Cloud storage has become an increasingly common way for businesses to store and manage their data, particularly after the pandemic. The rapid switch to remote work made cloud-based applications more attractive due to their widespread accessibility and scalability.
Britive, a Glendale-based cloud identity security company, saw its growth accelerate rapidly as clients needed to ensure data security for their growing number of remote-working employees.
Britive received $20.5 million last month in a Series B funding round led by Pelion Venture Partners, and plans to use that capital to amplify marketing efforts and scale up its sales team.
“All of a sudden, it became obvious how important our technology is to enabling virtualized offices and workforces,” said Art Poghosyan, the company’s chief executive officer and co-founder.
Britive markets itself as a unified access point that prevents data that’s stored on different clouds from being segregated. Its technology focuses on automating multi-cloud access management, while granting data access only when it’s needed and only for as long as it’s needed. It recently reported its year-over-year revenue growth was above 300%. Britive’s technology is software as a service and is offered on a subscription basis, with the cost determined by the number of platforms being managed and the number of users.
Poghosyan has been working in the information security industry for more than 20 years. He previously co-founded Advancive, a security consulting company that was acquired by information-security giant Optiv in 2016. He co-founded Britive with Alex Gudanis and Sameer Hiremath. Gudanis passed away in 2021.
Poghosyan said that cloud storage systems are “sophisticated” and allow employees to access company data securely even when working outside of an office. He said this interconnectedness is both a power and a disadvantage, because even a small misconfiguration can leave data at risk. Britive focuses on IAM security.
“The implications of security vulnerabilities are much bigger in a cloud environment than they are in a data center,” Poghosyan said. “What it means is the users really have to be much more educated and technically savvy to operate in a cloud environment, and the same goes for security aspects of the cloud environment.”
The Britive platform can help a company manage access to data that’s stored across multiple cloud services from one portal. It uses just-in-time access and zero standing privileges practices, commonly referred to as JIT and ZSP, to ensure data protection and safety. Its platform also provides a single dashboard for management of all the clouds companies may have information on — many businesses spread their data across multiple clouds.
JIT and ZSP work by verifying who is attempting to access a business’s data and evaluating why they are requesting access.
Dr. Clifford Neuman, an associate professor of computer science at the USC Viterbi School of Engineering, said that JIT and ZSP ensure that a security system considers not only whether a user is authorized to access certain data, but also the user’s location and the context of their current task. Access is granted if the given situation justifies it, and is then revoked when the user’s task is done.
This means that data access is ephemeral, and permission will need to be continuously requested. ZSP ensures that, even if an employee’s computer or credentials are hacked, there will still be a security barrier to determine whether data permission should be granted.
Barath Raghavan is a professor of computer science at USC Viterbi as well as the co-founder of Invisv, a computer and network privacy company. Raghavan said cybersecurity has been a “tumultuous enemy,” and that hackers, specifically those using ransomware, have become increasingly aggressive.
“The threat landscape is daunting,” Raghavan said. “If you look at the level of threats, the amount of data that we’ve put in the cloud, the risks and the amount of money on the table … at the end of the day, if the data gets out, it’s enormous.”
Cloud-based applications are beneficial for business operations, but the benefits of handing security operations to an outside cybersecurity provider are higher for a smaller company. Neuman said a smaller business would likely have less data in the cloud and a less experienced IT team, meaning that giving security responsibilities to a cybersecurity provider with professionals would be more secure. With a larger company, there will be more data in the cloud and likely an in-house team with IT experience. In that case, handing operations to an outside cybersecurity company may be an unnecessary step.
“You’ve got to understand the risks associated with it,” Neuman said. “In essence, all of your access decisions are now in someone else’s hands anytime anyone wants to access any file. You have no independent data security whatsoever.”
Britive’s technology is patent pending, and it is Systems and Organization Controls 2 certified. SOC 2 is a voluntary examination developed by the American Institute of Certified Public Accountants that evaluates if a platform meets certain standards for security and availability.
“One of our platform’s key differentiators is its interoperability with a wide range of cloud infrastructure automation technologies,” Poghosyan said. “Most cybersecurity tools are not architected like Britive, as a result making the adoption and scaling of these tools very costly and prone to manual errors.”
According to Poghosyan, phishing and other hacking techniques are becoming increasingly sophisticated. He said data breaches may become more frequent as new technologies are introduced.
“Cyber crime is a very well-funded industry and we are up against some serious adversaries,” Poghosyan said. “In the next few years, my personal prediction is that, because of how quickly the technologies are being adopted, at least in the short term we’re going to see many more vulnerabilities being opened up from the adoption of new, untested technologies.”