(gentle music) >> We all know that virtually every organization is using the cloud in some way, shape or form. But those same organizations are building or maybe buying abstraction layers that attempt to hide the underlying complexity of these clouds. Which are now connected to on-prem workloads, they're in hybrid models, spanning across multiple clouds, and bleeding out to the edge. Now, while such an approach is extensively simplifies technology, provisioning and management, it brings challenges. And these challenges are fundamentally data problems. For example, with the sprawling clouds, how do you track sensitive data and know where it lives? How do you ensure compliance and privacy protections in a world of ever-changing regulations? How can you securely share data in an increasingly decentralized environment? How can you identify gaps in security policies and how can organizations identify and stop exfiltration in this complex environment? And, oh, by the way, very importantly, how can this all be automated? Because the number one challenges that CSOs face is a lack of talent. Hello everyone, this is Dave Vellante, and welcome to this CUBE conversation where we profile emerging technologies, innovative startups and disruptive trends in enterprise tech. And today we're pleased to welcome two guests from a really interesting firm trying to solve many of these problems. With us are Dr. Noah Johnson, who was the co-founder and CTO. And April Mitchell, head of engineering, both from Dasera. Folks, welcome April. Great to see you again. >> It's a pleasure to be here. Thanks, Dave. >> Okay Noah, let me start with you. I got to ask you, is security in your mind a do-over? >> Hey Dave. Thanks for having us. Great to be here. So yeah, you hear the adage a lot today, security is broken. And certainly if you look at the number of data breaches and misuses of data in the last few years, clearly something isn't working, right? Now, our view actually is that data security needs to be rethought, and kind of designed from the ground up for the modern way that the data is used. And that's exactly what we're doing. So we don't say, do over, so much as data security re-imagined, especially for the cloud. >> Yeah, you can't just rip and replace, but it's a little tongue in cheek there. But tell me more about the background of the company. Why did you and your co-founders start the firm? Are those challenges that I laid out upfront, the ones that you're directly attacking? >> Yeah, we're attacking all of them. So the background of the company, our technology originally came from PhD work that I did while I was studying at UC Berkeley. So I've spent most of the last decade or so looking at different cybersecurity problems. And my dissertation specifically focused on, how do you secure sensitive data while still allowing people to access it in a flexible way? As part of that work, I was able to collaborate with a big tech company, Fortune 500 company, who were facing very similar problems internally. They needed to get a handle on their data. And so through that kind of research collaboration, we built a platform that was able to track data and monitor how the data was used to better protect it while still allowing the company to be data-driven. They ended up deploying the system at scale. And so this was really strong, at least initial validation. The approach that we're using at Dasera actually is quite effective and sound. So since then, we've talked to hundreds of other CSOs and security teams, and really sort of gotten a deeper appreciation for the magnitude of the problem today. No person that we've spoken to has high confidence in their data security. And we can dig into the reasons for that. It's not for lack of effort, it's that this is a very hard problem, especially with the moving to the cloud. >> Yeah, I mean, trust is popping up on the NPS surveys. It's like the number one factor today. April, let's bring you into the discussion. You and I met early last decade and we've followed your career since then. What attracted you to Dasera? >> Yeah, that's a great question, Dave. I've spent my career at Fortune 10 companies with 15,000 plus employees. What made me take this step to go to all the magnitude, a smaller company and team? And I would say it was an easy choice and I was driven by a bold vision, the right team and an innovators heart. When I had a conversation with Ani, the CEO and Noah's co-founder, Ani and I crossed paths back at HP, and he had the opportunity to work with myself and one of my collaborators. And I'd say at the time we were the two co-founders running our own little two-person startup within HP labs, delivering consumer web services. And Ani and I connected then. And we knew we wanted to have that chance to work together in the future. And I was blessed with the opportunity to go from analytics, to programmability at HP at Cisco. And when Ani called me up just a little over two months ago, and he told me about Dasera, immediately I was interested. Data security is a wonderful hot space with so many challenges, and that innovation and the challenge from a real research perspective is what drew me to Dasera. And I had the conversation with Noah. And we went deep into differential privacy and the cracks of his PhD research. And I understood there, this company is built on very strong bonds. And really, to be successful, it's about the team. You have to have a diverse team with great experience. And when I talked to every single one of the team members, they shared a vision and they shared a passion. And you know me, I love being a part of a strong team and I love building strong teams. And that's exactly what we're doing here at Dasera. >> Thank you for that April. So Noah, give us the north star. Like early on, you guys got to focus in on where you're headed. What is that north star? >> Our goal is to really solve data security. You know, we touched on earlier, clearly current solutions aren't working. We think we have a very innovative solution that is designed specifically for where data lives today, which is the cloud. We see ourselves as being the kind of gold standard for tracking and managing and securing data in the cloud across the entire life cycle. You know, from the point the data is created to all of the different ways that data is used, to when the data is deleted, we want to build a system that lets companies for the first time, get that visibility, create that feedback loop between the data users, the different security stakeholders, the legal teams. Help them make better, more informed security decisions by providing that visibility. >> So April, I use this chart sometimes when I do segments on security. I think it's from Optiv and it's this, it shows all the different segments and this is a very fragmented market space. So I'm wondering, like for first of all, like who's the enemy, I mean, who you're trying to attack? But it's so fragmented, maybe there isn't one. But from an engineering standpoint, part two of the question is, what are the really gnarly problems that you're focusing on? But talk about part A first, if you would. Who are you targeting here? >> Absolutely. I would say the best defense is a really good offense. And how are we approaching this problem differently? And there are many data security tools out there. Many processes, from access control to DLP, but we still had 4,000 events, 4,000 breaches in the last year alone. So we can't continue to expect different outcomes by using these same approaches. So that's where we are changing the story. And we have a bold purpose. We don't want to be a typical existing cybersecurity company. We want to take the approach of treating data security as sacred, we want to make the world a safer place, and we want to do that by securing data across its life cycle. Creation to deletion. You asked about the gnarly challenges that are out there. To do that right, you have to do it at speed. You've got to do it in real time and you have to do it at scale. And those are definitely the challenges that we're running into right now from an engineering perspective. >> So Noah, when you looked at the landscape, you saw, as April said, it was just so many different tools out there. How do you describe your difference in the marketplace? And April, please chime in as well. >> Sure. Yeah. So everyone has a slightly different approach. April touched on this earlier. We want to fix data security. So in some sense, we're all on the same team. We have different views of the most effective way of solving this problem, but ultimately everyone wants to solve the same problem. I would say, we're the only ones that give a comprehensive look at the entire data life cycle. So if you look at other similar security offerings, a lot of players are focused on just access control, right? Or data loss prevention, or specific features like encryption. And these are all really important technologies, but they're not sufficient, right? These are technologies that have been in use for the last decade and yet we still see data breaches on a daily basis. And the reason for that is, even if you have those systems in place, there's a lot that can go wrong between when someone is granted access to all of the different ways they consume and share the data. And so where we're unique is we give this holistic picture of the data end to end. And we don't necessarily replace those other solutions. Actually, we compliment them. Our system can tell you, if you have an encryption solution in place, are you encrypting the right data, right? Are you using it the right way? So you get more value out of those tools. Or if you have access control, our platform can be a set of guard rails or kind of a backstop that can let you know, are those access control rules properly configured, are certain users over privileged, and so forth. So really providing that context, like I said earlier, to make better security decisions. That's where we're differentiated. That's kind of our unique view of how to solve the problem. >> April, anything you'd add to that? It sounds like you're a platform for all these tools. I feel like I need that for my apps. But what's the secret sauce there? >> Yeah. I think the secret sauce is that we've learned from the challenges that our customers are facing. We have an approach where we want to rapidly innovate and rapidly validate. And our team is doing that. Noah mentioned a couple of the key features. I'm going to add a few more, because really when you're making a choice, what should I use, you've got to start with, what do you want to protect? Your data and your people? How can we help you protect that? Well, we can help you manage data sprawl. You'd be surprised by how many customers on the cloud are really interested, or use our product for the first time and go, "Oh my gosh, I did not know that that was there. When did that get there? How did it get copied there? Why is it there?" You know, and they're asking these questions. So we want to help you track that sprawl of your data. We want to monitor the data when it's in use. How are people growing it? How are your employees accessing it? How are they using it? Are they using it in the right way? Are they using it in the right way today? Are they using it on the right way tomorrow based the permissions? And we can give you that risk analysis and that perspective. We also want to let you know that when the data's sprawls, when there's a new copy that's stored in the new data store, is it configured the right way? Are you protecting it the right way? We can analyze that for you as well. So really the completeness of the features from the end to end solution, you can't protect across the entire data life cycle from creation to deletion, unless you're truly connecting and understanding how the data is being used. >> Great. Thank you. Noah, what's the ideal customer look like? Big, small, different industries? Will you give us the ICP? >> So as far as industries, our view is, a data breaches is a data breach. So any company that collects data and needs to protect it would benefit from our solution. I will say specifically, organizations that are cloud first and data-driven. Meaning they collect a lot of data and need to use that data, especially if that data is sensitive. So think B to C companies, retail, e-commerce, social media, finance, any company that collects consumer data, there are legal obligations, security obligations, kind of a higher standard of care that's required for that data. And that's where we can really help. So we're seeing traction actually from all of these industries. As far as the ideal user profile, we are targeting data security professionals. But we are a platform. We are a collaboration platform. Our system is designed to let different stakeholders within the organization, work together. From the security team, to the legal team, to the different data custodians, they can all collaborate seamlessly within the platform using that context that we're stitching together about the data flow. >> That last point is important because it used to be, it was the SecOps team. It was their problem. And now it's IT, it's security, it's legal, it's the line of business. And then the first point you made about cloud first and data-driven, that's good news for your term. Because if you're not cloud first and data-driven, you're probably not going to be in business by the end of the decade. So, how about the business case? You know, your startup, the ideal startup situation is you're 10X the value at 1/10 the price. Now, maybe in your case it's a little different 'cause you're taking that holistic view as opposed to one narrow view. But what's the justification? Lay out the ROI. >> Yeah. So we've designed the platform actually to be very quick time to value and easy to deploy. The platform is fully automated, has built in policies and machine learning. So you spin it up and it will automatically discover the data stores, it will go and crawl the data to automatically classify it. And so now you've already solved the problem of just data sprawl, knowing what data is out there. And then we can show customers, here's how the databases are configured, is the data sufficiently protected, here's how employees are interacting with the data. And then finally optionally to write policies and workflows to make sure that there's a process in place to protect the data across its entire life cycle. So there's sort of an evolution of different features. So there's kind of a maturity evolution from just, number one, identifying the data, or like we say, you can't protect what you don't know exists, to protecting it and identifying whether there are any security risks and compliance gaps. And then finally automatic proactive protection and remediation by security policies. >> So where are you guys in terms of the maturity? Obviously it's early days, but where are you in terms of product market fit? Have you nailed that? Still trying to figure that out? I know you've raised around 9 million, you're out of stealth. You give us a sense of the maturity curve. >> I can jump in on that one and speak a bit about our first customers. And then Noah can add more detail as well. But we're seeing these cloud first organizations, the CSOs, the chief security or privacy officers coming to us because they know that traditional approaches aren't working. We are here, we are ready to engage. We aren't just grabbing, what's coming, we're talking about what we have now. And we will sit arm to arm with you and made sure that we are solving the challenges that your team is facing right now. And that's where we're getting early feedback. That's where we've really been able to showcase some new innovations and to validate and move from there. But I would say, if you're interested in talking to us, please call, please visit the website and make that connection. Because we're not stealth, we're not hiding. We're engaging and definitely have a offering that is ready to be used. >> So okay, so you're in market with that offering. What do I buy from you? Is it a SAS, is it a subscription, is it a service? >> Yeah, so we have a few different product offerings and deployment models, depending on where the data's stored and the environment that the company wants to run the software. So we support on-prem, we also have a SAS offering as well. >> Okay, and that runs in the cloud, obviously, the SAS offering, or you can sort of put it as in a require on appliance? How do I deploy it on on-prem? >> No appliance runs. Runs purely in the cloud. And within an hour to onboard, to connect to the environment and to get a scan up and running. >> And it's status of the company, am I right, I think you've raised like $9 million. Head count, anything you can share in that regard? Are you hiring? I'm sure you are. >> We're growing very quickly. There's been tremendous traction as April mentioned earlier, and we're super excited about the opportunity ahead of us. It's clear we've tackled the very big problem that is still unsolved. So we have big plans and we fortunately have been able to raise some capital to help us build out the team, to add the capabilities that we need to fully solve this problem end to end. So we're well on our way, but it's a journey. This is an unsolved problem for a reason, right? It's quite complex. And we've got a great headstart, we've got a great approach, we've got some great early customers, but there's a way to go still. >> And I'll use that opportunity to say, yes, we are hiring. And if you're interested in this space, if you want to learn from a team of experts, but also grow your skills and take on some new challenges, then please go to the website and check out the current positions that we have. Dropped me ping through any of the social media networks, 'cause we'd love to hear from you. >> Great. Website is Dasera, D-A-S-E-R-A. All right. So check it out. Guys. great to have you on. Thanks so much. Best of luck. We'll be tracking you, and really congratulations on getting to this point. And I know you have a lot more work to do, but really exciting times, I'm sure, for you. >> Thanks Dave. >> It's a pleasure to see you this way and hopefully in person soon. >> Hopefully. Yeah, absolutely. Hopefully in '21. We'll see. We'll see. Thank you for watching everybody. This is Dave Vellante for the CUBE, we'll see you next time. (gentle music)