Announcing Customer Success, New Platform Capabilities to Enable Safe Use of LLMs and Data Lakes + RSA Highlights. Read Both Announcements.


Gartner® Innovation Insight: Data Security Posture Management
The Normalyze Platform
Supported Environments
Platform Benefits

Reduce Data Access Risks

Enforce Data Governance
Eliminate Abandoned Data

Secure PaaS Data

Enable Use of AI

DSPM for Snowflake




DSPM-chat-Richard Stiennon-Ravi-Ithal-Normalyze
Improve Cloud Security:
Dark Reading Interviews Ravi Ithal


CYBER 60: The fastest-growing startups in cybersecurity


We help enterprises protect the data they care about… wherever it is.

As enterprises embrace generative AI, multi-cloud, PaaS environments, continuous software development and microservices, data becomes more dynamic and dispersed. At the same time, regulatory pressures increase, making data compliance nearly impossible.

Normalyze tackles these issues head-on. Our patented One-Pass Scanner™ discovers and classifies sensitive and valuable data across all platforms. That includes everything needed to be discovered and understood surrounding the data including applications, infrastructure, configurations, vulnerabilities, along with identities and permissions associated with access.

Through patented AI-driven Data Access Graphs™ and Data Risk Navigator™ visualizations, security and data teams assess and prioritize risks based on the value of the data and likelihood of misuse, loss or breach.

Then, they use actionable insights and comprehensive recommendations to remediate and prevent issues before they happen. Remediation can be streamlined through service management platforms or direct alerts for immediate action, safeguarding access points.

We’re redefining the cybersecurity space with a clear focus: to unify security and data teams around a common goal — securing the data they care about. We’re breaking down the traditional silos that have long kept these groups apart.

Our technology is sophisticated yet user-friendly, eliminating the need for deep data science skills. This ease of use empowers teams to place data security at the heart of their strategies, aligning with the core of information security. Normalyze’s culture mirrors our tech — global, diverse and transparent, fostering innovation through collaboration.

We pride ourselves on our rapid time to value, with our ability to deploy in even the most complex environments within hours, rapidly pinpointing and addressing risk areas to safeguard the organization’s most critical assets.

About Us

Data is at the center of everything we do. The rise of cloud computing has increased the data attack surface. Generative AI has increased the usability of data. Modern development pipelines push out data continuously. Infrastructure-as-code and microservices add complexity to data access.

About Us - Normalyze

Why Normalyze, and why now?

We are often asked why we founded Normalyze. That’s an interesting and straightforward story. When Ravi was looking for the next problem to solve after Netskope, a company he helped found after nearly six years as a founding engineer at Palo Alto Networks, he started speaking with working CISOs and questioned them about their most pressing challenges and what concerns keep them up at night. Three themes continually arose: data governance, data access and authorization, and cloud data security. The reality is unmistakable. Data security is growing more challenging over time, not less.

Ravi continued his discussions with CISOs, and eventually potential investors about developing a cloud data security platform that would connect to enterprise cloud accounts and provide a comprehensive view of all an organization’s data stores, and then prioritize the value of that data, detail who has access to that data, the associated system vulnerabilities surrounding that data, and more. Unsurprisingly, that idea resonated very well with both investors and CISOs.

It was during this time Amer and Ravi were introduced. Like Ravi, Amer has decades of experience in enterprise information security, most notably 17 years at Qualys, one of the first security companies to deliver their software as a service, as chief marketing officer, VP of corporate development and strategic alliances, and chief commercial officer. The two of us hit it off immediately. Professionally, we are very complementary, as Amer is an expert in enterprise security products and outbound communication, and Ravi’s focus is product development and inbound communications. Our partnership, and friendship, grew over time and across multiple meetings.

We continued to meet with customers and refine how to solve the cloud data security challenge. Soon, we decided to combine forces to address this data security challenge and solve it at scale. And we didn’t just want to solve this problem, we wanted to do so in a way that made our ultimate solution as ubiquitously available as possible.

We’re also building a company based on exceptional culture and values. That includes bringing these exceptional data security capabilities to as many organizations as possible. Traditionally, many security companies focus their efforts toward either the mid-market or the enterprise, but not both. Normalyze has an opportunity to help improve security for both mid and large companies. This is because, too often, smaller companies have not had access to best-of-breed technologies, and as their organizations grow, they grow out of them. We are trying to make cloud data security accessible to everyone. One also doesn’t have to be a data scientist to get immediate value from Normalyze.

Finally, we are not only building an exceptional technology that will bring cloud data security back to the center of information security again, but we are also building a great company with an exceptional culture that is global, diverse, remote, transparent, and decidedly collaborative. And we are already working with major enterprises. We have openings for those who seek a great opportunity and have a passion for changing the information security status quo. Please feel free to visit the website and apply. Securing the data has long been one of the biggest challenges with security, and thanks to Normalyze, it doesn’t have to stay that way. We believe we are building something special for our customers and our employees. And we believe in this mission to place data security at the center of cybersecurity, where it has always belonged.

Amer Deeba and Ravi Ithal, Normalyze founders

The Normalyze Team

Normalyze: placing data at the center of information security

While data is central to information security, the rise of cloud computing has also brought more complexity and increased the enterprise attack surface. Thanks to the cloud, enterprises can do more complex things with technology, but cloud computing has also increased the size and complexity of the enterprise attack surface. Enterprise software development pipelines are continuous now, and microservices make it easy for data to move and change in the blink of an eye. This is fine if those data sources are under the purview of security. After all, CISOs are still responsible for securing their enterprise’s data; they need to know where the data resides.

In addition to the proliferation of enterprise clouds and the data they store, the amount of enterprise data is also increasing because AI/ML systems have a deep thirst for data. And because of digital transformation, AI/ML workloads are increasing dramatically. These workloads typically involve data copied from production and transferred to another cloud. All this cloud and AI/ML-driven data sprawl means it will become increasingly more challenging for security teams to discover, classify, and protect their data.

This is the set of challenges Normalyze solves. Normalyze first identifies the organization’s cloud systems and then discovers the most sensitive structured and unstructured data within those systems. Normalyze determines who has access to that data and their level of access. Normalyze also discovers the microservices in use and identifies their vulnerabilities and misconfigurations that place data at risk. With Normalyze, security teams, CISOs, GRC professionals, and DevOps teams can view their entire cloud infrastructure. They can see in one concise place where their most essential data reside and prioritize securing that data based on risk. This way, enterprises always know that their most important data is secured.

Normalyze then brings together all this data security into a comprehensive graph that connects every factor necessary to identify enterprise cloud data, correlate risks, and provide the information necessary for prioritized remediation. Remediation efforts can be dispatched to a service management platform, or other automated measures can be taken. Specific groups or individuals can be alerted to remedy the vulnerability, or steps can be taken to remove access.

Our Investors

Arif Janmohamed

Arif Janmohamed


“Data proliferation has become a real problem as enterprises continue to move workloads to the Cloud, leaving security teams scrambling to figure out ways to manage and secure sensitive data. It’s a massive market opportunity. Normalyze solves this problem at scale by providing precise visibility to security teams on sensitive data and surrounding attack paths across all cloud environments. Ravi and Amer and the Normalyze team have made impressive traction since we led their seed round, and Lightspeed is excited to deepen our partnership and double down on their Series A.”

Dharmesh Thakker

Dharmesh Thakker


“Securing data across multiple cloud environments has become a critical pillar of companies’ security programs today. Normalyze has built a powerful platform that gives DevOps specialists, security engineers and CISOs better visibility into their ‘data sprawl’; the links between infrastructure, applications and users; and the automation to detect and fix security issues in real time. We’re excited to partner with the company’s top-notch executives, some of whom honed their skills at companies like Netskope and Qualys, to finally bring a data-centric view to cloud security.”