Palerra, a cloud security startup, announced $17M in funding today as it continues to build its cloud security automation business.
The round was led by new investors August Capital with current investors Norwest Venture Partners (NVP), Wing Venture Capital and Engineering Capital also participating. Today’s money brings the total investment to $25M.
The cloud service was founded in 2013 and focuses specifically on cloud security automation, according to Palerra CEO Rohit Gupta.
You may wonder why companies would need a third-party cloud security product, but Palerra doesn’t just provide security for a single service, it works as data moves across services and it offers several layers of protection across infrastructure and software services.
Specifically, it looks at breach discovery, compliance, insider threat detection and incident response.
Gupta says his company partners with many cloud services to provide security where the service’s security layer ends. “When you look at where security stops, we are extending that horizontally and adding richness to it,” Gupta says.
Looking at inside threat detection, a company may have tried manually monitoring their Salesforce.com data to make sure nobody is taking sales information with them prior to leaving the company. When you automate this kind of monitoring, you put a system in place that looks for suspicious behavior and sends a warning to a security official or takes an automatic corrective action.
That way, if the system identifies behaviors that indicate an employee might be pilfering important customer data, Palerra can put a temporary hold on a user account to allow a manager to have a conversation about it. If it turns out to be a mistake, you simply reinstate the user’s account privileges.
If the action seems particularly heinous, you may want to permanently revoke a user’s credentials. Given that no software is infallible, customers can configure the system so that an action such as revoking user rights forever would require the approval of a security officer.
In an infrastructure example such as Amazon Web Services, the system can look for issues such as an open backdoor in a virtual machine or unencrypted information. Much as with SaaS monitoring, the system can take action automatically to fix a situation, or it can send a warning to a security official inside the company
When companies are monitoring multiple VMs, it becomes nearly impossible to track issues across so many instances, especially when they are often changing constantly.
“In a large enterprise with tens or hundreds of workloads running on Amazon, a service doing security monitoring becomes something that’s attractive. It can reduce risk and maintain [the customer’s] compliance posture,” Gupta explained.
Palerra is based in Santa Clara and has close to 60 employees today. Gupta says he hopes to nearly double that by the end of the year using the money he gets from today’s investment.
He understands that growing that quickly presents some unique challenges to a young organization. He says there are two aspects to this: strategic and financial.
The first requires ensuring all new employees are well trained and on the same page about the company goals, products and direction to present a united front to customers. The second requires a plan to grow and scale in a disciplined fashion with these goals in mind.
One way it does this is using off shore development resources, which helps keep costs down. “We have the ability to take advantage of cost benefits that off shore engineering brings us, and we continue to leverage that. That’s how we maintain financial discipline,” he said.