Follow Datanami:
January 6, 2020

BigID Looks to Cement Position in Data Discovery


BigID today announced another $50 million round of financing, bringing its two-year funding total to an impressive $144 million. With that capital in hand and new data privacy regulations like CCPA in play, BigID is prepared to serve the growing need for companies to de-risk their data.

Data is a critical element for innovating in the 21st century, but storing it and using it can be risky. Companies that don’t understand exactly what data they’re holding are gambling that they won’t inadvertently violate the privacy and security rights of their customers, which have been solidified by CCPA, GDPR, and other new regulations.

That lack of visibility into the myriad of personally identifiable data held by the average Fortune 500 firm is a major problem. But for BigID, it presents a business opportunity, according to company founder and CEO Dimitri Sirota.

“We kind of made discovery our forte,” Sirota tells Datanami. “It’s like SAP ERP or Salesforce CRM.  It’s our thing. Discovery is the thing we want to be known for and we want to be best at.    So we developed something that leverages the four Cs to gives us a multi-modal approach to data understanding.”

Dimitri Sirota, co-founder and CEO of BigID

Just as DeBeers touts the four Cs of diamonds (cut, color, clarity, and caret), BigID touts the four Cs of data discovery, which refer to cataloging, classification, correlation, and cluster analysis. These automated capabilities help BigID to understand how sensitive information that’s squirreled away into hard-to-reach places, such as IP addresses, GPS coordinates, and cookies, relates to data housed in more obvious ones, like databases, file systems, and cloud applications.

Privacy isn’t new in the computer business. But the way that Big ID is leveraging machine learning to create a more complete picture of the personal privacy implications of the data that an organization stores is a new twist on the old approach. Machine learning is necessary, Sirota says, because it provides the automation required to deal with the sheer volume and variety of data today.

“In 2006, when PCI (the Payment Card Industry Data Security Standard) was introduced, there were a number of technologies developed to help companies locate and identify credit card data,” Sirota says. “Today what we see in the market is a remnant, an echo, from those big bang [projects] where you had this thing from over a decade ago that was built to identify data that had a very specific pattern, like 16 numerals, in very specific data sources, like unstructured files or email or relational database or mainframe. In 2006 that was your world.”

But today’s data landscape is very different from 2006. “You have AWS. You have Salesforce. You have Workday. You have all these thigs you didn’t have back then,” he says. “Privacy is about people, so you need to be able to identify that this is not just a credit card or location data, or an IP address. That matters and you still need to do it. But what matters more in a privacy context is being able to figure out, that’s Dimitiri’s data. And where it becomes tricky is Dimitri’s data can look a lot like someone else’s data.”

(Photon photo/Shutterstock)

According to Sirota, nobody had developed a tool that could differentiate the privacy implications of so much data for so many people at such a fine-grained level, and so that’s what he spearheaded at BigID. It’s like Splunk, but for an organization’s most important data, he says.

“What Splunk does to machine data, we do for your crown jewels,” Sirota says. “We saw an opportunity to leverage the latest in data science and AI to build a completely new approach to data discovery and data understanding that was privacy-aware from the get-go and provides deeper insight that benefited not just privacy, but also security professional and ultimately data governance professionals.”

2019 was a pivotal year for BigID. The company completed two $50-million rounds, bringing its total to $144 million in just its third year of existence. The New York company wasn’t necessarily looking to raise more money at this time, but Sirota – an industry veteran who has lived through two Black Swan events and wonders whether there will be a third — found the terms difficult to turn down.

“It gives us the ability to bring forward some of our plans around product and engineering much sooner,” he says. “The other thing is we tend to cater to larger companies, and they have very particular needs in terms of sales and support…We can give them one-hour global support now and this will only further that, to be able to demonstrate to these large organizations that you’re going to be around, you’re not going to be acquired. That’s a big deal.”

BigID also created partnerships with tier-one players like SAP, Salesforce (an investor in the latest round), and Microsoft. “They are three companies with plenty of engineering and yet they felt it was important to partner with BigID in because we do something that’s distinct and different and apropos for privacy,” Sirota says.

Looking forward, BigID will be pivoting to more of a platform approach to delivering its data discovery capabilities. The platform, which it plans to unveil at the RSA conference next month, will allow the company to satisfy a wide range of use cases around individual data rights, and “tell stories that nobody else can in the marketplace,” Sirata says.

While it seeks to carve out an exclusive niche, BigID will also be a good citizen in the broader data ecosystem. “I happen to be Canadian. As a Canadian, our view of the world is how do you interoperate and work well with others,” Sirota says. “We make no demands on our customer in terms of leveraging this or that.  There are great technologies in the data governance space, Collibra, Alation, ASG. All are partners. We built from the get-go integration with all of them.”

As Sirota sees it, data security goes hand in hand with privacy. If you can determine that the data you have stored for a particular person is being left unprotected on an S3 bucket, then it’s a simple matter to find other’s data is similarly unprotected. Sirota sees opportunity there.

“By knowing your data to a depth and detail that’s never been available before, what else can you do?” he says. “That the big idea of Big ID. We provide that insight and data intelligence in a way that no other vendor can do.”

Related Items:

CCPA Goes Into Effect. Here’s What to Expect

A Personal Data Discovery Solution Powered by ML