Securing the Data Cloud: Our Investment in Normalyze, and Why Data Security is the Missing Link in Cloud Security

Normalyze
June 28, 2022
Earlier this year we penned our thesis on the cloud-native security stack. Core to our outlook is the idea that security is undergoing a massive transition in which security software is evolving from individual, point products into full-fledged security platforms that map to the broader software-development process. Fundamentally, software development consists of infrastructure, applications, people and data. We believe security software will ultimately be governed by these same four mega categories: infrastructure, identity, applications and data.

The shift to the cloud is upending the compute model from one that is resource/application-centric to one that is data-centric. Cloud platforms like AWS, Azure and Google have abstracted away the need to manage databases, compute resources and networks for where applications run. Similarly, managed datastores like Snowflake, Databricks* and MongoDB have unleashed the ability for enterprises to operationalize data in applications or for internal use cases. The adoption of public cloud services has surged over the past few years, with spending on public cloud infrastructure at $143 billion growing 41% Y/Y, according to Gartner. As such, the need to secure data across heterogeneous environments is becoming a critical pillar of security programs as data becomes the core differentiating resource among enterprises.

The shift to the cloud is upending the compute model from one that is resource/application-centric to one that is data-centric. Cloud platforms like AWS, Azure and Google have abstracted away the need to manage databases, compute resources and networks for where applications run. Similarly, managed datastores like Snowflake, Databricks* and MongoDB have unleashed the ability for enterprises to operationalize data in applications or for internal use cases. The adoption of public cloud services has surged over the past few years, with spending on public cloud infrastructure at $143 billion growing 41% Y/Y, according to Gartner. As such, the need to secure data across heterogeneous environments is becoming a critical pillar of security programs as data becomes the core differentiating resource among enterprises.

This increase in adoption of cloud infrastructure has led to a drastic increase in data-asset volumes and a loss in visibility and control into where data is stored in the cloud. Developers, business users and DevOps professionals can self-provision cloud services and easily spin up new datastores, or copy existing databases, and utilize them for a wide array of business use cases in test and production environments. But this leaves security and data teams without an ability to keep an updated inventory list of an organization’s data assets and can lead to failure to enforce adequate security policies and controls. While an explosion of data volume and variety has resulted in organizations becoming more data driven, a growing number of high-profile data breaches and the emergence of complex government regulations, such as GDPR and CCPA, have made data security a top priority for organizations that operate in multi-cloud environments. A recent survey from IDC found that 98% of organizations they queried reported at least one cloud data breach in the past 18 months. Deleting personal or sensitive data and enforcing data-loss prevention (DLP) policies simply does not cut it anymore. Enterprises need a holistic view of their data assets across cloud resources (where data resides); users/identities (what data people are accessing); and apps (where data is running). From here, they need the flexibility to take action on these findings given the context of data usage.

Enter Normalyze*

Founded in December 2020 by Ravi Ithal, co-founder and chief architect at Netskope, and Amer Deeba, a long-time executive at Qualys and Moogsoft with deep roots in scaling high-velocity, go-to-market teams, Normalyze is an agentless cloud data-security platform. The product gives users a full picture of their data stores, applications, identities, infrastructure, and how they are all connected. Core to the platform are its discovery and classification, detection, and remediation capabilities, which give DevOps and security engineers visibility into their data sprawl, the relationships between their infrastructure, applications, and users, and the automation capability to detect and remediate issues in real-time. By tying together these assets in a graph-powered platform, Normalyze is able to uniquely categorize risk based on relationships and allow DevSecOps teams to traverse attack paths to sensitive information.

Since its inception the company has assembled a team of 20+ engineers across the U.S. and India, and its product is already being deeply used by customers in production. Normalyze’s time-to-value is an important driver of its rapid adoption over the past several months, and we believe the team has built the only data-security platform that has been architected to meet the needs of individual practitioners and teams alike.

At Battery, we get excited when founders and entrepreneurs approach complex problems with first-principles thinking, simplicity and clarity. Amer, Ravi and the rest of the Normalyze team bring a wealth of knowledge from their time spent at Netskope and Qualys and understand how to bring clarity to security’s most complex problem—data.

We have been fortunate to partner with category-defining data platforms like Databricks*, Matillion*, Streamsets*, InfluxData* and Collibra*, as well as security companies like Splunk*, Akamai*, Sumo Logic*, Bionic*, Contrast Security*, Styra* and Bridgecrew*–and now we’re excited to be a part of the journey for Normalyze to redefine data security for the cloud era.

Black Hat Dark Reading Interview Ravi Ithal

Black Hat Dark Reading Interview Ravi Ithal

Dark Reading interviews Normalyze CEO and Co-founder Ravi Ithal, where he unpacks the power of Data Security Posture Management (DSPM) and how it is becoming a go-to tool for organizations with data across hybrid cloud deployments and on-premises environments. He also dives into risk prioritization’s pivotal role in DSPM and its seamless fit with cloud security.

Normalyze

Normalyze is a pioneering provider of cloud data security solutions helping customers secure their data, applications, identities, and infrastructure across public clouds. With Normalyze, organizations can discover and visualize their cloud data attack surface within minutes and get real-time visibility and control into their security posture, including access, configurations, and sensitive data to secure cloud infrastructures at scale.

FEATURED

Gartner® Innovation Insight: Data Security Posture Management

FEATURED

DSPM-chat-Richard Stiennon-Ravi-Ithal-Normalyze
Improve Cloud Security: Dark Reading Interviews Ravi Ithal