Control Graph Becomes Compliance Asset
Sam Li and Austin Ogilvie, co-CEOs of Laika, on the compliance-as-a-service business model
The durable winner in compliance is not the company with one perfect standard, it is the company that turns many messy standards into one reusable control system. Laika is building around shared building blocks like MFA, encryption, access reviews, and policy workflows, then mapping those controls into SOC 2, ISO 27001, HIPAA, and buyer questionnaires. That matters because enterprise buyers, auditors, and CISOs each ask for slightly different proof, and that fragmentation keeps expanding.
-
Laika describes the product as a componentized system. A customer connects AWS, GitHub, Jira, HR tools, and other systems, then the platform continuously checks concrete controls and remaps the same evidence across multiple frameworks. That is more scalable than rebuilding the workflow for each certification one by one.
-
Vanta reached a similar conclusion from the other direction. It started by standardizing SOC 2 for startups, then generalized the product so the same monitoring and evidence engine could support GDPR, ISO 27001, and other standards because much of the underlying security work overlaps.
-
The market has rewarded platform breadth. Vanta was estimated at $220M ARR in July 2025, versus Drata at $98M as of January 2025, and both have expanded beyond a single certification into broader trust, vendor risk, and security workflows. The control graph becomes the asset, not the badge itself.
This pushes compliance software toward becoming the system of record for security proof. As frameworks keep multiplying, the advantage will shift to platforms that can absorb new rules quickly, reuse the same evidence everywhere, and stay useful between audits through continuous monitoring, questionnaires, and trust workflows.