In 2022, the amount of corporate data stored in the cloud (versus on-premise servers) reached 60%, a signal of how the world of enterprise IT is evolving. But lest you think that cloud=modern=more efficient, when it comes to security, the picture is more complicated: multiple silos mean multiple challenges to visibility, creating security vulnerabilities and resulting in half of all data breaches last year happening in the cloud, according to IBM.
Now a startup called Dig Security, which is building security tools specifically to address that complexity, has raised investment that speaks to the demand it's seeing.
The company -- which assesses and then provides real-time monitoring for clients' data assets sitting in multi-cloud-based environments -- has raised $34 million, a Series A investment that it's going to be using to continue expanding its platform.
The startup's focus today, said Dan Benjamin, CEO and co-founder, is on data in public rather than private clouds. It integrates with all of the major providers -- Azure, AWS, Google Cloud -- as well as big names in data warehousing like Snowflake and Databricks, and the services that it provides include data security posture management (DSPM), data loss prevention (DLP) and data detection and response (DDR).
The investment is being led by SignalFire, with Felicis Ventures, Okta Ventures and previous backer, cybersecurity-specialist incubator and investor Team8, also participating. Dig emerged from stealth and announced its $11 million seed round only in May of this year. The reason for the rapid follow-up is that the seed round had actually closed (and been used) some time before it was actually announced, said Benjamin; and because the emergence from stealth found the company getting a lot of inbound contacts from customers and investors.
Okta Ventures, the strategic investment arm of the identity and access management giant, falls into both of those categories: Dig has a strong integration with Okta's sign-in management products to both monitor potentially malicious activity and also to help set up stronger protections to head off bad actors before they take hold.
Dig's founders -- Benjamin, Ido Azran (VP of R&D) and Gad Akuka CTO) -- are repeat founders who have track records at companies like Microsoft, Google, Mimecast, SAP and more, and as Benjamin explained it, there is a strong argument for a big third-party player to provide security services for cloud data, simply because it's grown up to be a huge, but very fragmented market with no proprietary 'owner': because of the prevalence of micro services, organizations rarely use only one service like AWS or Azure; and data is run over multiple instances.
"A typical organization has 30 different types of data stores across tens of thousands of instances," Benjamin said. Even a smaller organization might have 10 different types of data stores.
This means that while a cloud company might develop strong cloud security product, we are still some ways away from those products working effectively across data regardless of where it is.
I should also point out that Benjamin also predicted that approach would likely change over time: he worked in corporate development at Microsoft and knows that the appetite among big players like these will be to see how cloud data security companies -- like Dig -- will evolve over the coming years and potentially snap one up to bolt on that kind of functionality.
For now, however, companies like Dig have a clear opportunity to make some traction in the market.
“Dig is uniquely positioned to help make DDR the standard for data security,” said Nir Polak, venture partner at SignalFire, who himself has a strong cyber profile as the founder and chairman of Exabeam. “The rise of remote work and the increasingly high stakes of cloud attacks require real-time data security capabilities -- too many organizations remain exposed to the risks that lurk behind the public cloud. SignalFire is thrilled to support Dig as the only vendor in the cloud data security market that provides real-time data protection across any cloud and any data store.”
It is not the only player here: a number of others are also moving in on the opportunity to provide more holistic security approaches to bridge the fragmentation of most enterprise environments. Others that have raised big funds include Laminar, HYCU, vArmour and JupiterOne. Bigger tech companies that are making acquisitions to bring more multi-cloud management and security capabilities into their platforms include Google acquiring Siemplify, and F5 buying NGINX.