Automating Compliance Services into Software
Sam Li and Austin Ogilvie, co-CEOs of Laika, on the compliance-as-a-service business model
This is the core move that turns compliance automation from a tech enabled service into real software. Laika is using service work as training data for product, watching where customers still need an expert, then building workflows, monitors, templates, and auditor tools that remove those manual steps. The result is better margins over time, but more importantly a faster and more repeatable path from startup security setup to finished audit.
-
A big chunk of the manual work is highly structured and therefore automatable. Customers connect AWS, GitHub, JIRA, HR systems, and other apps, then the software pulls evidence, checks controls, flags failures, and maps one control set across multiple frameworks like SOC 2, ISO 27001, and HIPAA.
-
The bottleneck is not just customer setup, it is the audit handoff. Laika built software for external auditors as well, because a company can have every monitor green and still get stuck if the CPA does not trust or reuse the machine collected evidence.
-
The market has split into different mixes of software and labor. Vanta and Secureframe lean toward software plus auditor partnerships, while Thoropass pushes further into integrated services. That makes automation depth a key competitive lever, because every service task turned into product improves speed, consistency, and gross margin.
The next phase is that compliance platforms stop being annual audit prep tools and become daily operating systems for security proof. As more service steps get encoded into product, the winners will be the companies that can carry the same control data into audits, questionnaires, vendor reviews, and new frameworks without adding matching headcount.