>>Welcome back to Boston. Everybody watching the cubes coverage, OFS reinforce 22 from Boston, Atlanta chow lobster, the SOS a ruin in my summer, Andy and Smith is here is the CMO of laminar. Andy. Good to see you. Good >>To see you. Great to be >>Here. So laminar came outta stealth last year, 2021, sort of, as we were exiting the isolation economy. Yeah. Why was laminar started >>Really about there's there's two mega trends in the industry that, that created a problem that wasn't being addressed. Right? So the two mega trends was cloud transformation. Obviously that's been going on for a while, but what most people doesn't don't realize is it really accelerated with COVID right? Being all, everybody having to be remote, et cetera, various stats I've read like increased five times, right? So cloud transformation are now you are now problem, right? That's going on? And then the other next big mega trend is data democratization. So more data in the cloud than ever before. And this is, this is just going and going and going. And the result of those two things, more data in the cloud, how am I securing that data? You know, the, the, the breach culture we're in like every day, a new, a new data breach coming up, et cetera, just one Twitter, one yesterday, et cetera. The, those two things have caused a gap with data security teams and, and that's what he >>Heard at attract. Yeah. So, you know, to your point and we track this stuff pretty carefully quarterly, and you saw, it was really interesting trend. You actually saw AWS's growth rate accelerate during the pandemic. Absolutely. You know? Absolutely. So you're talking about, you know, a couple of hundred billion dollars for the big four clouds. If you, if you include Alibaba and it's still growing at 35, you know, 40% a year, which is astounding, so, okay. So more cloud, more data. Explain why that's a, a problem for practitioners. >>Yeah, exactly. The reality is in, in the security, what, what are we doing? What all the security it's about protecting your data in the end, right? Like, like we're here at this at, at reinforce all these security vendors here really it's about protecting your data, your sensitive data. And, but what, what had been happening is all the focus was on the infrastructure, the network, et cetera, et cetera, and not as much focus, particularly on the data and, and the move to the cloud gave the developers and the data scientists, way more power. They don't longer have to ask for permission. And so they can just do what they want. And it's actually wonderful for the business. The business is moving faster, you spin up applications sooner, you get new, new insights. So all those things are really great, but because the developer has so much power, they can just copy data over here, make a backup over here, new et cetera. And, and security has no idea about all these copies of the, of the data that are out there. And they're typically not as well protected as that main production source. And that's the gap that >>Exists. Okay. So there was this shift from sort of perimeter hardening the perimeter, hardening the infrastructure and, and now your premises, it's moving to the data we saw when, when there was during the pandemic, there was definitely a shift to end point security. There was a shift to cloud security rethinking the network, but it was still a lot of, you know, kind of cha chasing the whackamole and people have talked about this is a data problem for years. Yeah. But it was, it's taken a while for, for companies, for the technology industry to, to come at it. You guys are one of the first, if not the first. Yeah. Why do you think it took so long? Is this cuz it's really hard. >>Yeah. I mean, it, it's hard. You need to focus on it. The, the traditional security has been around the network and the box, right. And those are still necessary. It's important to, you know, your use identity to cover the edge, to, to make sure people can't get into the box, but you also have to have data. So what, what happens is there's really good solutions for enterprise data security, looking at database, you know, technology, et cetera. There are good solutions for cloud infrastructure security. So the CSP of the world and the CWPP are protecting containers, you know, protecting the infrastructure. But there really wasn't much for cloud everything you build and run in the cloud. So basically your custom application, your custom applications in the IAS and PAs environments, there really wasn't anything solving that. And that's really where laminar is focused. >>Okay. So you guys use this term shadow data. We talk about shadow. It what's shadow data. >>Yeah. So what we're finding at a hundred percent of our customer environments and our POVs and talking to CISOs out there is that they have these shadow data assets and shadow data elements that they have no clue that existed. So here's the example. Everybody knows the main RDS database that is in production. And this is where, you know, our, our data is taken from. But what people don't realize is there's a copy of that. You know, in a dev environment, somebody went to run a test and they was supposed to be there for two weeks. But then that developer left forgot, left it there. They left the company, oh, now it's been there for two years that there was an original SQL database left over from a lift and shift project. They got moved to RDS, but nobody deleted that thing there, you know, it's a database connected to an application, the application left, but that database, that abandoned database is still sitting. These are all real life customer examples of shadow data that we run into. And there's, and what the problem is that main production data store is secured pretty well. It's following all your policies, et cetera. But all these shadow data resources are typically less well protected unmonitored. And that is what the attackers are after. >>So you're, you know, the old, the, the Watergate follow the money, you're following the data, >>Following the data. >>How do you follow that data if there's so much of it, it, and it's, you know, sometimes, you know, not really well understood where it is. How do you know where >>It is? Yeah. It's the beauty of partnering with somebody like AWS, right? So with each of the cloud providers, we actually take a role in your cloud account and use the APIs from the cloud provider to see all the changes in all the instances are going on. Like it is, the problem is way more complicated in the cloud because I mean, AWS has over 200 services, dozens of ways to store data, right. It's wonderful for the developer, but it's very hard for the security practitioner. And so, because we have that visibility through the cloud provider's APIs, we can see all those changes that are happening. We can then say, ah, that's a data store. Let me go analyze, make a copy, have a snapshot of that and do the analyzing of that data right inside our customer's account without pulling the data out. And we have complete visibility to everything. And then we can give that data catalog over to the customer. >>All right. I gotta ask you a couple Colombo questions. So if you know, we talk about encryption, everything's encrypted everything. If, if the data is encrypted, why then would I need laminar? >>Because I mean, we'll make sure that the data's encrypted okay. Right. Often. So it's not supposed to be and not right. Two is, we're gonna tell you what type of data is inside there. Oh, is this, is this health information? Is it personal identify information? Is it credit cards? You know, et cetera, C so we'll classify the data for you. We will also, then there's things like retention, period. How long should we, I hold onto that data, all the things about what are, who has access, what's the exposure level for that data. And so when you, when you think about data security posture, what's the posture of that data you're looking at at those data policies. It's something that has been very well defined and written down. But in the past, there was just no way to go verify that those, that, that, that policy is actually being followed. And so we're doing that verification automatically. >>So without the context, you can't answer those other questions. So you make sure it's encrypted. If it's not, or you can at least notify me that it's not, you don't do the encryption. Right. Or do you, >>We don't do it ourselves, but we can give you here. Here's the command in and the Amazon to go encrypt it >>Right. Then I can automate that. And then the classification is key because now you're telling me the context. So I can say, okay, apply this policy to that data, retain it for this long, get rid of it after X number of years, or if it's work, process, get rid of it now. Yeah. And then who should have access to that data. And so you can help at least inform how to enforce those policies. >>Exactly. And so we, we, we call it guided remediation because what we're, you know, talking to a CISO, they're like, I need 400 more alerts, like a hole in the head like that. Doesn't do me any good. If you can't tell me how to resolve the, the, the, this security gap that I have or this, then it doesn't do any good. And, and the first, first it starts with who do I need to go talk to? Right. So they have hundreds, if not thousands of developers. Oh, great. You found this issue. I, I, I don't know who to go. Like, I can't just delete it myself, but I need to go talk to somebody really, should this be deleted? We need, do we really, really need to hold onto this? So we, we help guide who the data owner is. So we give you who to talk to. You, give you all the context. Here's the data, here's the data asset that it's in. Here's our suggestion. Here's the problem. Here's our suggestion for >>Solution. And you started the company on AWS >>Started on AWS. Absolutely. >>So what's of course it's best cloud and why not start there? So what's the relationship like, I mean, how'd you get started? You said, okay, Hey, we're we got an idea for a company. We're gonna build it on AWS. We're gonna become a customer. We're gonna, you know, >>We actually, so insight partners is our main investor. Yeah. And they were very helpful in giving us access to literally hundreds of CSOs, who we had conversations with before we actually launched the company. And so we did some shifting and to, to figure out our exact use case. But by the time we came to market, it was in February this year, we actually GAed the product that, where like product market fit nailed because we'd had so many conversations that we knew the problem in the market that we needed to solve. And we knew where we needed to solve it first. And, and the, the, the relationship we AWS is great. We just got on the marketplace, just became a, a partner. So really good. Good >>Start. So I gotta ask you, so I always ask this question. So how do you actually know when you have product market fit? >>You it's about those conversations. Right. You know, so like, I I've been to lots of startups and sometimes you're you're, you, you each have a conversation and then they, they saying, oh, well kind of want this. And we kind of like that. And so it, the more conversations you have, the more, you know, you're solving a real problem. Right. And, and, and, and, and you re react to what that, what that prospect is telling you back and, or that advisor or that whoever we're talking to. And, and every single one of the CISO conversations we had was I don't have a good inventory of my data in the cloud. >>The reason I asked that, cause I always ask the startups, like, when do you scale? Cause I think startups sometimes scale too fast. They try to scale too fast, they'll hire 50 sales people. And then they, you know, churn, you know, they, they got a 50% churn, but they're trying to optimize their go to market when they got 50% of their customers are gonna leave. So it's, it's gotta be the sequential thing. So, so you got product market fit. So are, are you in the scaling phase >>Now? We are. Yeah. Yeah, yeah. So now it's about how quickly can we deliver? We, we we're ramping customer base significantly. And, and you know, we've got a whole go to market team in, you know, sales and marketing in the us and, and often off to the races >>And you just run on AWS or you run another clouds. >>It's multi-cloud so AWS, Azure, GCP, et cetera. >>Okay. So then my least my next question is it sort of, you can do this within each of the individual clouds today. Do you see a day and maybe it's here today is where you can create a single experience across those clouds >>Today. It's a single experience across cloud. So our SaaS, we have our SaaS portion runs in AWS, but the actual data analysis runs in each cloud provider. So AWS, Azure, GCP and snowflake too, actually. >>Ah, okay. So I come through your whatever portal, like if I can use that term. Yep. And that's running on AWS. Yes. You're SAS, as you say, and then you go out to these other environments, GCP, Azure, AWS itself, and snowflake. Yep. And I see laminar, is that right? Or >>There's a piece running inside our customer's environment. Okay. So, so we have a customer, they, the, we have, we get a role inside of their cloud account or read only role inside of their cloud account. And we spin up serverless functions in that cloud account. That's where all the analysis happens. And that's why we don't take any data out of the environment. So it all stays there. And, and therefore we don't, we don't actually see the data outside of the environment. Like, I, I can tell you there's a metadata comes out. I can tell you, there are credit cards inside that data store, but I can't tell you exactly which credit card it is cuz I don't know. So all the important actions happens are there and just the metadata metadata comes out. So we can give you a cross cloud dashboard of all your sensitive data. >>And of course, so take the example of snowflake. They're going across clouds, they're building what we call super cloud sort of, of a layer that floats on top. You're just sort of going wherever that data goes. >>Yeah, exactly. So, so each of there's a component that lives in the customer's environment in the, in those multi-cloud environments and then a single view of the world dashboard that is our SaaS component that runs an AWS. So >>You guys are, is, am I correct? You're series a funded >>Series, a funded yeah, exactly. >>And, and already scaling to go to market. Yeah. Which is, which is early to scale. Right. I mean you've got startup experience. Right? >>Absolutely. >>How does it compare? >>Well, what was amazing here was access. I mean, really it was through the relationship with insight. It was access to the CISOs that I had never had at any of the other startups I was with. You're trying to get meetings, you're meeting with a lot of practitioners, you know, et cetera. But getting all those conversations with buyers was, was super valuable for us to say, ah, I know I'm solving a real problem that has value that they will pay for. Right. And, and, and so that, that was a year and a half probably still of all that work going on. We just, just waited to GA until we understood the market >>Better. Yeah. Insight. They're amazing. The way to talk about scaling. I mean, they've just the last 10 years that comp that, that PE firm has just gone wild in terms of just their, their philosophy, their approach, their cadence, their consistency. And now of course their portfolio. >>Yeah. And, and they started doing a little bit earlier and earlier stage. I mean, I, I always think of them as PE too, but you know, they, they did our seed round. Right. They did our a round and, and they're doing earlier stages, but particularly what they saw in Laar was exactly what we started this conversation with. They saw cloud transformation speeding up, they saw data democratization happening. They're like, we need to invest in this now because this is a now a problem to solve. >>Yeah. It's interesting. Cuz when you go back even pre 2010, you talk to, you know, look at insight, they would wait. They would invest in companies unless there was, you know, on the way to five plus million dollar ARR, they weren't doing seed deals. Totally. Like they saw, wow, these actually can be pretty lucrative and we can play and we have a point of view and yeah. So cool. Well, congratulations. I'll give you the final word. What, what should we be watching for from, from Laar as sort of, you know, milestones that you guys want to hit and, and indicators of success. >>Yeah. Now it's all about growth partnerships, you know, integrations with, with other of the players out here. Right. And so, you know, like scaling our AWS partnership is one of the key aspects for us. And so, you know, just look for, look for the name out there and, and you'll start, you'll start to see it a lot more. And, and if, if you have the need, you know, come look us up. Laar security.com. >>Awesome. Well thanks very much for coming to Cuban. Good luck. Appreciate it. All right. >>Wonderful. Thanks. You're >>Welcome. All right. Keep it right there, everybody. This is Dave ante. We'll be back right after this short break from AWS reinvent 2022 in Boston. You're watching the cue.