What’s the Big IDea? A Single Platform for Privacy, Security, and Governance
Companies today are struggling to manage their sprawling data estates, and to minimize the risks that they pose. Vendors are furiously building tools to help ease that pain. But the disconnected nature of point-tool development is hurting efficiency as data becomes more distributed. Could a single platform approach address this modern data challenge?
The answer is yes, according to Dimitiri Sirota, who co-founded BigID back in 2016 and is the company’s CEO. While there are bigger names in the data management business with more products and a longer history than BigID, Sirota is confident that his company has an architectural advantage.
“We’re kind of reimagining data management as truly an open, extensible platform, built on a common discovery foundation,” Sirota says. “That’s our bet.”
When BigID was founded, the plan was to build the industry’s most scalable data discovery engine and data catalog. This segment of the market was growing fast, as organizations needed better tools for simply finding where data was being created and stored, whether it’s in databases, file systems, data lakes, or SaaS or on-prem applications.
But as customers started logging metadata in the BigID database, the company found ways to augment the catalog with additional capabilities. It added a classification engine to tell security professional where sensitive data was located. It added a cluster analysis to show IT professionals where duplicate data resides. Then added a graph correlation engine as the basis for access control.
BigID calls it the four Cs–catalog, classification, cluster analysis, and correlation. The company has a different user audience in mind for each C.
“Cloud and infrastructure professionals want to know, where do I have duplicate data, where do I have similar data? Cluster analysis answers that,” he says. “Security wants to know where do I have sensitive data? Classification answers that.” Governance folks wants to understand, where do I have metadata, and the catalog answers that. Privacy people want to know where is the PII? Correlation answers that.
This was the core architecture that BigID had in place 18 months ago, which was the last time we checked in with Sirota. Since then, it’s bolstered its data management lineup with a series of applications that allow the governance, security, privacy, and infrastructure professionals to query the system and get the data they need.
“So not only do we give you the coverage, the discovery in depth with the 4 Cs,” Sirota says. “But then from that kind of data insight, that data intelligence, we give you some functionality about what you could do with it.”
So you want to perform data rights management? There’s an app for that, Sirota says. You want to do privacy or preferences management? There is an app for that. There are apps for security remediation, data transfers and sovereignty, data quality, and data retention app. All told, BigID offers nearly 20 apps across privcy, protection, and perspecdtive, on top of its discovery foundation.
Sirota compares this diversity of data management capabilities to a smartphone with multiple lenses, which gives different perspectives on their subject. The data accessed by each of these apps remains the same, but the viewpoints differ depending on the needs of the user.
That trick can only be achieved through a certain amount of centralization. BigID does collect and track a lot of metadata (it also tracks actual data values for some uses, such as for providing a data profile). Users don’t have to take advantage of all of the capabilities that depend on that tracking of data and metadata, but they can be turned on when the user needs them.
“Each app is discrete. Each capability around the four Cs is discrete,” Sirota says. “So you can start small. You could go big. It’s all entirely up to you. But again, it’s part of our strategy…We don’t require everybody to buy everything.”
BigID isn’t the only vendor offering these capabilities. Organizations can get them from other data management tool vendors, including some with market capitalizations several orders of magnitude larger than BigIDs. But Sirota maintains that what his company is doing is fundamentally different than what the big dogs in data management are doing.
“This whole notion of reimagining data management as this open extensible platform that’s all built on a common foundation–that’s new,” he says. “Informatica doesn’t have it. IBM doesn’t have it. Oracle doesn’t have it. Nobody has it.” Except for BigID, he says.
Starting from scratch with 2016’s technology gave BigID a big advantage in terms of the technical debt that the company does not have to carry around, Sirota says. And by engineering it with a microservices approach to integration from the get-go, it helps to make the product more extensible and able to integrate with partner’s products. For example, Alation and Collibra, the accepted leaders in the data catalog field, are BigID partners.
“The reason they still want to partner with us is because our data discovery is second to none,” Sirota says. “So we actually can help populate them. And even though we have overlap, we really let our customers mix and match. We don’t require them to buy everything from us because we designed this using a modern microservices architecture.”
The key architectural decision that continues to pay dividends today, Sirota says, was choosing to tackle one of the big technical challenges right at the get-go. What makes BigID different from all the other products is the core foundation around data discovery, he says.
“I think with most other companies, they started a little higher up, more of the business process, because the discovery of data is hard,” he says. “Looking everywhere, at scale, without copying the data is real challenging stuff. But we started there, not because we’re gluttons for punishment, but because we’re solving a problem in privacy that required it, that required you to look everywhere.”
Seventy percent of the effort across the data management discipline is just accessing and understanding the data, Sirota says. Once that core data discovery work is done, then everything else is just visualizations and workflows, he says.
“By having a common layer that you can interrogate and understand the data, the 4 Cs, when we build MDM [master data management]….[it’s] just a visualization workflow layer,” he says. “On our quality offering, we’re already profiling all the data everywhere. We already identify the data. So every one of our apps becomes a lot simpler in that view, because really the hard work is really understanding your data, knowing your data.”
The approach seems to be resonating, with customers and investors. BigID is getting business from a mix of customers, including the large enterprises that have the toughest data management problems and need all the help they can get on the one hand, and from mid-size tech-native companies that desire a better approach to tackling security, privacy, and governance issues on the other.
In December 2020, BigID completed a Series D round of funding led by Salesforce in the amount of $70 million. In April 2021, the company extended that round with another $30 million led by Advent Tech, bringing its total funding to $246.1 million. Following the April extension of the Series D round, the company was valued at $1.25 billion, according to reports.
BigID is hoping to begin attracting smaller customers with a couple of new offerings, including BigID.me, which is a SaaS-based, pay-as-you-go offering just for privacy that helps manage cookies, consent, and related topics. It also launched SmallID, which is a SaaS offering focused on data cataloging and classification for AWS. It also has a free tier for Small ID, which is new for BigID.
In Sirota’s view, BigID has a chance to do for data management what Splunk and Elastic have done for log data. Those companies were able to pivot within their discipline and offer a range of compelling products that serve a range of use cases and users. Data management arguably is a broader field, with a wider spread of needs and use cases, which makes it simultaneously more difficult but potentially more valuable.
It’s a compelling idea, nevertheless, and one that we may eventually see other vendors emulate.