Hidden costs often come in highly sought-after federal software contracts. Achieving security compliance with government SaaS, known as FedRamp, can take years and require substantial resources.
According to Irina Denisenko, CEO of Knox, this certification usually takes up to three years to achieve it, and it costs over $3 million, covering everything from security operations engineer salaries to security audits.
Denisenko (pictured above, second from right) launched Knox, the federal government’s managed cloud provider last year. Last year, there will be a mission to help software vendors speed up this security authentication process in just three months, and the cost to do it yourself.
On Thursday, Knox said it raised a $6.5 million seed round led by Felicys, and joined by Ridgeline and FirsthandVC.
Denisenko decided to embark on this journey after first-hand learning the challenge of obtaining a FedRamp. Class, an education startup that served as COO, had secured a contract to sell the software to the US Air Force. And instead of spending millions of people waiting three years, Denisenko helped buy Coso Cloud, where Class.com was already Fedramp certified and managed Adobe’s Federal Cloud.
The acquisition helped the class get FedRamp certified in just six months. If Denisenko told TechCrunch, “The class is still getting FedRamp today,” he said if he tried to obtain clearance on his own.
And when it became clear late last year that the spread of AI agents was becoming a national security concern, Denissenko decided to spin out its managed cloud solution to standalone startup Knox.
Companies that can offer FedRamp certification include large software vendors such as CrowdStrike, Palo Alto Networks, and Salesforce. And as the government adopts more and more software, she hopes Knox will make SaaS vendors more and more accessible to government contracts.
Named after Kentucky’s huge gold storage fort, Knox essentially offers a compliance management platform through a managed cloud that allows customers to connect to their codebase. The company’s software performs an ongoing series of tests and audits to identify where the customer’s infrastructure, code, and security controls are not meeting FedRamp standards, fix those issues themselves or flag them. It also offers several non-software tools for tracking and verifying policies such as HR training and vendor management.
“Things like this are justly very hard and very dangerous,” she said. “We take risks.”
Knox is already handling the security and compliance of Adobe, classes, Spacelift, and LLM providers. “We end the year with dozens of customers living in the cloud and still north,” Dennisenko said.
FedRamp Authorization Management may seem like a niche offering, but Knox has one large competitor, Palantir.
The Palantir offering, called Fedstart, was introduced just two years ago, and ever since, the huge data analytics platform has brought things like humanity and Windsurf as clients.
For Denissenko, Palantia’s early success with Fedramp only examines Knox’s mission.
“Even anthropology couldn’t understand this for myself,” she said.
Source link
