One firm’s risk is another firm’s big opportunity, particularly when it comes to data security — a reality well-illustrated by the team at BigID, who has emerged from stealth this week to offer up its SaaS solution for privacy management.
Said simply, BigID doesn’t just want to help its enterprise customers fend off cybercriminals; it wants to help its clients understand cybercriminals better. Or, at least, understand their own systems better and why data risks are inherent in it that might attract hackers. Because, according to Cofounder Dimitri Sirota, no business can defend itself against a mystery.
“The most important assets a company has are the digital identity assets of their customers, and right now, they don’t really have a good system for managing those assets. For understanding where they are, how at risk they are and how they’re getting used. They do for their laptops, they do for their mobile phones, but they don’t for their digital personal information assets — and that’s what we’re solving,” Sirota told TechCrunch.
BigID works by making customer data more visible to enterprise players — where it is stored, when it has been accessed and by whom. Businesses simply need this information at this point — 1) because criminals are often going after it, and 2) because regulators the world over are deciding that, when data is stolen and blame must be handed out, the firm that was breached is often the recipient.
Europe’s incoming general data protection directive, among other things, includes very steep penalties for data breaches going forward, for example.
Plus, even subtracting out the regulatory side, Sirota points out that customers are also increasingly aware of data breaches and the damage they can do long term and are suing businesses for those harms.
And so, BigID’s big idea is to streamline the data field and make sure companies are dialed into the right concern.
“What we found … is that, if you have a particular point of view in how to best interdict that particular activity, 10 other companies will have a differing point of view … [but] what they all have in common is that they just need better understanding and knowledge around what’s at risk and how to best track compliance,” Sirota said.
BigID does not offer a security solution — just a diagnostic tool to point them in the direction of what needs securing.
Sirota called his business a “preventative solution” that trades in offering “visibility into what’s radioactive and what needs attending to” when it comes to customer data holdings.
“It’s not so much that they have to trust us with their data. We’re basically facilitating the people that they already trust, or supposedly trust, to do a better job, to be able to answer questions they have around their information and be able to do that quickly, and we think that’s important.”
“So, for the time being, we’re going after all customers — the need that they all have — to give them a better understanding as to their posture around privacy and personal data protection. And then … they have the option to figure out how to secure it. And what’s good about that for us is it’s a lot easier of a sell.”
So, how exactly does BigID find all that very salable risk?
A combination of things we’ve heard about before — a Big Data mining system with some added algorithmic “secret sauce.”
“We mine primary data sources — i.e., databases — but there’s been technologies that crawl data sources for a number of years. On top of that, we mine secondary data sources, like logs and DMP [data management platforms]. And essentially, we get a perspective on where that information resides. Again, we get other attributes around that information, in terms of how long it’s been there since it’s been last touched, whether it’s in the DMP or not,” he explains.
The system is then designed to generate “three kinds of maps” for its users. The first map is an identity graph, the second is a risk profile and the third is a usage view/activity view around how the data is getting accessed.
“Essentially, we’re a Big Data solution but with a very specificity around personal information,” he adds. “The traditional solutions for [data] discovery have a very high false positive rate. But we’re leveraging the fact that most organizations have one, two, three sources of definitive or authoritative information about you … It could be in a CRM, it could be in a directory, it could be in a relational database, but you start off with something. And so, we leverage that to essentially bootstrap the system.”
“So, we don’t start off with zero knowledge. We start off with some very specific knowledge, and then, we have algorithms to essentially expand, find additional copies of information and expand additional — not just instances but additional attributes. We’re not creating another database of all the personal information,” he says, when asked why its customers should trust BigID to handle their data.
“It’s a toolset that they use. Think of it as a private cloud that they run internal to their own datacenter that gives them better visibility, understanding of risk and compliance.”
Sirota has a long background in digital security. He sold his previous business, Layer 7 Technologies, to CA Technologies. After heading up CA’s head of security strategy for two years, Sirota jumped to building BigID in fall of last year.
And now, BigID has its first round of seed funding — $2.1 million to get its platform to market, with a slated aim of launching in September. Investors in the round include enterprise-focused seed funds Genacast Ventures, BOLDstart Ventures and Deep Fork Capital.
Investment Activity for the week ended May 20
Surprise, surprise: Investment activity held up a bit this past week, with a decent fund flow of more than $650 million. The other surprising thing is that B2B made a bit of a resurgence, relatively speaking, with more than 13 percent of the tally, and that’s the biggest contribution in a long time.
The best way to describe the deals that came through in the week would be: a series of small transactions across FinTech, with a rough average of about $50 million and slightly above. Indian optics player Lenskart grabbed $60 million in Series C financing, and ThoughtSpot gained $50 million, building its war chest to $90 million. And in the case of ThoughtSpot, the consortium was led by lead investor General Catalyst Partners.
Cloud tech service provider Kingsoft Cloud raised $50 million in a Series C round, after having raised $60 million only three months ago. The firm also participated in its own financing round, with China Merchant Securities taking on 34 million shares in the deal. Cloud computing, of course, will remain the focus of the firm going forward.
Year to date, funding has been at a decent $9.1 billion, with the preponderance of activity at the FinTech level, as discussed. See below.