Magic is a wallet-as-a-service (WaaS) provider that empowers businesses to instantly create secure Web3 wallets.

Founded in 2018 with the vision to provide a seamless, secure, and user-friendly digital ownership experience for all, Magic is trusted by enterprise customers across the world and created over 30 million wallets.

Magic is the first WaaS provider in the world to achieve SOC 2, ISO 27001, and HIPAA by leveraging the expertise of A-LIGN and the powerful technology of Drata.

The challenge: Adopting best-in-class security practices to demonstrate trust

Magic serves major enterprise clients – such as Mattel, Macy’s, and Forbes – with mature security operations and stringent vendor requirements. Because of their impressive and broad client base, Magic sought to build a strong compliance program that exceeded check-the-box requirements to communicate trust to key stakeholders.

Magic wanted to demonstrate their dedication to security to customers and inspire other companies in Web3to embrace a culture of security and prioritize data protection.

To do this, Magic’s security team sought a thorough and experienced audit partner to help them revamp their processes and expand their compliance attestation portfolio.  

Magic also required compliance automation to improve efficiency during the audit process. The previous solution Magic used lacked features such as risk management modules, policy templates, and a trust center. Instead, Magic’s team had to engage internal leaders to manually and securely pass along SOC 2 reports to stakeholders.

The solution: Leveraging A-LIGN and Drata’s strategic partnership to drive quality & efficiency

Magic initially engaged A-LIGN to complete their SOC 2 report in 2022, and later pursued ISO 27001 and HIPAA in 2023. 

Magic’s Security Compliance Program Manager Brandan Tottle said Magic strives for quality in all their evidence and internal processes, coinciding with A-LIGN’s very own mission to deliver a world-class audit experience. 

Even before joining Magic, Brandan had a strong relationship with A-LIGN and appreciated the audit team’s extensive experience and security compliance expertise, resulting in a smooth but thorough audit process.

Brandan said his team constantly felt supported by the A-LIGN auditors. Whenever the Magic team messaged A-LIGN auditors with a time-sensitive request, they always received a quick response that delivered expert guidance and remedied their situation.

To fulfill their compliance automation platform needs, Magic leveraged A-LIGN’s GRC software alliance member, Drata. Through A-LIGN’s strategic alliance with Drata, Magic secured premier pricing and enhanced cost-effectiveness.

Magic was able to facilitate collaboration by providing A-LIGN access to their Drata environment, allowing the A-LIGN audit team to easily navigate through controls and pull evidence as needed. This integration streamlined the auditing process and enhanced efficiency, enabling Magic to complete compliance audits five times faster and with more confidence.

The team also found major value in Drata’s Trust Center as it eliminated the prior challenge of sharing reports with potential clients and key stakeholders. Now, the Magic team can easily share their compliance reports to demonstrate trust with the click of a button.

After celebrating zero findings across all compliance frameworks in 2024, Magic remains dedicated to maintaining and enhancing their security compliance program to ensure the highest standards of data protection.

About Magic Labs

Magic enables developers to realize the extraordinary benefits of Web3 without the stress. Magic offers the industry’s most popular and battle-tested Wallet-as-a-Service, plus a range of essential NFT capabilities.

With more than 30 million wallets created, Magic is embraced by over 170,000 developers and brands like Mattel, Macy’s, Forbes, Immutable and WalletConnect.

About Drata

Drata is the world’s most advanced security and compliance automation platform with the mission to build trust across the cloud. With Drata, thousands of companies streamline over 20 compliance frameworks—such as SOC 2, ISO 27001, GDPR, and more—through continuous, automated control monitoring and evidence collection, resulting in a strong security posture, lower costs, and less time spent preparing for annual audits. The company is backed by ICONIQ Growth, Notable Capital, Alkeon Capital, Salesforce Ventures, Cowboy Ventures, S Ventures, Leaders Fund, Okta Ventures, SVCI, SV Angel, Intuit Ventures, and many key industry leaders. For more information, visit www.drata.com.