Roadie is a fully hosted and managed version of Spotify’s Backstage, managing deployments and security to help engineers get the best out of Backstage. Learn more at roadie.io.
“Because of the size of our team and our early stage, it was obvious that an automated platform was the way to go. I looked at all of them, and Secureframe completely stood out. Their team’s attitude was outstanding – they clearly had expertise and they were willing to answer a lot of questions to make sure that we were very comfortable with the process.”
Orla Tuite, Chief of Staff, Roadie
Secureframe supported Roadie with:
Jump To
Roadie, a developer portal startup, had essential security practices in place, but they needed to formalize their process to achieve SOC 2 compliance. Orla Tuite, Roadie’s Chief of Staff, says this was critical for the startup to close new customers.
“As part of the sales process, customers ask us to demonstrate compliance,” says Tuite. “While we always practiced strong security, we needed to standardize existing processes, run an audit, and ultimately provide evidence-based SOC 2. That would speed up the sales process.”
Tuite had led SOC 2 Type I and Type II compliance at a previous company and wasn’t satisfied with that experience.
“We did this with one of the big four firms, and it was painful. Their processes were outdated. It took forever – a year and a half. They didn't have any awareness of how a startup works differently from a very large company.”
She knew that it wouldn’t make sense to have Roadie’s team of engineers supporting a protracted compliance process, so she began researching different compliance solutions.
“Because of the size of our team and our early stage, it was obvious that an automated platform was the way to go. I looked at all of them, and Secureframe completely stood out. Their team’s attitude was outstanding – they clearly had expertise and they were willing to answer a lot of questions to make sure that we were very comfortable with the process.”
During onboarding with Secureframe, Tuite quickly felt set up for success.
“There was reference material for everything that we needed, and their team preempted a lot of questions. It made you feel like there was a structure. It was clear they had done this before.”
Because Roadie is based in Europe, Tuite had some concerns that customer service and cross-team communication might be rocky, but those were quickly put to rest.
“Every time we asked a question we came into an answer the next day, and that allowed us to be totally unblocked and do the work, as opposed to waiting around,” says Tuite. “I genuinely appreciate that level of expert support.”
On the tech side, Roadie found that Secureframe worked easily with their AWS setup.
“All of our security practices and auto practices are done in AWS, and Secureframe works really well for that. The audit trail logs they require match up with what we were already doing in AWS. A lot of it was just click and play.”
Roadie utilized much of the Secureframe feature set, including:
“It has, for sure, shortened the sales cycle and reduced the overall lift on the team,” says Tuite. “Based on my past experience, Secureframe itself has sped up the process of getting the audit done by at least a year and four months.”
In addition to time saved, her team now has much stronger knowledge on compliance.
“It has spread compliance awareness throughout the engineering team,” she says. “It allowed the engineers to get on board with compliance and to be part of it.”
Compliance language is complicated, Tuite explains. Translation is often required between compliance and engineering lingo for full understanding.
“Secureframe clears that hurdle for you,” she says. “It brings compliance into the engineering mindset and into their hands. It makes it part of their work and something that they can be proud of and be involved in, which is something I've never seen before. In addition to time saved and being able to speed up the sales cycle, having that sense of ownership among the engineers is just incredible.”
Roadie plans to continue using Secureframe to maintain their SOC 2 compliance.
“There’s literally no reason why you wouldn't go with Secureframe. We just signed our renewal. We're here for another year.”
