ShardSecure on Wednesday announced an $11 million Series A funding round that will help it promote its Microshard technology, which makes sensitive data unintelligible to bad threat actors that break into a network.

First introduced in 2020, Microsharding was built as a three-step process that shreds, mixes and distributes data, rendering it of no value to attackers, thus drastically mitigating the risk of data compromise.

“Data is a critical asset for every modern enterprise, particularly with the acceleration of cloud adoption,” said Kyle Kappel, U.S. leader of cyber security at KPMG LLP, one of ShardSecure’s investors. “ShardSecure’s technology is an innovative solution to secure and protect data, offering a valuable extra layer of defense, while enhancing performance and usability.”

Frank Dickson, who covers security and trust at IDC, said ShardSecure takes an interesting approach, addressing market needs while being unencumbered by traditional market definitions. Dickson added that digital transformation has pushed out data outside of the network into IaaS, PaaS and SaaS environments. 

“That data gets accessed by employees outside of the network perimeter,” Dickson said. “Frankly, we lose control of our data. One only has to look at the number of data discovery and classification solutions to validate this. ShardSecure essentially makes the data inaccessible should it go somewhere that’s not controlled and/or safe — which it most certainly will. Cyber miscreants will not only access our data, but they will also take control with encryption or damage the data systematically so that data is unusable. ShardSecure adds the ability to recover data to its data obfuscation offering so that data protection is an integrated offering, solving the data security problem with a comprehensive solution.”

Jack Poller, a senior analyst at the Enterprise Strategy Group, added that organizations are storing more and more sensitive data in the cloud.

In fact, Poller said ESG research shows that the amount of sensitive data in public clouds will double in the next two years. Unfortunately, nearly one-third of organizations admit they’ve experienced a loss of cloud resident data, and another one-third believe they’ve lost data, but don’t know for certain, said Poller.

“Thus, protecting sensitive data from unauthorized access is paramount,” Poller said. “And that’s where ShardSecure comes in with data obfuscation. Unauthorized users — employees or attackers — who exfiltrate data will be left with a pile of unintelligible, worthless data because the Microshard technology puts all the bits in a blender that only ShardSecure can un-blend and make useable. Data obfuscation is the last line of a defense-in-depth strategy, and can protect the organization’s sensitive assets when all other security controls have been overcome.”

Mohit Tiwari, co-founder and CEO at Symmetry Systems, said the cloud has enabled a new class of defenses that start with the data: security as "data care" — tools that protect data even when applications and cloud providers are hacked or identities are phished.

“Leading organizations are already starting to map out what data they have and how to best protect it in their cloud — grounding risk and compliance programs around crown-jewel IP and customer data,” Tiwari said. “In 10 years, security budgets will have been fully restructured to be data- and identity-centric, with applications and networks just following what the data needs.”