Cloud security company Bitglass closed a $70 million Series D funding round bringing its total haul to $150 million. New investor Quadrille Capital and existing investors Future Fund, New Enterprise Associates (NEA), Norwest, and Singtel Innov8 participated.
Bitglass CEO Nat Kausik said the new capital will be used to add more engineers and expand distribution of its cloud access security broker (CASB) product. He also sees an initial public offering (IPO) in the 6-year-old startup’s future, but said that it’s still two or three years out.
“The market is certainly supportive of [an IPO],” he said. “The traditional hardware firewall is giving way to the CASB — a SaaS firewall for the cloud.”
CASBs are becoming an increasingly important tool in any company’s cloud security arsenal, with Gartner forecasting that by 2022, 60% of large enterprises will use a CASB to govern some cloud services, up from less than 20% today.
The technology secures an enterprise’s data running on someone else’s infrastructure by enforcing that enterprise’s security policy in the cloud. It’s important because there’s a shared responsibility model when it comes to cloud security: vendors like Amazon Web Services and Google are responsible for protecting their public cloud infrastructure, but the enterprise is responsible for protecting its workloads running on those servers.
Gartner’s most recent Magic Quadrant for Cloud Access Security Brokers named Bitglass a “leader” in the sector, along with McAfee, Netskope, and Symantec. McAfee and Symantec both acquired their CASB technology: McAfee bought Skyhigh Networks in late 2017, and Symantec purchased Blue Coat Systems for $4.65 billion a year prior. Also in 2016 Cisco agreed to pay $293 million for Cloudlock, another CASB.
Automated Cloud Security
Kausik said these first-generation CASBs don’t provide the automated security that Bitglass does. In addition to protecting cloud services, Bitglass also partners with endpoint security vendor Cylance to protect bring your own device (BYOD) mobile devices. Its CASB uses machine learning to automate shadow IT discovery, and its shadow IT index includes more than 100,000 apps.
“All the CASBs that have been acquired provide after-breach alerts, and not surprisingly their sales have pretty much collapsed after they were acquired,” Kausik said. “Customers can only handle so many alerts. What they really want it automated security. Ninety-nine percent of our customers deploy our product inline for real-time security, so we are able to command much higher prices and provide much better security to the customers.” He won’t comment on Bitglass’ valuation.
Bitglass plans to make its product more automated and easier to use, Kausik said. “One example is the notion of a stateful CASB,” he added, comparing this to a stateful firewall. Older stateful firewalls don’t keep track of packet context, while stateless firewalls watch network traffic and can restrict or block packets based on source and destination addresses.
“CASB is going through the same evolution and this technology is going stateful, making it a lot easier to use,” he said. “That’s to come.”