Obsidian Security in Newport Beach has moved further into the front ranks of Orange County’s growing cyber-protection industry with a $90 million financing round led by prominent Silicon Valley investment firm Menlo Ventures.
The software maker, whose founders include two former executives of onetime Irvine-based cybersecurity firm Cylance Inc., and which also count ties to well-known security firm Carbon Black, has raised a total of $119.5 million since its founding in 2017.
Obsidian will be investing a significant amount of its latest funds in research and development positions this year and “Newport Beach-Orange County is a big area of our focus for those hires,” Chief Executive Hasan Imam told the Business Journal. The company also has offices in Silicon Valley.
Imam expects the current companywide headcount of 80 people to double this year as demand for corporate cybersecurity jumps.
Obsidian, with its base in Newport Center, had 34 job openings posted on its website as of April 19, including data analyst, data engineer and data scientist.
SaaS Focus
Along with Menlo Ventures, other investors in the Series C round were Norwest Venture Partners and IVP, with participation from existing investors Greylock, Wing and GV (formerly Google Ventures).
Obsidian said the new funds will help the company meet the growing demand for corporate cybersecurity, enabling companies to maintain what the tech world calls good “SaaS Security and posture management.”
The company counts nearly 100 corporate customers, according to Imam.
Because of security concerns, Imam said he could only name three customers: data warehousing firm Snowflake, cryptocurrency exchange company Coinbase and Sigma Computing of San Francisco.
The last time he checked, Imam said, Obsidian had eight customers in the Fortune 1000.
Imam said revenue showed an almost four-times increase last year, and he expects three-times growth in 2022, though he did not disclose figures. The company said its number of deals of $100,000 or more increased fivefold last year.
“We like to believe that Obsidian can be a very significant company in SaaS security,” Imam told the Business Journal on April 19.
Bridging SaaS Gaps
Obsidian helps security and IT operations bridge the security and compliance gaps created when lines of business adopt SaaS applications to run business-critical functions such as finance, payroll, HR, sales and operations.
“The adoption of tools like Salesforce, Workday, Github, Google Workspace, Microsoft 365, ServiceNow and Zoom only accelerated during the COVID-19 pandemic with organizations of more than 1,000 employees using more than 150 SaaS applications on average,” Obsidian said in announcing the financing on April 14.
“These SaaS applications are making certain data visible to the outside world that the application owner doesn’t want to,” according to Imam.
The need to secure the most critical applications from external attacks, insider threats and misconfiguration, drove revenue growth in 2021 for Obsidian, according to the company.
Obsidian says it fills the gap left by traditional security solutions by analyzing data within and across applications to reduce the chances workers will have overly broad access, while also preventing sensitive data from being exposed and detecting compromised accounts and insider threats.
This protection is critical, as according to Microsoft, 80% of employees use applications that may not be compliant with an organization’s security and compliance policies.
Local Cluster
Co-founder and former Cylance executive Glenn Chisholm is Obsidian Security’s chairman and chief product officer, while another Cylance veteran and Obsidian co-founder, Matt Wolff, is chief scientist.
Cylance was acquired by Canada’s BlackBerry (NYSE: BB) in 2019 for about $1.4 billion. It still has operations in Irvine, though it has shrunk its local footprint since the sale.
Another Obsidian co-founder, Ben Johnson, helped found Waltham, Mass.-based cybersecurity firm Carbon Black, which was bought for $2.1 billion in 2019 by VMware. Johnson is now chief technology officer at Obsidian.
While Cylance is no longer based here, the area still counts its share of notable cybersecurity firms, including Netwrix and SecureAuth, both in Irvine and Cisoshare of San Clemente.
In addition, Austin, Texas-based Crowdstrike Holdings Inc. (Nasdaq: CRWD) got its start in Irvine in 2011 and currently counts a nearly $55 billion valuation. It still has a base of operations in the city.
Obsidian CEO Imam says he likes to think that Orange County is becoming a hub for cybersecurity firms.
Protecting Data
“Many enterprises are unsure how many accounts they have, which permissions are associated with these accounts, and what users are doing with their privileges,” Johnson said two years ago.
As SaaS applications have proliferated, businesses have been faced with the vexing question of how to protect data and information as applications multiply.
“The SaaS application is giving someone certain privileges, and that’s creating risk for the enterprise,” Imam said.
SaaS applications offer lower upfront costs than traditional software download and installation, which makes them more affordable, and flexible, to a wider range of businesses.
“Even if you have perfect posture, perfect configuration, perfect controls around data visibility, perfect controls around how you are granting people privileges, accounts can still be compromised,” Imam said.
