Last week, data security provider Cyera announced it raised $300 million in funding at a $1.4 billion valuation, signaling yet again that data-centric security represents an attractive and fast growing sub-category within the broader cyber security market.
Large growth rounds at unicorn valuations have largely vanished of late, so Cyera’s raise is noteworthy not just because of its size, but also because their valuation nearly tripled since June 2023 when they raised $100 million Series B.
But what does Cyera’s successful capital raise really tell us about the market for data-centric security? What does it say about Rubrik’s recently announced IPO plans? And how does it shape our view of Palo Alto’s December acquisition of Dig Security and Crowdstrike’s acquisition last month of Flow Security?
On the surface, it tells us what everyone already knows; data-centric security is hot! But dig a little deeper, and it reveals some important nuances and a fascinating “dichotomy” which is important for the entire industry to understand.
The Data Estate is Bigger Than You Think
In the context of cybersecurity, the typical "data estate" is a lot like Jaws -- it's absolutely massive, and always bigger than you think.
The term "estate" refers to the entire collection of data assets owned or managed by an organization. It encompasses all types of information, including, 1. structured data organized in predefined format (rows & columns) stored in databases, 2. unstructured data in emails, documents, and media files, and 3. semi-structured data contained in XML, JSON, and Parquet files.
The estate includes includes data stored on-premises, in the cloud, or in hybrid environments. And, last but definitely not least, the estate includes sensitive data that is commonly shared with others outside of the organization via everyday collaboration workflows.
Data Security Dichotomy: Defense and Offense
When it comes to protecting an organization’s entire data estate there are two main governance imperatives: “defense” and “offense”.
Defensive data governance is all about implementing tools designed to discover, classify, and protect sensitive data from unintentional loss or theft by malicious actors. Defensive controls aim to protect one portion of the data estate; that which is stored inside the cloud. Innovative players operating on the defensive side of the data security game include Cyera, Rubrik, Flow Security, and Dig Security.
Conversely, offensive data governance is all about applying and enforcing granular policy controls on sensitive unstructured data to promote intentional and active sharing of information with others to drive shareholder value. Offensive controls aim to protect the other portion of the data estate; that which belongs to us, but is no longer in our possession, because we’ve voluntarily shared it with others. At Virtru we operate on the offensive side of the data security game, offering granular policy, encryption, and access controls for sensitive information shared via email, file, and SaaS workflows.
Within the very hot market of data-centric security, it’s not defense alone, or offense alone that wins the game — but both together, which enables true zero trust governance for the entire data estate.
