Many fast-growing businesses depend on small armies of software developers who constantly develop new products and services, or upgrade the existing ones. But California-based security business CommandK warns these companies face a problem – the pace of change makes their sensitive data vulnerable to attack. The company, which is today unveiling a $3 million seed funding round, thinks it can help.
“Companies often fall short of building a strong posture for managing sensitive data,” says CommandK co-founder Jayesh Sidhwani of businesses with sprawling software development initiatives run by multiple engineers or teams of engineeers. “Either they defer securing the management of sensitive data or they use a variety of different point solutions to handle each type of data.”
Moreover, many different types of data are at risk. Data ranging from company-sensitive information, such as financial details or intellectual property, to customers’ personally identifiable information (PII) has to flow around the business in order for it to function properly. Software developers constantly iterating the business’s infrastructure do their best to protect this data as they go along , but without a coherent and centralised strategy for doing so, the danger of a breach is high.
In most cases, developers are generalists rather than security specialists, adding to the risk of a problem emerging. And, if the worst happens, a breach can have a devastating impact, resulting in regulatory sanction, high remediation costs, threats of litigation from those compromised by PII leaks, and substantial reputational damage.
That’s where CommandK says it comes in. Sidhwani and his colleagues have built a platform to provide a managed solution that sits inside the company’s own cloud. The idea is to replace all the products and DIY initiatives that companies are currently using for security with a single set of controls and protections – and to do so without the company’s data having to move outside its own environment.
It’s a proposition aimed at both smaller businesses lacking security expertise and larger organisations that are struggling to stay on top of data protection, Sidhwani explains.
“Large web-scale companies have resources to build internal tools that allow developers to build secure products, but these tools need constant upgrades in the ever-evolving cyber-security landscape,” he says. “Unless the companies have a dedicated team to focus on this problem, the company’s overall security posture keeps falling behind.”
CommandK’s solution not only enables the business to protect its data, but also to secure all-important visibility of the information it holds. That also provides support from a compliance perspective. The company sees the highly-regulated fintech and healthtech industries as key target markets, given their need to protect sensitive data and to account for how they are doing so.
Having built its platform, the next stage for CommandK is to commercialise its business. So far, the company has been working with a number of key customers in beta mode, developing its infrastructure in tandem with clients in order to build solutions tailored to the market’s needs. However, Sidhwani believes the business can move to revenue-stage within the next few months; he envisages a software-as-a-service business model with customers paying monthly.
The business’s fundraising will play a crucial role in that regard, with the cash earmarked for fine-tuning the product. CommandK plans further investment in research and development, and to hire the developers it needs to build out its platform. “It’s all about giving visibility and control,” Sidhwani adds.
The cash is coming from a consortium of investors led by Lightspeed Venture Partners. Hemant Mohapatra, a partner at Lightspeed, compares CommandK’s proposition to other tools developed to help fast-growing businesses manage their software development issues.
“Companies such as Docker, Atlassian, and Github were built on the backs of helping developers better manage code and microservices,” Mohapatra explains. “We believe CommandK will be the defining company in helping developers better manage their security, secrets, and configuration infrastructure with the same efficiency and safety as they manage their code today.”