\n<\/p>\n
While highly sought after, federal software contracts frequently come with a hidden cost: Achieving government SaaS security compliance, known as FedRAMP, can take years and require substantial resources.<\/p>\n
Achieving this certification typically takes up to three years and costs more than $3 million, covering everything from security operations engineer salaries to security audits, according to Irina Denisenko, CEO of Knox.<\/p>\n
Denisenko (pictured above, second from left) launched Knox, a federal managed cloud provider, last year with a mission to help software vendors speed through this security authorization process in just three months, and at a fraction of what it would cost to do it on their own.<\/p>\n
On Thursday, Knox said it has raised a $6.5 million seed round led by Felicis, with participation from Ridgeline and FirsthandVC.<\/p>\n
Denisenko decided to embark on this journey after she learned first-hand the challenges of obtaining FedRAMP. Class, an education startup where she served as COO, had secured a contract to sell its software to the U.S. Air Force. And instead of waiting three years and spending millions, Denisenko helped Class.com buy CoSo Cloud<\/a>, a company that was already FedRAMP certified and was managing Adobe\u2019s federal cloud.<\/p>\n The acquisition helped Class receive FedRAMP certification in just six months. \u201cClass would still be getting FedRAMP today\u201d if it had tried to obtain the clearance on its own, Denisenko told TechCrunch.<\/p>\n And late last year, when it became clear that the proliferation of AI agents was becoming a national security concern, Denisenko decided to spin out the managed cloud solution into a standalone startup, Knox.<\/p>\n Companies that can afford FedRAMP certificaiton include large software vendors like CrowdStrike, Palo Alto Networks, and Salesforce, Denisenko told TechCrunch. And as the government increasingly adopts more software, she hopes Knox can help SaaS vendors gain FedRAMP to access government contracts more easily.<\/p>\n Knox, named after a giant gold storage fort in Kentucky, monitors applications for all software updates, and tries to remedy issues if any changes are out of compliance.<\/p>\n \u201cThis stuff is legitimately very hard and very risky,\u201d she said. \u201cWe will bear the risk.\u201d<\/p>\n Knox is already handling security and compliance for Adobe, Class, Spacelift, and an LLM provider. \u201cWe\u2019ll end the year with well north of a dozen customers live in the cloud,\u201d Denisenko said.<\/p>\n While FedRAMP authorization management may seem like a niche offering, Knox has one large competitor: Palantir.<\/p>\n