Last month Apple disclosed and fixed a massive bug in its operating system that left users’ information exposed to theft; faith in the cryptocurrency Bitcoin is eroding; and revenues at the retailing giant Target fell 46% on a quarterly basis over the Christmas season last year, all because of security breaches.
There is no doubt that the profusion of technology designed to make personal and professional lives easier has left people around the world personally and professionally more exposed to potential threats like identity theft, unwanted surveillance, and corporate espionage.
To combat these growing threats the entrepreneurs and investors that helped to seed this technology revolution are going back to the well to finance a new generation of security startup.
Since 2009 investors have spent at least $2.9 billion on security technologies, according to data from CrunchBase. And so far this year investors have spent at least $150 million in 26 new investments in security technology companies.
Investors are also valuing these companies more highly now. In the first quarter of 2013 investors made 44 investments with roughly the same amount of capital, the CrunchBase data shows.
The need for new security technology is also driving up company valuations at the earliest stages of their development, the CrunchBase data shows. In the first quarter of 2013 16 seed stage companies raised $4.9 million. For 2014, less than half the number of companies raised roughly the same amount.
“This has always been an interesting area and there have been hundreds of security companies being funded,” said John Walecka, a founding partner at Redpoint Ventures. What’s new now, according to Walecka, is the fundamental change in the nature of security threats.
“In the past there were really only a couple of entry points that you needed to guard,” Walecka said. “But the current enterprise has thousands of applications that they’re running that are connected up to the Internet.”
Investors group the types of security challenges companies and individuals face in three main categories: securing data, securing the software applications that businesses use to manipulate, store, and manage that data, and finally securing the perimeter, or the networks through which all of this information flows.
Companies like CloudPassage, which raised $25.5 million in a Series C round of funding in February, tackle the network problem from a cloud computing perspective, according to company co-founder and chief executive, Carson Sweet.
As more businesses move to providing their software as a hosted service, a lot of the technology tools corporations use no longer run on servers behind the company’s firewall.
The idea for companies like CloudPassage or the seed stage Forty Cloud, is to provide corporate IT departments with the ability to manage, monitor and control their hosted networks. Meanwhile, startups like the Redpoint-backed Lastline are developing new ways to detect and prevent malware from entering enterprise networks.
Meanwhile San Francisco-based Bluebox Security, which raised $18 million in financing from Andreessen Horowitz in January and launched its first product earlier in February has its sights set on securing applications.
“There are two problems that need to be solved,” said Caleb Sima, Bluebox co-founder and chief executive. “With all the mobile devices data goes everywhere. When it goes on [personal] devices that data goes everywhere and the enterprise has no idea where it goes, they have no control over it and they have no security for it.”
Bluebox solves the problem by providing a data security management tool around the enterprise or consumer apps that employees might use on their mobile devices to get work done. Basically, an employee can download an app through Bluebox which gives the security company provisional control over how it’s used.
For employees, the benefit is they get to keep their own device and not have to worry about securing their personal data from their employer, Sima said.
“As we move forward and this market continues to grow, you’re going to see that the enterprise no longer controls the device and the enterprise no longer controls the app,” Sima said.
What enterprises may be left with controlling, according to Ionic Security chief technology officer Adam Ghetti, is just the data.
“The existing models that you’re seeing thrown out there for mobile security or cloud application security all center around a constant premise: there’s a flow of data out heading out and we need to put a gateway up,” Ghetti said. “The whole flow of data is the wrong place to control everything.”
Instead, his company is developing an encryption-based technology that works around the data itself, Ghetti said. He declined to comment further on the company’s still-stealthy security technology.
Whatever they’re doing, Ionic Security’s technology was persuasive enough to have Kleiner Perkins Caufield & Byers invest. By far the leader in investments in the security market, KPCB has invested in startups that have raised $405 million over 17 rounds of funding. Sequoia Capital and Andreessen Horowitz have both backed 11 security companies since 2009, according to the CrunchBase data, and Accel and Intel Capital have backed 10 security startups over the 2009 to 2014 period.
Although much of the investment activity in security has been focused on business customers, venture investors are looking out for consumers as well. Wickr, which has developed encryption technologies as it built out a Snapchat like service, just raised $9 million from investors - including Alsop Louie Partners - the firm co-founded by the former head of the CIA’s venture capital shop.
Photo via StockMonkeys.com