The 10 Hottest Cloud Security Startups In 2023 (So Far)
Cybersecurity startups focused on securing data and identities in cloud environments are among those making big moves during the first half of the year.
Protecting The Cloud
For many reasons, securing cloud environments such as AWS, Microsoft Azure and Google Cloud is a major trouble spot for organizations. Lack of visibility, a massively expanded attack surface and the highly dynamic nature of the cloud are just a few of the big issues facing security teams who are charged with protecting cloud-based resources. As just one indicator of their struggles, cybersecurity professionals who were surveyed at the RSA Conference in April reported that their biggest concern is cloud security, beating out worries about ransomware and remote work, according to a report from access management vendor Delinea.
Not surprisingly, many cybersecurity startups have chosen to focus on addressing these challenges, and a number of up-and-coming cloud security startups have been busy raising funding and deploying their products to more customers in 2023 so far. Notably, many cloud security startups — even those still at the early-stage level — have also been working closely with channel partners, in another sign of the massive market demand for innovation in the cloud security space.
Major focus areas for cloud security startups in 2023 include helping to secure data and identities in cloud environments, while other startups are offering capabilities for investigations and incident response in the cloud.
We’ve been tracking a number of cloud security startups and have chosen 10 that especially caught our attention during the first half of 2023. We’ve focused on startups founded since 2018 that you may not have heard about yet, but that we think are worth checking out (we’re intentionally omitting cloud security startups that have already achieved significant scale and wide recognition, such as Wiz and Orca Security).
What follows are the 10 hottest cloud security startups in 2023 so far.
CEO: Art Poghosyan
In March, Britive announced raising $20.5 million in a Series B funding round led by Pelion Venture Partners. The startup is using the funds to expand the development and deployment of its platform that aims to enable improved identity security in cloud environments. Specifically, Britive is providing what’s known as “just-in-time” privileged access management — which automates the granting and revocation of user privileges — across multi-cloud environments. The startup’s platform also provides greater visibility into security issues in cloud-based systems such as misconfigurations, unusual activity and risky permissions.
Britive’s director of channel sales, Jason Turner, has been focused on recruiting channel partners since joining the company in 2021, and partners now contribute 85 percent of the startup’s sales pipeline, according to the company’s 2023 Channel Chiefs entry.
CEO: James Campbell
In March, Cado Security landed $20 million in new funding led by investment firm Eurazeo. The startup, which offers what if calls the “first” platform for forensics and incident response in the cloud, said it will use the funding to expand its customer base and continue developing its product. In June, Cado followed up the funding announcement with the hire of Holly Shea Cappello, who formerly worked for cybersecurity vendors including Rapid7 and Carbon Black, as its new senior vice president of global sales. Cado Security offers a digital forensics platform that is cloud-native — which makes it uniquely designed for cloud environments, according to the startup — and is focused on automating investigation and response efforts.
CEO: Merav Bahat
Dazz has aimed to stand out from others in the cloud security space by focusing on helping organizations to prioritize and remediate cloud vulnerabilities, in contrast to tools that are mainly capable of generating alerts. The startup’s platform further simplifies the process by providing developers with the fix to cloud security issues within their workspace. Founded by a group of former Microsoft executives — including Bahat, who was previously the general manager for Microsoft’s cloud security business — Dazz has collected $60 million in funding so far. Recent product moves have included the launch of a private preview for a capability that helps to automate remediation of cloud security issues, such as infrastructure-as-code flaws, by leveraging OpenAI’s GPT-4 large language model to derive insights from sources of unstructured data. “Our unique position as a fully-integrated platform allows us to capitalize on the potential of LLMs in providing actionable remediation,” Dazz said in a blog post announcing the new capability in June.
CEO: Dan Benjamin
Dig Security, which focuses on data security in the cloud, has made a number of significant moves during the first half of the year including announcing an integration with cybersecurity giant CrowdStrike and landing an investment from Samsung Ventures. In April, Dig Security announced that its data security posture management (DSPM) platform has been integrated with CrowdStrike Falcon, enabling the delivery of enhanced visibility and control for cloud data in real time as well as improved discovery of security posture issues and sensitive data. The integration with CrowdStrike — which is also an investor in Dig Security — has produced what the startup says is the “first-in-the-market” DSPM offering that combines malware detection, data leak prevention and data detection and response in the cloud.
Meanwhile, in June, Dig Security announced that Samsung Ventures has made a “strategic investment” into the startup. The amount of the funding was not disclosed. Dig Security offers a partner program that includes a focus on working with channel partners around delivery of consulting advisory services, implementation services technical support and procurement.
CEO: Shai Morag
Ermetic, a startup that specializes in automatically removing unneeded permissions in the cloud, announced the launch of a redesigned channel program in March. The company’s Above the Cloud Channel Partner Program consists of an offering customized for resellers and a separate offering tailored to MSSPs.
Components of the new program include Ermetic’s first certification program around its cloud-native application protection platform (CNAPP), aimed at providing partners with key technical skills for working with the platform, said Scott Hoard (pictured), head of global channel sales for Ermetic, in a news release. The platform brings an identity-focused approach to unifying and automating a number of capabilities in cloud security — including cloud infrastructure entitlement management (CIEM), cloud security posture management (CSPM), cloud workload protection (CWP) and security for infrastructure-as-code (IaC), as well as Kubernetes security posture management.
CEO: Amit Shaked
Laminar, a startup that offers a data security platform for cloud environments, announced in April that it has added a number of new features for enhancing its data security posture management (DSPM) offering. The new capabilities add up to making the Laminar platform the “only pure-play DSPM that provides comprehensive enterprise-wide multi-user capabilities,” the startup said in a news release.
Key features that were added in the recent update included the introduction of the Laminar Executive Data Landscape Dashboard, which provides instant visibility into data risk and security gaps, along with “best-in-class” support for role-based access control (RBAC) ensuring that authorized users have controlled access to data policies and system administration.
Also in April, Laminar announced support for Google Cloud and Snowflake, making it “the first cloud-native data security platform to support all major cloud service providers and data warehouse environments,” the company said in a release.
CEO: Tal Mozes
In March, Mitiga announced raising $45 million in Series A funding led by ClearSky Security, and targeted for expanding the deployments of its IR2 cloud incident response platform. The startup’s technology enables collection and analysis of forensic data related to cyber incidents affecting both cloud and SaaS environments. The IR2 platform integrates with cloud service providers and SaaS applications and provides what Mitiga calls the “industry’s fastest cloud IR” service, enabling investigations to begin quickly and rapidly delivering insights, according to the startup. In other recent moves, Mitiga said in February that John Watters, whose past roles have included serving as president and COO of Mandiant, had joined the startup’s board as an independent member.
CEO: Amer Deeba
Cloud data security startup Normalyze has made a series of announcements about the advancement of its technology during the first half of the year. In March, Normalyze said that the U.S. Patent and Trademark Office had granted the company what it called the “most fundamental patent to date” in the area of data security posture management (DSPM). Then in April, the startup announced Normalyze Cloud Platform 2.0, an expanded version of the company’s product with new features including the ability to “track data in motion and analyze lineage,” the company said in a news release. The new platform ultimately enables organizations to “continuously identify cloud-resident sensitive data, both at rest and in motion and secure access paths leading to a potential breach,” Normalyze said.
CEO: Yoav Regev
Sentra, another up-and-coming player in the cloud data security space, has been enhancing its platform during the first half of 2023 following the arrival of the startup in the U.S. market last fall. Recent announcements have included an integration between Sentra and Amazon Security Lake — which aims to enable security teams to better prioritize and remediate data security risks — and the introduction of ChatDLP, which can be used to automate the anonymization of sensitive data in OpenAI’s ChatGPT application.
Earlier this year, in January, Sentra announced raising $30 million in Series A funding led by Standard Investments to expand the company’s data security posture management (DSPM) platform. Sentra’s technology aims to offer improved visibility into sensitive cloud data, along with greater automation for risk assessment and access analysis related to the data.
CEO: Tarun Thakur
Veza, which aims to offer a modernized approach around governing access to data, said in June that it has surpassed 100 integrations with services and applications including public cloud, SaaS, data systems and on-premise apps. Recent moves in the area have included an integration with GitHub, announced in February, which aims to protect critical IP from malicious actors. For customers whose GitHub repositories “contain the crown jewels of the company,” Veza is “giving them the power to find and fix inappropriate access,” Thakur said in a news release. Also in June, Veza announced a new no-code tool that aims to allow organizations with legacy or non-standard systems to bring automation to the loading and mapping of permissions data with Veza’s platform.