Cloud application security startup Grip Security emerged from stealth today with $6 million in seed funding, underscoring how modern software development and the cloud are becoming increasingly entwined.
The company, started by three Israeli citizens who met while serving in the same military signals intelligence unit, is being backed by investments from YL Ventures and a number of individuals, including CrowdStrike CEO George Kurtz, former Akamai Chief Security Officer Andy Ellis, former Zscaler CISO Michael Sutton and others.
“Grip will not only upend antiquated SaaS security solutions, but they’ll also help enterprises implement much needed automated and granular security for SaaS, the fastest growing segment in information technology,” said YL Ventures partner Ofer Schreiber.
Grip Security’s calling card is software-as-a-service and the software supply chain. The Israeli-based startup, which focuses on mapping out how cloud-based software interacts with other third-party applications and vendors, was formed specifically to help tackle the increasingly urgent security problem of software supply chain compromise.
Their platform is designed to first identify each cloud application, its internal users within an organization and their devices, then map out precisely how that application interacts with other third- party applications. By placing a security layer over top, they monitor what data is being uploaded to each application and downloaded back to individual devices. The company also provides a range of cybersecurity assessment and compliance services for cloud-based software.
CEO Lior Yaari knows a thing or two about the cybersecurity market. As chief technology officer for the venture capital firm YL Ventures, he was responsible for working with early-stage Israeli cybersecurity startups and entrepreneurs and doing technical research on cybersecurity market investment. Like many entrepreneurs, Yaari and his co-founders Idan Fast and Alon Shenkler leveraged their prior jobs and experience to identify a common security problem – securing cloud software and applications – where emerging demand from large enterprises for better tools far outstripped the nascent supply of companies offering them.
For much of the past decade, the main focus of most data loss prevention solutions was to keep sensitive data safe and confined within a network perimeter, a concept that is fast becoming irrelevant in the age of cloud computing. More organizations are now consciously sending that same sensitive data to third-party cloud providers and other vendors, something that can dramatically increase an organization’s risk of compromise, as a seemingly unending string of software supply chain hacks over the past twelve months has amply demonstrated.
“That means that your entire organization’s sensitive information that you used to protect is now split between dozens or hundreds of different supply chain vendors, third parties that your organization is interacting with, which should as I view it change how organizations look at security,” said Yaari. “Instead of securing their own network, they need to understand what vendors they’re using, what is their supply chain, and to be able to monitor what data is going in and out of the organization to those different applications.”
Yaari said the bulk of the $6 million in seed funding will go to further refining their security platform and surrounding services. They’re also staffing up their sales and marketing team as they attempt to break into the U.S. market, and the company plans to open an office in-country sometime in 2021.
In conversations with CEOs, CISOs and other executives, “we heard about the SaaS security problem over and over again,” Yaari said. The trio initially planned to quit their old jobs this month to start the new company, but moved up their timelines significantly, in part because they suspected if they waited longer, another company or companies would rush to fill that market gap first.
“Getting to October, we saw that there’s a big gold rush into the [cloud] cybersecurity market…and we felt like this is an opportunity that we would lose if we would wait an additional two or three months because you have to start as early as you can,” Yaari said.
Correction: This article was updated to properly state George Kurtz's title as CrowdStrike CEO.