtect_10_15_2.yara | grep > | sed 's/>//' >> Xprotect_new.txt

Let’s examine that in Vi and see what we’ve got. There’s 109 additional lines.

image of Xprotect new rules

We can do a quick grep to see how many rules or new families there are.

$ grep 'rule XProtect_' Xprotect_new.txt

image of xprotect new families

It appears there are 7 new families, three of which – MACOS_7726045, MACOS_0dd569a, and MACOS_bca65d5 – have a curious new meta label gk_first_launch_only set to the value of true.

$ grep -B3 'gk_first' Xprotect_new.txt

image of gk first launch

As one of the changes made to Catalina’s Gatekeeper protections is to include security checks not just on first launch but at unspecified times after that, it’s plausible that this label may be related to that, perhaps telling XProtect to skip these checks on code that’s already been checked and passed. At this point that remains speculation until we’ve had further time to correlate the rules against actual samples (a list of samples that match the rules has already been collated by Scott Knight here).

Importantly, macOS users that are still on Mojave 10.14.6 or earlier should be aware that at present the v2109 XProtect update has not been seeded to those earlier macOS versions, so you are only getting the updated protection if you are on Catalina.

The gk.db database, a new security resource in Catalina that blocks developers by Team ID and which may be related to Notarization, resides within the XProtect bundle’s Resources folder. The 10.15.1 and 10.15.2 versions turn out to have different shasums, and if you dump the SQLite3 databases and run a diff on them they might seem at first glance to be different. In fact, the two databases have identical contents, but the data in the tables appears to have been sorted differently.

image of gk db

There does not appear to have been any significant change to Apple’s other security technology, the MRT (Malware Removal Tool) app. The executable does have a different shasum on 10.15.2, though:

image of mrt shasum

However, MRT.app’s version number remains the same as it is on both 10.15.1 and 10.14.6 at v1.50. Examination of the executables indicates the 10.15.2 version to be functionally identical to 10.15.1 despite the change in hash. The differing shasum looks to be simply a consequence of the application being re-signed. If you go looking for MRT.app, remember that on Catalina it has moved from /System/Library/CoreServices folder to /Library/Apple/System/Library/CoreServices, and now only keeps company with a few other security related tools. An alias is provided to this location from the main CoreServices folder in /System/Library/CoreServices.

image of core services folder

Conclusion

As always, users are reminded that timely patching is a crucial part of your security posture. As Catalina begins to mature and the number of security bug fixes that haven’t been back ported to Mojave and earlier grows, the urgency for those that haven’t yet made the jump to 10.15 to update will only increase.

Remember also that whether you’re running the latest macOS or an older, unpatched version, the built-in security tools are only going to block known malware families, and then only temporarily until the malware authors modify their code to avoid simple string search matches like those used in XProtect. To ensure that your devices are fully-protected, an on-device security solution that employs behavioral detection is the safest bet.


Like this article? Follow us on LinkedIn, Twitter, YouTube or Facebook to see the content we post.

Read more about Cyber Security

DataRobot is acquiring Paxata to add data prep to machine learning platform

DataRobot, a company best known for creating automated machine learning models known as AutoML, announced today that it intends to acquire Paxata, a data prep platform startup. The companies did not reveal the purchase price.

Paxata raised a total of $90 million before today’s acquisition, according to the company.

Up until now, DataRobot has concentrated mostly on the machine learning and data science aspect of the workflow — building and testing the model, then putting it into production. The data prep was left to other vendors like Paxata, but DataRobot, which raised $206 million in September, saw an opportunity to fill in a gap in their platform with Paxata.

“We’ve identified, because we’ve been focused on machine learning for so long, a number of key data prep capabilities that are required for machine learning to be successful. And so we see an opportunity to really build out a unique and compelling data prep for machine learning offering that’s powered by the Paxata product, but takes the knowledge and understanding and the integration with the machine learning platform from DataRobot,” Phil Gurbacki, SVP of product development and customer experience at DataRobot, told TechCrunch.

Prakash Nanduri, CEO and co-founder at Paxata, says the two companies were a great fit and it made a lot of sense to come together. “DataRobot has got a significant number of customers, and every one of their customers have a data and information management problem. For us, the deal allows us to rapidly increase the number of customers that are able to go from data to value. By coming together, the value to the customer is increased at an exponential level,” he explained.

DataRobot is based in Boston, while Paxata is in Redwood City, Calif. The plan moving forward is to make Paxata a west coast office, and all of the company’s almost 100 employees will become part of DataRobot when the deal closes.

While the two companies are working together to integrate Paxata more fully into the DataRobot platform, the companies also plan to let Paxata continue to exist as a standalone product.

DataRobot has raised more than $431 million, according to PitchBook data. It raised $206 million of that in its last round. At the time, the company indicated it would be looking for acquisition opportunities when it made sense.

This match-up seems particularly good, given how well the two companies’ capabilities complement one another, and how much customer overlap they have. The deal is expected to close before the end of the year.

Why Bill.com didn’t pursue a direct listing

Bill.com went public today after pricing its shares higher than it initially expected. The B2B payments company sold nearly 10 million shares at $22 apiece, raising around $216 million in its IPO. Public investors felt that the company’s price was a deal, sending the value of its equity to $35.51 per share as of the time of writing.

That’s a gain of over 61%.

On the heels of its successful pricing run and raucous first day’s trading, TechCrunch caught up with Bill.com CEO René Lacerte to dig into his company’s debut. We wanted to know how pricing went, and whether the company (which possibly could have valued itself more richly during its IPO pricing, given its first-day pop) had considered a direct listing.

Lacerte detailed what resonated with investors while pricing Bill.com’s shares, and also did a good job outlining his perspective on what matters for companies that are going public. As a spoiler, he wasn’t super focused on the company’s first-day return.

For more on the Bill.com IPO’s nuts and bolts, head here. Let’s get into the interview.

René Lacerte

The following interview has been edited for length and clarity. Questions have been condensed.

TechCrunch: How did your IPO pricing feel, and what did you learn from the process?

Lacerte: I think the whole experience has been an incredible learning experience from a capitalism perspective; that’s probably a broader conversation. But you know, it really came down to how our story resonated with investors, and so there’s three components that we kind of really talked to folks about.

Salesforce promotes Bret Taylor to president and COO

Salesforce announced today that it has named Bret Taylor as president and chief operating officer of the company. Prior to today’s promotion, Taylor held the position of president and chief product officer.

In his new position, Taylor will be responsible for a number of activities, including leading Salesforce’s global product vision, engineering, security, marketing and communications. That’s a big job, and as such he will report directly to chairman Marc Benioff.

Taylor has had increasing responsibilities over the last couple of years, taking the lead on many of Salesforce’s biggest announcements at Dreamforce, the company’s massive yearly customer conference. In fact, Benioff said in a statement that Taylor has already been responsible for product vision, development and go-to-market strategy prior to today’s promotion.

“His expanded portfolio of responsibilities will enable us to drive even greater customer success and innovation as we experience rapid growth at scale,” Benioff said in the statement.

Brent Leary, founder at CRM Essentials, who has been watching the company since its earliest days, says it feels like this could be part of a succession plan down the road. This promotion could be a signal that Taylor is being groomed to take over for Benioff and co-CEO Keith Block whenever they decide to move on.

“It’s been feeling like he’s being groomed for the big chair somewhere down the line. He’s a generation behind the current leadership, but his experiences at startups and creating iconic technologies at iconic companies uniquely positioned him for a move like this at a company like Salesforce,” Leary told TechCrunch.

Ray Wang, founder and principal analyst at Constellation Research, agrees, saying Taylor is a rising star at Salesforce. “As the guy who invented the Like button at Facebook, Google Maps and other innovations, he’s the Chosen One to take the technologies teams further,” Wang said.

Wang added that Taylor’s strengths are about quickly determining a pragmatic path to market for ideas, but also simplifying the complex. “It’s a good move for Salesforce, and shows the deep bench strength the team has,” he said.

Taylor came to Salesforce when the company purchased Quip in August 2016 for $750 million. He was promoted to president and chief product officer in November 2017. Prior to launching Quip he was chief technology officer at Facebook.

5 Things to Know About SentinelLabs’ Finding Link Between Crimeware and APT Lazarus

Today, SentinelLabs reveals new research that establishes the first known link between the pervasive TrickBot crimeware and North-Korean APT group Lazarus. In this post, we explain the significance of the discovery and get some unique insights from SentinelOne’s Chief Security Advisor Morgan Wright on why this ground-breaking research changes the game for enterprise security.

image of S1 Labs

1. What Did SentinelLabs Discover About Crimeware and APT Lazarus?

Research by the SentinelLabs’ team led by Vitali Kremez shows that a new TrickBot derivative project called ‘Anchor’ allows TrickBot customers access to higher-level APT-type functionality, tools and methods. These include loading frameworks such as Metasploit, Cobalt Strike and PowerShell Empire for further post-exploitation and clean-up routines to remove evidence of an attack. In their report, the SentinelLabs team reveal evidence that a known Lazarus toolkit, PowerRatankba, was loaded via the TrickBot Anchor project, thus unmasking the relationship between one of the world’s most successful crimeware operations and a nation-state actor interested not only in espionage but also financial reward.

2. Why is the Finding About TrickBot and Lazarus So Important?

SentinelOne’s Chief Security Advisor, Morgan Wright, explained that this is the first time we’ve seen North Korea – a state sponsor of terrorism and one of the top four adversaries we have in cyberspace, besides Russia, China and probably Iran – working together with a criminal syndicate.

Morgan “The SentineLabs report on Anchor talks about how North Korea isn’t just exploiting information for espionage, but also stealing and monetizing information in order to fund their government. This has huge implications for the business world, for decision makers, for how we’re going to spend, what we’re going to defend against and what the real threats are, and it shows the innovation that our adversaries are engaging in to stay a step ahead.”

3. What Are the Implications for National Security?

Morgan: “Had this not been discovered, we would never have realized that these crimes against our businesses are actually helping to fund terrorism. They are helping to fund North Korea’s nuclear weapons development. The money they generate through these cybercrimes is then used back against the United States and other nations.”

“Knowing what we now know thanks to this unique research, it gives our decision makers, especially U.S. Cyber Command, the NSA, people who have a responsibility for offensive cyber operations, the chance to look at this and say, what can we do now to stop these attacks? What can we do now to put another tool in our arsenal so that we can blunt these attacks and that we can also give warning, give intelligence to our partners, to our businesses?”

“From a policy standpoint, decision makers can now look at this new threat information to make different decisions. We need, also, to recognize that we don’t know how long this kind of activity has been going on undetected until now. People need to ask are we vulnerable? Have we been hit? Can we do some things to mitigate this?”

4. What Does The SentinelLabs Report Mean For CISOs?

Morgan: “One of the first things CISOs ought to be doing with this is educating the leadership, educating the executives to explain why this thing is important and why they need to be able to defend against it. CISOs have to get the buy-in from the top as well as from the people who have to implement policy for each company. The SentinelLabs report on the Trickbot Anchor project is 31 pages of unique research, not re-analysis or aggregated findings from other sources.”

“This report gives a lot of information for CISOs to take affirmative and very confident actions. They can implement this into their overall policy, into their overall security architecture, into their overall schemes, and make sure they go back and look to see if they are vulnerable, if they’ve been hit, and what actions they need to take going forward.”

5. What Else Can You Tell Us About SentinelLabs?

Morgan: “Many people use third party information or they buy information from other sources. This SentinelLabs report is the product of SentinelOne’s own research division brought to you by people with vast amounts of experience. The combined industry experience of everybody on the team runs from the FBI to national security to big companies, big pharma, big banks. You get the best analysis, the best information, that you can take immediate steps to use. I can’t wait to see what they come up with next.”

Read the Report…

SentinelLabs is a research division designed to identify new attack vectors and mitigate threats impacting businesses.


Like this article? Follow us on LinkedIn, Twitter, YouTube or Facebook to see the content we post.

Read more about Cyber Security

Refocusing on relocation, Jobbatical launches new offices in Spain and Germany

I’ve been following Estonia-headquartered Jobbatical and its founder, Karoli Hindriks, for years. Part of the vanguard of startups working on infrastructure for digital nomads, the startup has been building the base platform to help global job seekers hire and fire their governments.

As Jobbatical has worked with more and more companies and governments though, it has learned that the friction here is not just finding employment globally for talented individuals, but rather the actual process of applying for immigration and work permits, ranging from forms that must be filed in person to the hours of labor it can take to fill out an application.

“What started to happen was that the relocation part… became something that the clients came back to us and said, ‘Can you do relocation for everyone and not just those coming through Jobbatical?’” Hindriks explained.

Last year, Jobbatical began to refocus its platform on powering relocation for workers at companies, and now its new strategy is coming into focus with the launch of the company’s new offices in Spain and Germany, announced on stage earlier today at TechCrunch Disrupt Berlin.

In the process, the company hopes to not just make the immigration process easier — but also much faster.

“How much time are government officials doing dummy work?” Hindriks asked. “30-40% of the consulate’s time is spent on answering the question of ‘what is the status of my visa?’”

The problem is that feedback in the immigration system is not available to all the players involved. Immigration process agents at companies who handle their workers’ visas have to constantly search around to make sure they are moving each of their cases forward. Managers have no idea when their workers may move, while employees are kept in the dark about their current status, inducing anxiety.

Hindriks’ vision is to help each of these three sides use a “TurboTax for immigration” to streamline the process. Jobbatical now can handle immigration applications in Estonia, Germany, and Spain and hopes to add Finland early next year.

But the more ambitious vision is ultimately to help governments drive their processes faster. Similar to how, say, the U.S. tax agency the Internal Revenue Service offers eFiling, Hindriks sees a future where Jobbatical can help facilitate immigration filings and massively speed up the efficiency of governments around these processes by allowing workers to directly submit applications to the government. She is working with two countries today to create exactly these sorts of digital submission systems.

It’s a space that has heated up in recent years as immigration continues to flow across the world. Boundless, for instance, helps individuals apply for U.S. green cards. Jobbatical is focused on the B2B market, focused on companies with global workforces.

Despite the deep debate in many countries over immigration, the reality is that every country has skills deficits that can be helped with smart and efficient immigration. Jobbatical is one company that may make the system more fair and relaxing for stressed workers looking to build their international careers.

Hyperproof wants to make it easier to comply with GDPR and other regulations

As companies try to figure out how to comply with regulations like GDPR, ISO or Sarbanes Oxley, they face a huge challenge just getting started. Hyperproof, a Bellevue, Wash. startup, is launching a new product to help companies build a workflow to get them in compliance in a more organized way.

Company co-founder and CEO Craig Unger says most companies struggle with the complexity of compliance. It involves a lot of different activities and often requires the cooperation of employees, who typically aren’t involved in compliance.

Hyperproof wants to provide a single place where companies can undertake their compliance activities. “In reality, there’s no single place where if you’re a compliance officer, you can say, ‘here is where I do my work.’ Here is the equivalent of my SAP system for a CFO or my CRM system for a head of sales or head of marketing — and Hyperproof is just that,” Unger explained.

He says most companies do compliance today in a fairly ad hoc way, relying on technology like spreadsheets to track tasks, and email to make requests for needed information. What Hyperproof does is package all of that into a single program. You indicate which compliance regimen you want to work with, and Hyperproof builds a workspace for you with all of the requirements you need for that compliance framework.

Unger says at this point, the company is simply putting all of the tasks in a single workflow to simplify and organize your activities around this compliance framework.You can also import a spreadsheet to get that information inside Hyperproof, or outline the requirements in your own language in the program.

“Once you have a defined program in place, you can start working with the rest of the organization in a collaborative way by sending emails. The evidence that comes back gets put inside Hyperproof as an immutable record with an audit trail around this data collection,” Unger explained. Should you get audited, you have a central place to show the auditor your work.

The company has concentrated on building the workflow part of this, but in the future wants to add automation and APIs to connect directly to other systems to automate many of the activities. The goal with the initial release was to get companies a compliance framework workflow, and then build on that in the future.

The company was founded last year and has raised $3 million from 23 angel investors in the Seattle area where they are based. In fact, Unger is a former Microsoft employee and also helped found Azuqua, a workflow startup he sold to Okta this year for $52.5 million.