Cisco just announced it is acquiring CloudLock, an Israeli Cloud security startup, for $293M. This is a great outcome for the CloudLock team and the investors. Bessemer first invested in CloudLock in January 2014 when the space it was operating was still very nascent. Below is the blog post we posted on our website in January 2014 that explains why we were excited about the company.

In retrospect we got many things right. But the main two things were an exceptionally strong founding team which worked really well together for a very long time, and a really interesting new space that was growing incredibly fast and would become strategic to all the ‘traditional’ security players who lack a solution in this space. What we didn’t know when we first invested is just how competitive this fast-growing space would become (later, it even got a name by Gartner – CASB), and we didn’t anticipate the large amount of VC dollars that will flow in (2014 and most of 2015 were years of VC frothiness). This is always the worry when investing in ‘hot’ spaces.

What turned out really well for the company and the investors was that CloudLock was more scrappy than many of its competitors. While many competitors raised tons of money at extremely high valuations, the CloudLock team kept their heads down and just executed. Later, when the large incumbent security players all realized they need to acquire startups in this space, their best options were the startups that haven’t burned a lot of money: Adallom was acquired  by Microsoft for $250M, and Elastica was bought for $280M by Bluecoat. The startups that have raised too much money at too high a valuation suddenly became unattractive for many acquirers. This is always one of the main risks that startups take when they raise at lofty valuations. They are left out of the M&A activity and are forced to build big independent business in order to compensate for the high valuation they got. The problem is that it is more difficult to rise above the competitive noise when the space is ‘hot’ and therefore more competitive. That’s the catch 22 of raising tons of capital in a hot market.

CloudLock secures data in the cloud

January 29, 2014

Authors:

Amit Karp

Being the Chief Information Security Officer (CISO) is a difficult and lonely job. As a CISO, you are in a constant battle between the business need to push forward and the necessity to keep security intact and adhere to regulations.This difficult job has become even tougher in recent years as corporate data begins to live on the cloud. Companies continue to see the economic, technical, and collaborative benefits of pushing their data to public cloud services such as Salesforce, Google Apps, Box and others, which have become too valuable to ignore.  Yet IT departments now struggle to gain the visibility and control they once had when data and applications lived on-premise.  Moreover, the proliferation of BYOD and cloud services has created a new world in which the users have become the new perimeter when it once was the enterprise firewall.

As a CISO, you now have two options:

1. Live in denial: Prohibit deployment and usage of cloud services and keep the data on premise. This approach will not only hinder collaboration and productivity but will also cause employees to go behind IT’s back and adopt “shadow IT” systems (like sharing files on Dropbox). This is definitely not a viable long-term option.

2. Embrace the cloud: Allow usage of cloud services and live in constant fear of not knowing what data is stored, accessed and shared outside the enterprise perimeter.

CISOs who selected to embrace the cloud are now struggling with questions such as: how do I manage the outflow of sensitive data now that it lives beyond its on-premise perimeters? How do I adhere to data compliance laws, secure sensitive documents, and prevent data loss?  These questions become even more relevant for regulated enterprises that are required to meet compliance requirements around personally identifiable information (PII) and payment card industries (PCI).

This is where CloudLock, the newest member to the BVP family, comes into play. CloudLock offers a cloud-based SaaS suite that helps enterprises protect their data assets that are stored on 3rd party cloud services. The company helps the answer questions like where is my sensitive data? Who can access it? What are they doing with it? What 3rd party apps have access to my domain? Suddenly, the CISO gets back the control he had in the old world while embracing the cloud and the collaboration the enterprise so much desires. Moreover, this is all possible in just a few minutes (or sometimes even seconds) of deployment, without breaking any of the existing functionality of the cloud services, without adding any additional latency or inconvenience to the end user and without even changing the traffic flow!

As investors, part of the due diligence we conduct before entering into an investment includes calls with existing customers. The CloudLock calls stand out for the level of enthusiasm that greeted us from the other end of the line.  One customer even described finding CloudLock this way:

“We were like a guy in a desert dying of thirst when he suddenly sees water.”  [CloudLock was the water]. Gil Zimmerman and the incredible CloudLock team have done an incredible job building a company that has immense promise. The company’s great SaaS metrics and rate of growth make this even more evident. (For more on what BVP looks for in SaaS metrics read our “10 Laws” here).

At BVP, we are strong believers in our roadmap-driven investment strategy, a strategy that requires us to dive very deeply into a sector so that we can identify opportunities early. CloudLock, interestingly, sits at the intersection of two of our strongest roadmaps Cloud/SaaS and Cyber Security. (As you can imagine, when an investment sits in the Venn diagram overlapping two areas of interest we get really excited.)  Both Cloud and Cyber Security companies will continue to get BVP focus in 2014.

We welcome the CloudLock team to the BVP family.