The market for cloud security tools is booming. It's actually lagging behind the market for public cloud services, which means that the security sector should experience serious growth in coming years. Gartner estimates that the market for public cloud services will grow to $207 billion by 2016. We're often skeptical of analyst forecasts (you don't sell reports predicting a tiny market, after all), but this estimate could actually be low.
The public cloud services market already spiked from $91 billion worldwide in 2011 to $109 billion in 2012, and as more security tools come online to help boost the trust of public cloud services, growth should start hockey sticking soon. Here are 10 cloud security startups that could help boost cloud adoption in 2014 and beyond:
What they do: Provide cloud application management, single sign-on and analytics tools. /p>
Headquarters: Santa Monica, Calif.
CEO: Scott Kriz, who was most recently VP of product for Fastpoint Games, a sports and entertainment gaming company that was sold to Weplay in 2012.
Funding: $2.4 million in seed funding from Resolute VC, Double M Partners, Social Leverage and Karlin Ventures.
Why they're on this list: Employees at organizations of all sizes interact with dozens of apps from multiple devices over the course of their business days -- this includes corporate enterprise apps, social apps, mobile apps and more. Bitium believes that two trends are converging, which will make this situation even more unmanageable. The dual trends of Bring Your Own Device (BYOD) is now dovetailing with the Bring Your Own App (BYOA) phenomena. If you prevent corporate apps from being used on employee-owned devices, savvy employees will simply switch to their own alternative apps. And if you forbid certain apps on corporate-owned devices, employees will access them on their own devices.
This puts organizations in a tough spot and leaves many with little visibility into what services are being used and what sensitive corporate information is potentially being shared.
Most app management tools that promise security often do so at the expense of the end user. Many of these services are complex enough that they require a training session with corporate IT to set up accounts.
Bitium argues that it provides a solution that prioritizes security without sacrificing usability. With Bitium, users can access more than 1,000 cloud-based apps with a single sign-on. IT is able to securely grant and revoke application access to employees and partners in one click (without sharing passwords).
Versus other SSO/authentication solutions, Bitium adds a key piece of functionality: analytics. With Bitium, IT gains visibility into what apps teams are using on a regular basis -- allowing managers to stop risky behaviors and to save money by shutting off unused accounts. IT and business leaders can also see app activity within a company through Bitium's communications tool -- which pulls in messages and notifications from installed apps into a single stream.
Customers include Prialto, OpenTable, Act-On, and Media Temple.
Competitive Landscape: Competitors include Okta, OneLogin, Ping Identity and Symplified.
What they do: Offer an information security rating service, which helps organizations evaluate risks when working with partners, suppliers, outsourcers, etc.
Headquarters: Cambridge, Mass.
CEO: Shaun McConnon, who previously served as CEO of Q1 Labs.
Funding: BitSight raised a $24 million Series A round in June 2013.
Why they're on this list: Today, organizations have hundreds of business partners with whom they share sensitive data. This exposes them to the risk of a breach through a partner network. According to BitSight, third-party breaches are the cause of a staggering amount of cyberattacks, and there is currently no objective method of keeping track of the security risks that partners pose.
BitSight's global platform helps manage this risk by collecting and analyzing terabytes of data on security behaviors and then rating companies for their security effectiveness. Similar to consumer credit scores, BitSight SecurityRatings are automated and derived entirely from externally available data. The result: organizations are empowered to proactively identify, quantify, and mitigate security risks throughout their ecosystems.
Users receive daily updates on the ratings of their vendors, updates which provide detailed information on suspicious behaviors, such as participation in a DDoS attempt or communication with a known botnet. Aberrant behaviors are then analyzed for severity, frequency, duration and confidence to create an overall rating of the organization's current security health.
Competitive Landscape: For the time being, BitSight is uniquely positioned in the security market. However, CloudeAssurance offers a similar service, only its focus is on cloud service providers, rather than a partner network.
What they do: Provides a platform of unified cloud information protection offerings.
Headquarters: San Jose, Calif.
CEO: Pravin Kothari, formerly a cofounder of ArcSight, which HP acquired for $1.5 billion.
Funding: CipherCloud is backed by a $30 million investment from Andreessen Horowitz.
Why they're on this list: Organizations have a tough time managing cloud computing risks, securing data in the cloud, and maintaining compliance with various industry regulations as they embrace more and more cloud applications and services.
CipherCloud's unified security approach should help ease CIO's worries as they move more data into the cloud. CipherCloud protects data in the cloud through a platform that includes encryption, tokenization, DLP, malware detection, and activities auditing.
CipherCloud offers versions of its product specifically designed for Salesforce.com, Office 365, Box, Gmail and AWS. The company claims to have more than 2 million users and is protecting more than 200 million records for some of the world's largest banks, healthcare providers, insurers and government agencies. Named customers include Mitsubishi UFJ Global Custody, Novati Technologies, and Caribbean Credit Bureau.
Competitive Landscape: Competitors include Gazzang, Perspecsys, Porticor, Vormetric, and Voltage Security.
What they do: Develop virtualization security tools, which organizations can use to enforce centralized policies over virtual and cloud infrastructures.
Headquarters: Mountain View, Calif.
CEO: John De Santis serves as CEO. Eric Chiu co-founded the company and is its president. De Santis was formerly Chairman and CEO of TriCipher, a software security infrastructure company acquired by VMware in 2010. After the acquisition, he served as VP, Cloud Services for VMware. Chiu was previously VP of Sales and Business Development for Cemaphore Systems.
Funding: HyTrust has raised $34.5 million from both venture capital investment firms, including Trident Capital, Granite Ventures and Epic Ventures, as well as strategic corporate investors such as Cisco, VMware, Intel Capital, and Fortinet. In-Q-Tel, the investment arm for the U.S. intelligence community, has also invested in the company.
Why they're on this list: Virtualized and cloud infrastructures create new security, control, management, and compliance challenges for IT staffs. Organizations take big risks when they move to the cloud or rely on virtualization when critical applications and sensitive information are not properly secured.
The HyTrust Appliance delivers access control, enforcement of policy across virtual infrastructures, hypervisor hardening, and audit-quality logging. By addressing these requirements, HyTrust is able to provide organizations with the control and visibility required for them to virtualize Tier 1 applications, meet corporate governance requirements, and avoid costly downtime or other possibly more serious business disruption.
Customers include AIG, US Army, Northrop Grumman, Pepsi, McKesson, Home Shopping Network, Federal Reserve Bank of Chicago, UC Berkeley, State of New Mexico, and Denver Museum of Nature & Science.
Competitive Landscape: The cloud security market is incredibly crowded, but HyTrust has carved out a solid niche by focusing on hypervisor vulnerabilities. Competitors include Altor Networks (now Juniper) and Catbird.
What they do: Provide identity management solutions
Headquarters: San Francisco, Calif.
CEO: Mike Ellis, who previously held senior executive roles at SAP, i2 Technologies, Oracle, and Apple.
Funding: ForgeRock has secured $22 million in two rounds of funding from Foundation Capital and Accel Partners.
Why they're on this list: Identities and application access are two of the main security challenges in the cloud/mobile/social age. Yet, most solutions are still point products that do little to unify identity management.
ForgeRock offers a "unified, open-source identity stack to protect enterprise, cloud, social and mobile applications at Internet scale." ForgeRock's Open Identity is built to address the needs of the next generation of identity and access management (IAM), especially as more and more people and things are assigned identities across networks.
Moreover, as customers expect to engage with business more, companies are making the shift to customer-facing IAM solutions, and ForgeRock's solution is designed to meet these emerging needs.
Customers include Deloitte, Thomson Reuters, Aberdeen Asset Management, and Vodafone.
Competitive Landscape: The main incumbent competitors are Oracle and CA Technologies. There are also a number of startups in this space, including OneLogin, Okta, SecureAuth and several others.
What they do: Provide a service that helps users manage, control, and monitor which apps and websites have access to their personal information.
Headquarters: Tel Aviv, Israel
CEO: Olivier Amar, who was previously the VP Marketing at GetTaxi and Toyga Financial.
Funding: The company has raised a $1 million seed round led by 500 Startups, lool Ventures and 2B Angels, with participation from Plus Ventures and angel investor Robby Hilkowitz.
Why they're on this list: Every time you sign up for a new online service, you're asked for personal information -- information an attacker could use for identity theft. For instance, Facebook recently revealed that there were over 850 million third-party connections performed with Facebook connect.
Meanwhile, 82 of the top-grossing iOS apps use some form of social connect to validate users, and 63 of the top Android apps do the same.
MyPermissions mobile and web-based solutions monitor users' personal information and provide alerts to users when apps or services try to access pieces of their personal information (photos, financial information, location data, etc.). The solutions also allow users to review what permissions apps and services have access to, so they can decide to allow or deny the app that requested permission to do something along the lines of posting on a users' behalf, accessing their contacts, or using a personal photo.
Business customers include Vod.io, EQuala.fm, Sytlemarks, and Any.DO.
Competitive Landscape: Competitors include Secure.me and Privacy Choice.
What they do: Provide cloud application analytics and policy creation tools that "eliminate the Catch-22 between being agile [and being] secure and compliant by providing complete visibility and enforcing sophisticated policies in cloud apps."
Headquarters: Los Altos, Calif.
CEO: Sanjay Beri. Prior to Netskope, Beri was the GM of Juniper Network's secure access and mobile business units and led the company's India office. Before that, he co-founded Ingrian Networks, which was later acquired by SafeNet.
Funding: The company is backed by $21.4 million from Lightspeed Ventures and The Social+Capital Partnership.
Why they're on this list: The last obstacle to the mainstreaming of public cloud services is trust. If organizations can't trust a third-party providers' security policies and data protection practices, growth will be slow. Once cloud security is on par with traditional security, adoption will spike dramatically.
Netskope argues that cloud apps have already hit a tipping point in the enterprise. While IT has ownership or stewardship for some cloud apps, employees are now more empowered than ever to go outside of IT and do it themselves, creating the whole Shadow IT problem.
Getting a handle on Shadow IT means you have to discover these services. Netskope helps companies do this, providing visibility into enterprise cloud app usage and enforcing policies to make them safe, compliant, and high performing. Netskope performs deep analytics and lets IT decision makers create policies in a few clicks that protect corporate data and optimize cloud app usage in real-time and at scale.
Competitive Landscape: This cloud security subsector is wide open right now. Skyhigh Networks is the first mover in the space, but expect to see several startups emerge from stealth mode in 2014.
What they do: Provide cloud-based security that protects Web applications by contextually securing and monitoring all content, user sessions, and application behavior.
Headquarters: Los Angeles, Calif.