Orca Security announced a whopping $210 million Series C funding round as the two-year-old cloud security startup claims a $1.2 billion valuation.
The explosive growth has forced a shift in culture and operations that even leadership grapples with at times.
This latest round was led by CapitalG, a private equity firm started by Google parent company Alphabet and Redpoint Ventures, as well as further contributions from existing investors: GGC Capital, ICONIQ Growth and individuals from the Silicon Valley CISO Investments. The new money follows a combined $100 million previously raised by the company in past Series A and B rounds.
In an interview, CEO and cofounder Avi Shua said that Orca went from a small outfit of twenty people all working in the same office to nearly 100 employees around the world in the past year. That much growth that fast can be disruptive to many startup cultures, though Shua insisted the core mission hasn’t changed.
“It’s a continuous thing. There is no specific moment in time to say, ‘now we are a big company and we work like a big company,’ because we want to maintain the [same] advantages as when we started. But of course any process fits only a certain amount of people and customers and changes as you grow,” said Shua.
Orca’s chief product is its security platform and “sidescanning” technology. The patent-pending tech is designed to collect data from cloud-based systems at the block storage level, which it then pairs with cloud configuration metadata pulled from the host cloud provider’s application programming interface to recreate an organization’s IT environment.
It can be used for asset inventory as well as spotting malware, vulnerabilities, security gaps that could facilitate lateral movement, misconfigured buckets and sensitive or exposed password credentials. It’s also agentless, with the company promising on its website that “not a single packet is sent over the network, nor does a single line of code run in your environment.” Eliminating the need for customers to install or integrate new software means “we don’t need to fight people to change the way they work,” said Shua.
Right now, the company is trying to balance its original, scrappier identity with its newer status as a cybersecurity unicorn. As their base of customers has grown, there’s less time and bandwidth for the kind of hands-on approach from executives that capture the personal touch of many traditionally smaller companies.
“The moment that I understood that I can’t meet each and every one of our customers was a very sad moment for me…but you know, it simply doesn’t scale over a certain number,” said Shua.
Still, executives at Orca Security felt they didn’t really have a choice in the matter. They had to grow quickly if they were going to benefit from the influx of businesses rushing to host their software and systems in the cloud following the COVID-19 pandemic.
The company will put some of that new money towards expanding their sales and R&D teams and has plans to expand their sales presence in Europe and around the globe, with a new office already established in Austria and another one planned for Australia.
The goal is to continue growing in parallel to the ever expanding global cloud security market, where investors are pouring cash into startups that provide a range of security services in a cloud native enviornment.
“If you think about the Infrastructure-as-a-service and platform-as-a-service market, it is trending toward a trillion dollars in seven to eight years,” said Shua. “Traditionally, security is around 5-7% out of the spend. That means that this is probably the largest cybersecurity market out there and definitely this is the market we’re after."