Immuta, a provider of data privacy and access control services, announced today that it has closed a $100 million Series E round with a valuation of $1 billion, bringing the company’s total funding to $267 million. NightDragon led the funding with participation from Snowflake Ventures and existing investors Dell Technologies Capital, DFJ Growth, IAG, Intel Capital, March Capital, StepStone, Ten Eleven Ventures and Wipro Ventures.
The new money will be used to support product development and R&D efforts, CEO Matthew Carroll said, as well as expand Immuta’s sales, marketing, customer success and support teams and enable “key” data monitoring acquisitions. “The pandemic has accelerated the move to the cloud and that has increased the need for cloud data security,” he told Vidak For Congress in an email interview. “We don’t see that slowing down.”
Immuta was co-founded in 2015 by Steven Touw and Carroll, who began his career as a US military intelligence officer in Baghdad. Before founding Immuta, Carroll spent several years at advisory group CSC after it acquired his previous employer, 42six Solutions, where Touw also worked.
Carroll led data fusion and analytics programs and advised the US government on data management and analytics issues at CSC. “I quickly realized the power of data and the ways in which the management of large amounts of critical information can better streamline activities of all kinds,” he added. “With the right data access controls, organizations can truly maximize the usefulness of their data.”
Carroll proposes Immuta as an “enterprise scale” alternative to manual processes for creating and implementing data policies. It is his claim that many IT teams are using tools based on role-based access control technologies from the 1990s, which are not well suited to emerging privacy regulations such as GDPR and CCPA. Carroll argues that these tools can add to the challenge in situations where data needs to be migrated from on-premises data stores to the cloud. For example, a company may operate in a certain number of countries worldwide, but have data stored in a data center in Germany.
According to Carroll, studies show that organizations face a range of challenges when it comes to establishing data policies. Specialists in a recent TechRepublic survey cited corporate culture, lack of knowledge, financial costs and poor integration with existing tools as some of the biggest blockages. The public sector struggles with the same issues, according to research by the Center for Digital Government (CDG), a national research and advisory institute. The CDG reported in May that frameworks to address digital privacy at the state and local government levels are still in the “nascent stages.”
“The question is understanding what rules apply and also how to apply them — it can get complex very quickly,” Carroll said. “This is all happening as organizations try to accelerate access to data. The most common challenge we hear is that organizations are trying to innovate, trying to move their business forward, but there is a gap between IT and the business and they are forced to make this decision between being compliant or providing fast access to the data. ”
Immuta’s clients – ranging from private sector organizations such as S&P Global and Mercedes-Benz Group to the US military – will have access to a dashboard designed to automate aspects of federation data policy. It provides tools for discovering, classifying and tagging sensitive information to comply with contractual obligations and regulations. In addition, Immuta can monitor data usage and collect insights to show users what data has been used, when, by whom and for what purpose.
The platform integrates with data centers, on-premises servers, and hybrid cloud services, including Databricks and Snowflake. (Immuta recently launched a software-as-a-service implementation called Immuta SaaS.) Any user who accesses services that integrate Immuta will get the benefit of using Immuta to control data access, Carroll said.
“Immuta takes a different approach to a handful of newer alternatives, where we’ve written code that integrates natively into the compute layer, meaning consumers don’t see a performance loss when applying data access control policies to queries,” said Carroll. “Immuta acts as the data security and privacy layer in customer environments… [it] improves compliance and reduces risk, [which] means teams can securely share more data and easily demonstrate compliant data usage with full visibility into all data access.”
Data management is a red-hot industry, with an analytics firm projecting it to be worth $6 billion by 2026. Immuta’s competitors include TrustArc, which helps companies implement privacy and compliance programs. Others include Privitar, OneTrust, and BigID.
Fortunately for Immuta, venture capital sees great opportunities in data privacy. Venture spending in the broader security segment rose to nearly $30 billion in 2021, more than doubling the total from the previous year, according to to MomentumCyber.
“We are very well funded,” said Carroll, hesitantly when asked about Immuta’s total customer base and annual recurring revenue. †[We] see the recent reality check on tech as a great opportunity to strengthen our market position and expand with new acquisitions.”
Stefan William, VP of corporate ventures at Snowflake Ventures, added in an emailed statement: “Data security is only becoming more important and we strongly believe in Immuta as both a partner and an investor. With enhanced data security, Snowflake customers can control their use of cloud data accelerate further, and that’s a win for everyone.”
Boston, Massachusetts-based Immuta currently claims to have more than 250 employees, with plans to double its workforce within the next 18 months.