Change, a provider of data privacy and access controls services, today announced that it closed a $100 million Series E round at a $1 billion valuation, bringing the company’s total funding to $267 million. NightDragon led the funding with participation from Snowflake Ventures as well as existing investors Dell Technologies Capital, DFJ Growth, IAG, Intel Capital, March Capital, StepStone, Ten Eleven Ventures, and Wipro Ventures.
The new cash will be used to support product development and R&D efforts, CEO Matthew Carroll said, as well as expand Muta’s sales, marketing, customer success, and support teams and enable “key” acquisitions in the data monitoring space. “The pandemic has accelerated the move to the cloud and that has increased the need for cloud data security,” he told TechCrunch in an email interview. “We don’t see that slowing down.”
Immuta was co-founded in 2015 by Steven Touw and Carroll, who began his career as a US Army intelligence officer in Baghdad. Before founding Immuta, Carroll spent several years at consulting group CSC after it acquired his previous employer, 42six Solutions, where Touw also worked.
Carroll led data fusion and analytics programs and advised the US government on data management and analytics issues at CSC. “I quickly realized the power of data and the ways that governing large amounts of critical information can better streamline operations of all kinds,” he added. “With proper data access controls, organizations can truly maximize the utility of their data.”
Carroll pitches Change as an “enterprise-scale” alternative to manual processes for creating and implementing data policies. It’s his assertion that many IT teams use tools that rely on role-based access control technologies dating back to the ’90s, which aren’t well-suited to emerging privacy regulations like GDPR and CCPA. Adding to the challenge, Carroll claims, these tools can introduce “data locality” challenges in situations where data must be migrated from on-premises data stores to the cloud. For example, a company may be operating in a certain set of countries globally but have data stored in a data center in Germany.
To Carroll’s point, surveys show that organizations face a range of issues when it comes to establishing data policies. Specialists in a recent TechRepublic poll cited corporate culture, lack of knowledge, financial cost, and poor integration with existing tools as some of the top blockers. The public sector wrestles with these same issues as revealed in research from the Center for Digital Government (CDG), a national research and advisory institute. The CDG reported in May that frameworks to address digital privacy at the state and local government level are only in the “nascent stages.”
“The question is understanding what rules apply and also how to apply them — it can get complex very quickly,” Carroll said. “This is all happening while organizations are trying to speed up access to data. The most common challenge we hear is that organizations are trying to innovate, trying to move their business forward, but there’s a disconnect between IT and the business and they are forced into this decision between being compliant or providing fast access to the data.”
Immuta’s customers — which range from private sector organizations like S&P Global and Mercedes-Benz Group to the US Army — gain access to a dashboard designed to automate aspects of data policy federation. It provides tools for the discovery, classification, and tagging of sensitive information to comply with contractual obligations and regulations. Beyond this, Muta can audit data usage and gather insights to show users what data was accessed, when, by whom, and for what purpose.
The platform integrates with data centers, on-premises servers, and hybrid cloud services including Databricks and Snowflake. (Immuta recently launched a software-as-a-service deployment, Immuta SaaS.) Any user accessing services where Immuta is integrated gets the benefit of using Immuta to control data access, according to Carroll.
“Immuta takes a different approach to a handful of newer alternatives wherein we’ve written code that natively integrates into the compute layer, meaning the consumer sees no performance hit when applying data access controls policies to queries,” Carroll said. “Change operates as the data security and privacy layer across customers’ environments [it] improves compliance and mitigates risk; [which] means that teams can safely share more data and easily prove compliant data use with full visibility into all data access.”
Data governance is a red-hot sector, with one analytics firm predicting that it’ll be worth $6 billion by 2026. Immuta’s competitors include TrustArc, which helps companies implement privacy and compliance programs. Others are Privitar, OneTrust, and BigID.
Fortunately for Muta, venture capital sees big opportunities in data privacy. Venture spending in the broader security segment surged to nearly $30 billion in 2021, more than doubling the total from the previous year, according to Cyber Momentum.
“We are very well funded,” Carroll said, demurring when asked about Muta’s total number of customers and annual recurring revenue. “[We] see the recent reality check across tech as a big opportunity to solidify our market position and expand with new acquisitions.”
Stefan William, VP of corporate ventures at Snowflake Ventures, added in an emailed statement: “Data security is only increasing in importance and we strongly believe in Muta as both a partner and investor. With enhanced data security, Snowflake customers can further accelerate their use of cloud data, and that’s a win for everyone.”
Boston, Massachusetts-based Muta claims to have over 250 employees currently, with plans to double headcount within the next 18 months.