Cloud security should be data-centric, says data protection provider Theom

Securing data in the cloud isn’t easy. Most organizations are using so many decentralized applications and services that they lack visibility over the type of information they’re generating, which not only makes it difficult to secure critical data, but also leaves the door open to compliance violations. 

According to cloud data security provider Theom, which today announced it has closed a $16.4 million seed funding round, the fundamental reason for these challenges are that enterprises are relying on protecting cloud infrastructure rather than the underlying data. 

Theom’s solution discovers and protects data stored in cloud stores, APIs, and message queues, to identify vulnerable assets and protect data both at rest and in transit. 

It’s an approach that enables enterprises to leverage security intelligence for data at rest and in motion, while maintaining an accurate inventory of all data stored inside cloud, SaaS stores, APIs, and message queues, whether its PII, PHI or financial data. 

The challenges around securing the cloud 

Cloud security has emerged as a consistent pain point for enterprises, particularly as adoption continues to increase. Over the past 12 months alone, 45% of businesses reported experiencing a cloud-based data breach or failed audit, compared to 35% in 2021.

“Cloud data breaches have remained an unsolved problem because existing security controls are blind to the data they are attempting to protect, focusing on protecting the infrastructure and applications and not the data,” said cofounder and CEO of Theom, Navindra Yadav. 

The core issue is data visibility. “Many organizations have very little idea of where their sensitive data is being stored in their cloud environments. They don’t have a clear picture of what the risks are to that data and which to prioritize,” Yadav said. 

Theom offers a novel approach to securing data in the cloud and SaaS data stores that focuses on protecting data assets. It has the flexibility to adapt as infrastructure and environments change, unlike other cloud security controls that can’t follow data that gets copied, moved or shared in the cloud. 

A look at the cloud security market 

The announcement comes as the cloud security market continues to grow, which researchers valued at $33 billion in 2022, and anticipate will reach $106 billion in 2029. 

With more data moving to the cloud, enterprises need a much more sophisticated approach to securing data in transit and at rest. 

Theom is competing against a number of other providers trying to address the challenge of securing cloud-based data, including Palo Alto Networks Prisma Cloud, which uses identity-based microsegmentation to increase visibility over how apps communicate, and provide hosts and containers with cryptographically signed workload identities. 

Last month, Palo Alto Networks announced raising $1.6 billion in revenue in the fiscal fourth quarter of 2022. 

Another competitor is Checkpoint, which offers a cloud-native application protection platform (CNAPP) solution to look for security risks in configurations and network traffic. It automatically detects intrusion attempts with the help of threat intelligence. Checkpoint reportedly raised $2.1 billion in total revenue during 2021. 

According to Yadav, the key differentiator between Theom and other existing approaches is that the other offerings focus on securing cloud infrastructure and applications, whereas Theom takes a data-centric approach.

That means classifying data and identity risks based on how it is stored and accessed. It’s an approach that provides users with access to data classification within their own environments. 

Originally appeared on: TheSpuzz