Bruin is a unified analytics platform that brings together transformation, data quality, observability and governance.
“Support was one of the important factors that I had doubts about when evaluating other vendors. I felt like I was too small of a customer and no one would care if I had questions. Secureframe convinced me that they knew what they were talking about, and provided quick answers with solid reasoning. They made me feel good from the beginning of working with them until I became a customer.”
Burak Karakan, Co-Founder and CEO at Bruin
Jump To
Bruin is a data platform that allows companies to ingest, transform, and check their data on a serverless infrastructure, unlocking the capabilities of their data effectively. Because Bruin has indirect access to a large amount of customer data, co-founder and CEO Burak Kurakan felt compelled to get their security and compliance right from the start.
“We are less than a year old as a company and relatively small as are our customers. While they’re not asking for compliance certifications yet, security is an important part of their evaluation process. We wanted to make sure that we had a good security and compliance posture when it comes to the basics.”
Knowing that SOC 2 and ISO 27001 were both rigorous standards that would help them establish strong data security measures, Bruin decided to pursue SOC 2 because they wanted to focus more on the US market.
Since the team is building and launching as they go, they don’t have the time or resources for a manual approach to SOC 2 compliance. In addition to reducing the burden of compliance, Burak also wanted to automate the process as much as possible to reduce human error, given the scope and complexity of their tech stack.
“Even as a small company, we have at least 10 different vendors and products we use. Throughout these products, there's thousands of different configuration bits. It would be a huge burden on my team to take care of all of these bits manually, and I’m 100% sure we would have missed things,” he says. “So it just wasn’t realistic for me to think I could take care of this manually or even hire a firm to do so.”
Since it was Burak’s first time trying to prepare for SOC 2 compliance, he expected that he would need a lot of handholding. So when choosing a compliance platform, he wanted to trust the company and the people. The people helped set Secureframe apart.
“Support was one of the important factors that I had doubts about when evaluating other vendors. I felt like I was too small of a customer and no one would care if I had questions. Secureframe convinced me that they knew what they were talking about, and provided quick answers with solid reasoning,” he says. “Secureframe made me feel good from the beginning of working with them until I became a customer.”
Thanks to Secureframe’s onboarding and overall ease of use, Burak found it easy to get started himself. While he needed less handholding than expected, he appreciated that dedicated support was available.
“I set things up myself, but the fact that I had an account manager assigned to me that helped me get started was an extra benefit,” he says. “It's a pro in both ways: it's good that I can do everything myself, and it's good that I have someone dedicated to help me.”
Burak was also able to get up and running in Secureframe quickly thanks to the seamless trial process Secureframe offered. Secureframe not only had all the core integrations Burak needed — they also set them up during the demo phase so he understood exactly what the platform would look like as he kicked off his SOC 2 compliance efforts.
“I needed it to be integrated with every platform I use, from cloud platforms like Google and AWS to day-to-day platforms like GitHub, GitLab, Slack, Rippling, and Linear. That was a must for me,” says Burak.
Secureframe’s automated evidence collection via these integrations meant Burak’s already busy team didn’t need to waste time on slow, manual processes to get compliant or guess what they needed to do. Their readiness status and remaining action items for SOC 2 compliance were clearly laid out directly in the platform thanks to Secureframe’s ability to integrate with the tools they use every day.
“It connects all of these platforms really nicely, automatically including the relevant information from those platforms,” he says. “Even if they dropped all of their other features, I would still pay for that.”
Secureframe also simplified other security and compliance tasks, like policy management.
“I knew I needed to create policies, but I didn’t want to write them myself. Secureframe automatically added the right templates for me, which made it all feel easier.”
Secureframe’s partner network of trusted auditors who are familiar with the Secureframe platform was also a major benefit for Burak, who didn’t want to pick an auditor or explain the platform to them.
“The fact that you have auditors already trained on and using the platform provided good peace of mind for me.”
Burak expects Secureframe to save his team hours of manual work preparing for SOC 2 compliance, enabling them to focus on other strategic priorities like building their brand and closing deals.
“Without the automation Secureframe has, this would take me four times longer, at least,” he says. “I can complete this readiness work much more quickly, with as little effort as possible.”
Secureframe’s automated continuous monitoring also provides Burak assurance that they will maintain compliance year after year.
“Thinking forward to a second year of this, the fact that I’m not going to have to do all this work from scratch again, and that I’ll have automated continuous monitoring is a significant win for me as a business.”
Burak believes SOC 2 compliance will provide the security foundation needed for their data platform to grow and move upmarket.
“Without having a SOC 2 report and trust factors in place, we can’t close larger clients. Secureframe is going to be a very important pillar to get there,” says Burak.
Beyond getting SOC 2 ready, Secureframe is also helping Bruin improve visibility and security across the entire company.
“Connecting all of these platforms gave us a very good view into the business and our technological positioning, so I can treat Secureframe as a security platform,” he says. “The fact that I can see individuals, partners, and vendors and what they can access, whether or not they’re using two-factor authentication, and so on, is so valuable. I really like the fact that it has a bird's eye view into my technical real estate. I don’t have this view anywhere else.”
Leveraging Secureframe as a security and compliance platform as well as their dedicated support resources, Burak is confident that Bruin has made a solid start in building out its information security program and earning and retaining customer trust. He looks forward to continuing this partnership.
“Secureframe is a solid platform that has good support, good people, and a very good value for the price,” says Burak. “I like the fact that Secureframe acknowledges that all of us are people, and they treat their customers as people. I’m happy to be working with that kind of company.”
