The move to the cloud, accelerated by the pandemic, continues unabated. By 2025, Gartner estimates that over 95% of new digital workloads will be deployed on cloud-native platforms, up from 30% in 2021. The motivation is convenience partly — cloud platforms can be accessed from anywhere, ideal for the remote or hybrid workforce. But it’s not all sunshine and rainbows. The cloud also widens exposure to the threat of data breaches.
There’s real anxiety. According to a recent Statista survey, data loss and leakage in the public cloud are among companies’ top concerns where it concerns their tech stack. Meanwhile, a whopping 93% of organizations are worried about human error causing the accidental exposure of their public cloud data.
One of the startups attempting to tackle the cloud’s security challenges is Sentra, which finds data in the cloud, classifies it according to sensitivity and then offers remediation plans for data security teams. Underlining the enthusiasm for cloud security, Sentra today closed a $30 million Series A round led by Standard Investments with participation from Munich Re Ventures, Moore Strategic Ventures, Xerox Ventures, INT3, Bessemer Venture Partners and Zeev Ventures — bringing its total raised to $53 million.
CEO and co-founder Yoav Regev says that the new cash will be put toward product development and expanding Sentra’s footprint beyond the U.S., where it’s headquartered.
“The promises of flexibility make the cloud one of the most amazing technological advancements in recent memory. However, this flexibility means that organizations can easily lose control and visibility of their most sensitive information,” Regev told TechCrunch in an email interview. “Our solution solves this problem by ensuring that organizations prioritize the protection of this sensitive information while keeping up with business demand and the speed of data in the cloud.”
After connecting to an organization’s cloud environments, Sentra’s software attempts to find all sensitive data — including personally identifiable information and passwords — and understand who has access to it and how it’s being used. Leveraging algorithms as well as contextual data like access patterns and metadata, Sentra automatically detects when data’s duplicated, changed or moved across regions or networks and kicks off remediation steps if necessary.
Security teams get data access graphs that show who has access to what data and how, exactly, that access was granted.
By default, Sentra also attempts to label data assets containing proprietary data including customer data, HR data and intellectual property. When it detects assets with a weak security posture (e.g. misconfigurations and compliance violations), Sentra can optionally send alerts or apply built-in data security policies.
“When an organization doesn’t know where its sensitive data is kept and how well that data is protected, it can be easy to imagine any scenario in which the system is breached. As a result, they try to protect any and all data, without paying attention to the level of importance,” Regev said. “In short, not every data breach has to be a showstopper for the business. Knowing and securing your most sensitive data at any time will provide business continuity in case of a breach.”
Sentra — which was co-founded by Regev, Asaf Kochan, Ron Reiter and Yair Cohen, all former members of the Israel Defense Forces’ elite intelligence unit — mainly targets cloud-native, medium- to large-sized organizations that have a large amount of data, ranging in the multiple petabytes. Regev didn’t say how many customers the company currently has, nor volunteer revenue figures. But he said that Sentra plans to expand its 40-person workforce by “a couple dozen” by the end of the year, indicating some optimism around growth.
Sentra’s challenge will be competing with startups that offer a similar array of services. Securiti, like Sentra, provides a layer of data protection whenever the data lives, including governance and access controls. There’s also Dig, which recently raised $37 million for its platform that assesses cloud data and then provides real-time monitoring, and Laminar, which monitors for data leakages in the cloud and attempts to fix them.
But Regev isn’t worried. At least not at present.
“Since our inception, we have prioritized operational efficiency and have remained focused on growing in a healthy, methodical way that allows us to meet the needs of current customers, as well as our prospects,” Regev said. “Meanwhile, the ever-accelerating shift of data centers to the cloud means that solutions like ours will continue to be in high demand even in the face of an economic downturn or slowdown in tech. Even in times like these, protecting organizational data will remain a top priority for business leaders and their customers.”