As global enterprises shift to the cloud to increase efficiency (currently 83% of workloads reside in public clouds), new concerns need to be addressed, mainly dealing with the increasing complexity of access/privilege management, configuration drift, and sensitive data loss. Sonrai Security, founded by repeat entrepreneurs with a successful $600M exit to IBM under their belt, is an enterprise identity and data governance platform. Sonrai means “data” in Irish and the company’s Dig platform automatically uncovers identity data and cloud platform risks and builds a comprehensive knowledge graph that details every relationship between identities (this includes people and non-people). The platform replaces legacy cloud security tools that are unable to address the complexity of data within cloud platforms such as AWS, Azure, GCP, and Kubernetes.
AlleyWatch caught up with CEO and Cofounder Brendan Hannigan to learn more about Sonrai Security and its funding round, which brings the total funding amount to $38.5M across two rounds since being founded in 2017.
Who were your investors and how much did you raise?
This was a $20M Series B round led by Menlo Ventures with full participation from founding investor Polaris Partners and Series A lead investor Ten Eleven Ventures.
The Sonrai Dig platform automatically uncovers identity, data and cloud platform risks, automatically eliminates these risks, and continuously monitors to ensure new risks and unusual activity are quickly identified. Sonrai Dig builds a comprehensive graph detailing every relationship between identities (people and non-people) and data that exist within cloud platforms like AWS, Azure, GCP, and Kubernetes. DevOps-specific workflows represented graphically as swimlanes enable easy escalations, certifications, and risk-exception handling and provide role-based access control for development, security, cloud, and audit teams, to ensure adherence to policy.
What inspired the start of Sonrai Security?
A simple realization: The ways in which technology value is created has changed from stem to stern. We have gone from monolithic software to microservices, from waterfall development to agile, from centralizing IT control to DevOps, from people-controlled infrastructure to infrastructure as code, and from data centers to cloud. Since we have reinvented entirely how enterprises build applications then surely we must also reinvent how we govern and secure this new world. This is what Sonrai aims to do with a focus on cloud platforms, identity and data governance, and security. We will help clients deliver security that is far superior to anything possible in the old data center and enterprise network world.
How is Sonrai Security different?
For enterprise organizations, public cloud expansion quickly leads to hundreds of cloud accounts, thousands of data stores, and tens of thousands of ephemeral pieces of computing involving multitudes of development teams. Improperly set up, this growing array of interdependencies and inheritances can open up many security risks such as over-permissioned identities, separation of duties risks, and excessive access paths to critical data. Legacy cloud security tools have failed to address identity and data complexity and either miss critical vulnerabilities or send continuous alarms, creating high levels of noise that overwhelm security teams’ resources and lead to inaction.
What market does Sonrai Security target and how big is it?
Multi-cloud Identity and Data Governance. We estimate it at $5B plus.
What’s your business model?
A mix of direct sales to enterprise companies, and sales through partners.
How has COVID-19 impacted your business?
It has increased the need for cloud resources and exacerbated related security concerns. Our business has accelerated.
What was the funding process like?
Menlo Ventures was a prior investor in a company, Q1 Labs, that our founding team built to be a very successful business with an excellent outcome for Menlo. We have a long term relationship with Venky Ganesan, the Menlo Managing Partner who led the Series B round. Based on successful enterprise deployments, Sonrai began to consider fund-raising in late July. Venky immediately indicated interest and a few weeks later we had a term sheet, with diligence taking another few weeks.
What are the biggest challenges that you faced while raising capital?
We have had a very smooth capital raise for every stage so far.
What factors about your business led your investors to write the check?
As Menlo Ventures said in a blog published on October 15 –
“Sonrai Security delivers an enterprise identity and data governance platform for AWS, Azure, Google Cloud, and Kubernetes. The Sonrai Dig platform is built on a sophisticated graph that identifies and monitors every possible relationship between identities and data inside an organization’s public cloud. Dig’s Governance Automation Engine automates workflow, remediation, and prevention capabilities across cloud and security teams to ensure end-to-end security. Sonrai Security solves a pervasive problem that will only become more prevalent as the trend towards public cloud usage grows.
It takes a world-class team to build such a comprehensive solution to a complex problem and then sell it to sophisticated security buyers. The founders of Sonrai Security, Brendan Hannigan and Sandy Bird, are repeat entrepreneurs. They founded and served as CEO and CTO, respectively, of Q1 Labs, a company they started, scaled, and sold to IBM for ~$600M.
The founders of Sonrai Security, Brendan Hannigan and Sandy Bird, are repeat entrepreneurs. They founded and served as CEO and CTO, respectively, of Q1 Labs, a company they started, scaled, and sold to IBM for ~$600M
Sonrai checks all of the boxes for Menlo:
- Founder DNA
- Focus on applications and data
- GTM targets Global 2000 companies
- Multi-Cloud Native DNA and Architecture
- Key DevOps features that marry security functionality
What are the milestones you plan to achieve in the next six months?
Our business and employee base will at least double and we will expand internationally.
What advice can you offer companies in New York that do not have a fresh injection of capital in the bank?
Fundraising is a continuous process for founders. Always be forming relationships with potential investors and understand what milestones and metrics they need to see. Then hit the metics.
Where do you see the company going now over the near term?
Sonrai will deliver the preeminent platform for enterprises to understand, monitor, and govern risk across public cloud infrastructures.
What’s your favorite outdoor dining restaurant in NYC
Gino’s 83rd and 1st. Amazing Pizza and Pasta.
You are seconds away from signing up for the hottest list in New York Tech! Join the millions and keep up with the stories shaping entrepreneurship. Sign up today