As organizations embrace cloud services — and are forced to confront changing regulations and data use standards — their ability to maintain control of data security frequently becomes strained. If they lose that control, the consequences can be quite severe. The average cost of a data breach is about $3.86 million (per IBM), and most companies pay around $14.82 million per year for noncompliance, including noncompliance with data security policies.
So it doesn’t come as much of a surprise that there’s a strong, shared desire among organizations to invest in greater data security. Ninety-seven percent of security leaders believe that their employers will either maintain or increase their security budgets this year, according to one recent survey, while 45% say that data security has “significantly” increased for them as a priority.
The newfound attention on data security is benefitting startups like Symmetry Systems, which offers a platform that provides visibility into who has access to a company’s data and how it’s being used. Co-founded by Casen Hunger, Puneet Tiwari and Mohit Tiwari, a cybersecurity researcher at the University of Texas, Austin, Symmetry maps out an organization’s data, helping to define policies for how data should — and shouldn’t — flow.
“Symmetry provides the foundational visibility to drive developers and data team processes, to detect violations and to automate large parts of compliance reporting,” Tiwari told TechCrunch via email. “The platform not only grants deep visibility into the security posture of the data layer, it enables the management of the data permission structure to resolve gaps and identify lapses in access — allowing human analysts and leadership to focus on more pressing issues.”
Certainly, there’s evidence that organizations struggle with data management. In a 2022 survey conducted by PulseMeter and Orca Security, 35% of companies said that their sensitive data now resides in the cloud while 27% admitted to not knowing the location of their sensitive data.
Symmetry, running in an organization’s cloud or clouds, tries to solve for this — identifying data types in data stores and unearthing possible misconfigurations related to data and user accounts. Using Symmetry, customers can adjust account access management policies on individual data objects, ensuring access is limited to those who need it and monitoring all future accesses.
“Symmetry pioneered the ‘software-as-a-service, but in customer’s cloud’- deployment model in cloud data security,” Tiwari said. “The entire product resides in the customer’s environment while being updated and managed using cloud-native computing foundation tooling that’s more typically associated with classic software-as-a-service products.”
Symmetry competes with data security companies like Rubrik-owned Laminar, Open Raven, IBM’s Polar, Normalyze, Cyera, Theom and Dig as well as cloud security and privacy vendors (see Wiz, Orca, Palo Alto Networks, Securiti, BigID and OneTrust) offering data security management products.
To attempt to differentiate itself, Symmetry is developing a large language model along the lines of OpenAI’s ChatGPT that’ll allow customers to talk through, in plain English, things like what data and which actions create a security or compliance risk and what steps can mitigate any data risk.
That’s perhaps what attracted investors to the startup. Symmetry today announced that it raised $18 million in a funding round led by Prefix Capital with participation from W11 Capital, TSG and Forgepoint Capital, bringing the company’s total raised to $36 million.
“We’re building a new category of AI-enabled workflows for security and compliance in order to specifically side-step the pitfalls of overfitted AI models that end up effectively being a ‘rules engine’ with another name,’” Tiwari said.
Symmetry’s mum where it concerns specific revenue figures and customers; Tiwari declined to name any client names when asked. But Tiwari says that it’s building a “robust” federal sales program. The San Francisco-based startup employs a workforce of around 40 today, and expects to have 50 to 55 on the payroll by the end of the year.
“The latest investment will be used to scale out Symmetry’s channel partnerships, offer a starter visibility product that clearly shows how a data-to-identity abstraction is a major leap from messy infrastructure details, and build out the second phase of cloud data security — i.e., autonomous response to threat-detections and policy-violations,” Tiwari said. “Our customers have to move to the cloud, meet increased regulations and quickly use AI and data lakes. All of these are tailwinds for us … Overall, we see money from infrastructure security being reallocated towards data security.”