Data Security for the Digital Age

We are creating data at an unprecedented scale. By some estimates, we each create nearly 2MB of it per second. In my own life, it’s sobering to accept that every keystroke, screen tap, step, credit card swipe, and even minutes slept, contributes to this figure. While the value of this data to the businesses whose products we rely on at home and at work is hard to overstate, so is the risk of mishandling it.

While this risk is far from new, the form it now takes shape in is. This is best illustrated by the widely publicized Capital One data exposure last year, and the rate of similar incidents is accelerating, such that the misconfiguration of cloud application and infrastructure permissions has become the primary attack surface for the modern enterprise. The cloud has given developers and data scientists the ability to move faster than ever before, and speed is a winning feature. To realize this speed, companies are forced to grant their developers over-privileged access to sensitive data. This data is then copied, moved across different environments, and often forgotten about before it can be secured. This common misstep has become easily exploitable by hackers, who in some cases can discover such exposed data via a simple Google search.

While a new cohort of security solutions has emerged over the past decade to help enterprises extend existing security and compliance paradigms to the cloud, the accelerating rate of data exposure incidents suggests they are falling short of that promise. This is why we have continued to seek out founders who share our view that security in the cloud-first world requires an entirely new paradigm. This paradigm goes against the grain of the network and endpoint-based approaches we have relied on to date, and reframes the problem through the lens of identity and data. In practice, this means shaping security policy around a continuous understanding of your data assets, and which employee, infrastructure, or application identities need to interact with them.

Enter Open Raven. Founded in 2019, Open Raven’s vision is to provide the necessary foundation for the data side of the cloud-first security paradigm. The company’s product automatically detects and illuminates the entirety of an enterprise’s data assets. From there, it applies machine learning to classify and assess their risk, which can ultimately be used to design and enforce security policy around them. Open Raven was founded by Dave Cole and Mark Curphey, two security industry veterans who first worked together over 20 years ago. Since then, Dave led product at both Tenable and Crowdstrike -- two recently public security juggernauts. Mark went on to found OWASP and Sourceclear, which was acquired by CA. What stood out after our first meeting was how clearly the design of this company was informed by their cumulative experience. For example, the observation that security teams are now developer-driven and require more transparency from their vendors motivated them to pursue an open-core strategy. While common in infrastructure, it remains a fairly new and unproven model in security. We hope to change that.

We are proud to announce that Kleiner Perkins has led Open Raven’s Series A, and look forward to working with Dave, Mark and the rest of the team toward building the foundational data security platform for enterprises in the cloud-first world.

- Bucky