PALO ALTO, Calif.--(BUSINESS WIRE)--Veza, the data security platform built on the power of authorization, announces it is emerging from stealth today. Veza, which was founded in 2020, is also announcing funding totaling more than $110 million from top-tier venture firms, including Accel, Bain Capital, Ballistic Ventures, GV, Norwest Venture Partners, and True Ventures, as well as angel investments from notable industry leaders, including Kevin Mandia, Founder and CEO, Mandiant; Enrique Salem, former CEO, Symantec and Partner, Bain Capital; Lane Bess, former CEO, Palo Alto Networks; Manoj Apte, former CSO, ZScaler; Joe Montana, Liquid2 Ventures; and, security leaders Niels Provos, Karthik Rangarajan, and many more.
Data is rapidly and irreversibly moving to the cloud, but organizations around the world are still missing a critical piece of data security: authorization. Because legacy and first-generation data security solutions don’t work in hybrid multi-cloud environments, data and security leaders face significant challenges related to ransomware, digital transformation, cloud adoption, loss of customer trust due to data breaches, and failed audit and compliance. With the amount of data tripling from 2020 to 2025 and incidents of cyber crime doubling every year, organizations need a data security solution that can give them the power to understand, manage, and control who can and should take what action on what data.
“When we founded the company two years ago, we were driven to help advance the state of data security for decades to come,” said Tarun Thakur, CEO and Co-Founder of Veza. “Data and security teams have been inundated with tools, and yet have not been able to answer a fundamental question: Who can and should take what action on what data? Thanks to the dedication of our team, and the invaluable feedback from our customers, Veza has demonstrated the power of authorization metadata as the source of truth to help organizations modernize data security for the hybrid multi-cloud era. We are committed to helping enterprises trust confidently so they can unlock the value of their data.”
Veza is the first and only data security platform that is built on the power of authorization. The platform supports both on-premise and cloud systems, and makes it possible for data and security teams to understand the sensitive nature of data; manage human identities; and service accounts across hundreds and even thousands of disparate data systems, apps, and cloud services. Veza’s core differentiation is its Authorization Metadata Graph. This includes:
- A high-performance streaming engine that integrates out-of-band and agentless, with multiple cloud and on-premises identity, data, apps, compute and infrastructure systems
- A canonical object model that organizes identities, relationships and granular data objects
- A translation layer that processes multiple system-specific permissions and converts them into a natural language for data and security professionals, delivered in a single control pane
- Data Security applications, including: real-time search about who has access to what; authorization-rich workflows for access governance and privilege management; pre-built least-privilege violation alerts and associated recipes to fix them; automated rules and queries for remediation; recommendations; and much more.
“Finally, a start-up taking on cybersecurity's biggest challenge: Our collective ignorance to our own data environments,” said Nicole Perlroth, special advisor to Veza; former New York Times cybersecurity reporter and advisor, Cybersecurity and Infrastructure Security Agency. “Until now, no senior executive has been able to say with a straight face that they know where their data lives and who has access to it. Veza gives them no excuse. This platform marks a huge advance for cyber defense.”
Numerous Fortune 500 and emerging organizations across multiple industries, including finance, health care, hospitality, media and technology, high-tech, trust Veza. Veza’s customers include: ASAPP, ATN International, Barracuda Networks, Choice Hotels, InComm, Nozomi Networks, The Translational Genomics Research Institute (TGen), and many more.
“The creation and execution of data security policies is challenging because there is a large variety of data security products that provide specific security controls against specific repositories or processing steps. This emphasizes the need and opportunity for market convergence and emergence of new data security markets that enable appropriate business access privileges to use data or share it with partners throughout its life cycle.”
Hype Cycle for Data Security, 2021
Brian Lowans, Senior Director Analyst, Gartner
“Authorization is a fundamental security requirement for any company creating value from data,” said Craig Rosen, Chief Security & Trust Officer, ASAPP. “It’s time for a modern approach that allows companies to see beyond authentication and master the complexities inherent to authorization in a multi-cloud world. Veza takes the intricate problem of aligning identities to data to truly understand who has access to what and simplifies it in a way that's easy to consume for any organization, no matter its size.”
“Axon’s mission is to protect life and protect truth by enabling public safety through technology. And that focus on safety certainly extends into the security of the entire Axon ecosystem,” said Jenner Holden, Chief Information Security Officer, Axon. “Using Veza, our security teams have gained valuable visibility across our systems — apps, infrastructure, and data — to better understand who can access what, helping drive stronger privileged access security practices.”
“If you're using a cloud of any size, there are probably plenty of things that you've done in the past that didn't have the right governance around them,” said Jason Simpson, Vice President Engineering, Choice Hotels. “And being able to go back, see that, fix it, and then put governance on top of it to ensure that it doesn't sprawl again, that's one of the things that we love about Veza.”
“We needed to understand how users and service accounts have been entitled to specific data. Veza is the only tool I’ve seen that can show you both parts of the picture,” said Steven Guy, VP Security Solutions, InComm Payments. “One part is the people or accounts who are supposed to have access as part of a security group. And then there’s the flip side where you look at it from the data end and say, this is who also has access, and this is how that access was granted. Veza is the clearest view I’ve ever seen for data access.”
What Veza’s Investors are Saying
“Securely managing authorization for the cloud can be an area of quicksand for CISOs and IT teams, since multi-cloud environments are extremely broad,” said Eric Wolford, Partner at Accel. “Veza helps teams manage this complexity with ease. As a result, the company has already seen impressive adoption among a variety of enterprise customers.”
“It’s time for a scalable approach to authorization, built to tackle the dynamic nature of today’s hybrid multi-cloud enterprise environments,” said Enrique Salem, former CEO Symantec and Partner Bain Capital. “Pulling together the relationships between any enterprise identity, app, and data system, and visualizing and managing those relationships in a single place — seems like a simple idea, but it’s a highly complex problem to solve. Veza makes the task of understanding who has access to what data simple, yet scalable for even the largest organizations.”
“It turns out you need a lot of trust to implement zero-trust,” said Jake Seid, Co-Founder and General Partner, Ballistic Ventures. “That's because what built big security companies in the past, creating safe spaces defined by just securing networks and endpoints, no longer makes sense in a hybrid multi-cloud world. Veza's insight is that, in this new world, authorization is what brings trust to zero-trust."
“Organizations need a data security product built both for the on-premise and multi-cloud world. Veza’s comprehensive approach pulls together authorization metadata from disparate systems and presents them in a single schema: the metadata authorization graph,” said Karim Faris, General Partner at GV. “It’s the only company that can show you the truth of your data permissions — or authorization — across your organization’s entire cloud ecosystem. We’re excited to work with Tarun Thakur and the Veza team on the road ahead.”
“The Veza team is a perfect example of what we call ‘founder-market-fit,’” said Rama Sekhar, partner at Norwest Venture Partners. “The leadership team, with its deep domain experience in data, witnessed a universal trend firsthand: the volume of data born in the cloud is exploding and the task of managing who can and should have access to that data is an intractable problem. Veza tackles this challenge head-on by translating the vast complexity of identities, permissions and data sources into a single control panel. Their approach has already earned the trust of an impressive roster of customers and we look forward to seeing Veza continue to help enterprises around the world secure their data.”
“We jumped at the chance to fund Tarun and the team for a second time,” said Puneet Agarwal, partner at True Ventures. “Veza is filling a major gap in data security for environments across both on-premises and the cloud, and we believe this is the team uniquely suited to carve out and lead a massive new category.”
Veza is the data security platform built on the power of authorization. Our platform is purpose-built for hybrid multi-cloud environments to help you use and share your data safely. Veza makes it easy to understand, manage, and control who can and should take what action on what data. We organize authorization metadata across identity providers, data systems, cloud service providers, and applications — all to address the toughest data security challenges of the modern era. Founded in 2020, the company is funded by top-tier venture capital firms including Accel, Bain Capital, Ballistic Ventures, GV, Norwest Venture Partners, and True Ventures. To learn more, please visit us at veza.com.