Anitian, a Portland, Oregon-based cloud security and compliance company, today announced that it has raised $11 million in series A funding from ForgePoint, bringing the company’s total venture capital raised to $11.8, according to Crunchbase.

“We are ecstatic to partner with Forgepoint Capital,” said Anitian CEO Andrew Plato in a statement. “ForgePoint will help expand our offerings and capacity to serve the pent-up demand … across private and public organizations.”

Anitian’s automated platform for Amazon Web Services deployments — Sherlock — is built with controls and configurations for a range of regulatory frameworks, including (but not limited to) PCI-DSS, ISO, HIPAA, ISO 27001, NYDFS, SOC 2, GDPR, and FedRAMP. It’s fully virtualized and automatically deploys in the cloud, and it uses decoy systems, machine learning algorithms, and other techniques to continuously scan “trillions” of security, app, network, and behavioral records for signs of noncompliance and compromise. Moreover, it includes documentation, built-in compliance guard rails, security controls for platforms such as TrendMicro Deep Security and Barracuda WAF, and connectors that integrate with most existing DevOps CI/CD pipelines.

“[Anitian] has taken a classic professional service engagement and automated it into a technology product that drives a substantial ROI for enterprise customers,” said ForgePoint Capital’s Sean Cunningham. “The ability to deliver customers a compliance technology in the cloud, combined with the capability of effectively managing these compliance deployments with MDR, is a game changer.”

Plato asserts that building complaint cloud environments — work that has traditionally fallen to in-house DevOps teams — is not only time-consuming, but “capital inefficient.” He has a point: According to a recent PricewaterhouseCoopers survey, 28 percent of executives say they see skills shortage as a barrier to using compliance management tech. Another survey — this one conducted by research firm TrustArc — found that ahead of the European Union’s General Data Protection Regulation (GDPR) deadline last year, about 25 percent of companies said they planned to spend upwards of $1 million on compliance.

Then there’s the fact that compliance tends to be complex. FedRAMP High has more than 400 requirements, for example.

Plato claims that Sherlock can slash the time it takes to make cloud and on-premises networks compliant. He points to one Anitian customer, Smartsheet, which used it to align internal workflows with FeedRAMP in less than two months.

“The biggest draw of Sherlock was its turnkey nature,” said Smartsheet’s vice president of security risk and compliance, Ignacio Martinez. “Given FedRAMP’s onerous documentation and audit requirements, the prebuilt, prehardened, and preconfigured solution was highly appealing. We evaluated the standard routes of pro-services and building with templates, in addition to the time and cost of implementation. We realized significant time and cost savings partnering with Anitian.”