We recently connected with Dan Benjamin, Co-Founder and CEO of Dig Security, which raised its $34 series A in September 2022 after emerging from stealth in May 2022.
Dan has held leadership roles at Microsoft and Google, and during that time noticed customers encountered a gap with public Cloud data security. That led him to establish Dig Security, a company dedicated to providing cloud data security and real-time detection and response wherever data sits within an organization.
Dig helps customers in highly regulated industries such as healthcare and finance achieve compliance, and its customers include Fortune 500 companies – leaders in financial services and business software, and innovative SaaS-based technology companies across the U.S., Europe, and Israel.
More data and more regulatory pressure: Organizations today hold so much data that it’s easy to lose track of what they have. For the first time, there is more data in the cloud than on-premises, yet there are no adequate solutions to protect it.
Cloud data security is a top priority for organizations. According to the 2022 Cost of a Data Breach Report by IBM Security and Ponemon Institute, nearly half of all data breaches over the last year were cloud-based. In addition, there is increasing regulatory pressure to secure customer data, with new and stricter data security standards set by the Consumer Financial Protection Bureau (CFPB) and in the FTC Safeguards Rule.
A solution that moves at the speed of cloud: Dig Security has created the a Data Detection and Response (DDR) offering real-time data protection across any cloud and data store. The Dig Data Security Platform consistently provides customers with complete visibility and control into their multi-cloud data estate.
Dig automatically finds any data asset (whether it is a platform as a service [PaaS], database as a service [DBaaS] or infrastructure as a service [IaaS]), brings context to how it’s used and what it contains, and provides real-time protection.
Addressing the burgeoning threat landscape with DDR: Today, a motivated attacker can breach data in the cloud in less than three minutes. That is why DDR has become an essential requirement for cloud data security. Dig is the only solution that has it, and its average mean time to detection (MTTD) is less than a minute. This means that data breaches can be stopped early in the kill chain before damage is done.
Ultimately, Dig’s vision is to create a security platform suited to address the data protection needs of the modern enterprise – the agile innovators born in the cloud that move beyond the speed of business.
Our conversation with Dan Benjamin is shared below.
Crowdfund Insider: Cybersecurity is often overlooked. How can business leaders make cybersecurity a priority for their organizations?
Dan Benjamin: Most boards now regard cybersecurity as a business risk rather than solely a technical IT problem, according to a recent Gartner survey. The risks of cyberattacks span functions and business units, companies and customers. Given the stakes, CEOs and other senior leaders must take an active role in a company’s cybersecurity strategy. This starts with buyers and decision-makers adopting the right solutions into their security stack, and building teams with the right skills to help their organizations uphold cybersecurity best practices.
In today’s data-driven world, bad actors are monetizing organizations’ data by ransoming or stealing organizations’ most critical assets. Therefore, CISOs and security leaders should focus on building a dedicated data security team tasked with the mission to build a data security plan. That includes making a full inventory of all the data and classifying it to find where the most sensitive data is located.
This involves hiring data security professionals who can go beyond achieving compliance requirements, knowing and implementing the processes, protocols, and technologies necessary to secure their cloud environments. Because data is the lifeblood of modern enterprises, it’s imperative that teams have a thorough understanding of both the domain and the business.
Crowdfund Insider: How can businesses protect data in the multi-cloud era and with the overall rise in cloud adoption?
Dan Benjamin: As of 2023, 60% of corporate data lives in the cloud, with 89% of companies having multi-cloud environments. As more and more organizations adopt cloud environments, bad actors are also targeting cloud data and that requires new solutions.
According to the 2022 Cost of a Data Breach Report by IBM Security and Ponemon Institute, nearly half of all data breaches over the last year were cloud-based. Legacy, on-prem data security solutions do not protect against cloud data threats. Cloud data attacks are more devastating and take longer to detect, and require different tooling and processes.
IT and security teams must be part of the cloud strategy conversation to ensure that adoption does not generate risks that lead to business disruption. Similar scenarios play out across all units of a business so everyone must have representation in developing the strategy and an understanding of the organization’s goals in carrying out such efforts.
Crowdfund Insider: Why are cloud native solutions not adequate to address today’s multi-cloud environment?
Dan Benjamin: Today’s organizations are using more than 20 data store types and thousands of data store instances on multi-cloud environments. This requires dexterous data security solutions that can address the constant movement of data across different deployments (IaaS and PaaS) on public clouds.
Traditional solutions and vendors lack the speed and adaptability for these environments. Native solutions offered by public cloud vendors (AWS Macie, Azure Purview, Google Cloud DLP) do not support multi-cloud environments and are limited in coverage and functionality.
Cloud Security Posture Management (CSPM) solutions focus on protecting the posture of the cloud infrastructure but don’t take the context of the data and how it flows across different cloud services into consideration. This may be helpful for configuration issues, but it does nothing to prevent an attacker from swooping in to steal customer data, cover their tracks, and disappear in minutes.
Data security posture management (DSPM) tools add a layer of data awareness. DSPM scans the actual data stored, detects assets that contain sensitive data—such as personally identifiable information (PII) or access codes—classifies the data, and assesses the risk associated with it. While DSPM offers more granular and fine-tuned cloud data protection, DSPM tools remain static and offer little in terms of real-time incident response.
Data Detection and Response (DDR), however, is dynamic. It provides real-time alerts. While other solutions look at configurations and data at rest, DDR monitors the specific event as it is happening. With this, a comprehensive cloud data security stack must have capabilities for DSPM and DDR.
Crowdfund Insider: Why should organizations prioritize cloud data security specifically?
Dan Benjamin: Data is at the core of modern enterprises, and often contains an organization’s trade secrets, PII, and important financial information. With the continued impact of breaches and stricter compliance mandates, security leaders must prioritize cloud data security specifically in order to protect their most prized asset: their data.
Adopting security solutions that provide visibility into the data assets their organization holds, where it lives and how it moves, and the risks surrounding data, is the only way organizations can ensure their data is protected. Public cloud data security solutions have never quite fit the speed of innovation in the cloud and the complex threat models it introduced. From my experience leading multi-cloud security strategy at Microsoft and as the former CTO of Google Cloud for startups, I knew the industry needed a solution to dynamically protect data across deployment models (PaaS, IaaS), clouds, and services. I’m proud to offer such a solution to industry-leading companies across the globe.
Dig Security discovers data agnostically, automatically classifies it, and delivers the first true real-time DDR. From reconnaissance, where attackers are seeking out open buckets and making first moves toward disabling security measures – to data misuse, data exfiltration, ransomware, and compliance breaches, Dig issues security alerts when it matters most, within a matter of minutes and while it’s actionable. This provides organizations with a single solution that spans across multiple clouds and a much-needed dynamic defense layer to complement static CSPM solutions.
Crowdfund Insider: How does data security play into business decision-making, especially with the pace at which the threat landscape is evolving?
Dan Benjamin: Gartner predicts that by 2025, 60% of organizations will use cybersecurity risk as a primary determinant in conducting third-party transactions and business engagements. A critical component of this is data security. Businesses want assurance that those they’re partnering with uphold proper data security best practices. In increasingly saturated markets, competitive advantages are key.
Organizations want to do business with companies that prioritize data security and safe data handling. Noteworthy security incidents such as the Uber and LastPass breaches have emphasized not only how rapidly the cybersecurity threat landscape is growing but just how many organizations lack the proper data security controls they need to keep their data protected, or visibility into their data to know when it’s been compromised. As data continues to flood into the cloud, using modern data security solutions will give organizations the advantage they need to keep up with the ever-evolving threat landscape.