June 15, 2022

Why we invested in Veza

A first-of-its-kind player in data security

By Jake Seid, Co-founder and General Partner

You will soon be hearing a lot about Veza, a company that’s just come out of stealth mode with a distinctly unique value proposition in the data security space — one which also happens to have broad implications across significant trends in cybersecurity in general. My partners and I at Ballistic Ventures are proud to announce our investment in Veza and want to share why we invested.

First, since you may not know much about us, a bit of background. Ballistic Ventures is a cybersecurity-focused fund started by a team of experienced company builders who also know a thing or two about investing. In our previous lives, we funded a number of companies you may have heard of, including Abnormal Security, AlienVault, Bolt, Carbon Black, Brex, Fortify, Lifelock, Mandiant, Segment, and Shape Security, to name a few. In cyber, we’ve been involved with 90 companies as founders, funders, or operators. Because all of our partners focus on cybersecurity, every company in our portfolio is able to leverage a highly experienced team for perspective, insights, and support.

We’re very excited to see Veza coming out of stealth after more than two years working behind the scenes to validate its data security offering with world-class customers like Intuit, Moveworks, SoFi, Best Western, Robinhood, and many more. You don’t often see momentum like this right out of the gate, and it’s clear that Veza has a very long runway ahead.

Critical trends have set the stage for Veza’s opportunity

Securing networks and endpoints is so 2010 — on-premises, big security companies were built by focusing on networks and endpoints. In the cloud, value in security shifts up the stack to apps, workloads, and data, and how we authenticate and authorize access to those up-stack resources.

“Someday we’ll look back on this and it will all seem funny” (Bruce Springsteen) — Remember when people talked about cloud lock-in? It was once considered a distant vision that enterprises would use multiple clouds. That vision has become reality. Just look at Boeing’s recent announcement that they’ll be using all three major IaaS cloud providers. Enterprises truly enjoy having the flexibility of the cloud when workloads leave their four walls. But they don’t want to lose that flexibility on-prem. Every enterprise wants an on-prem environment that can give them the benefits of public clouds and that makes the cloud hybrid as well. As your data and workloads migrate across various clouds, it doesn’t make sense to have to reconfigure security architectures and postures.

You need a lot of trust to enable zero-trust — As we move to hybrid multi-cloud, the perimeter that separates what’s inside the enterprise from what’s outside continues to dissolve. This has given rise to the importance of zero-trust architectures. But the irony of “zero-trust” is that, more than ever, it’s critical to be able to actually know what can be trusted and what shouldn’t be. We can no longer simply rely on something being inside the four walls or having come from a trusted partner to know it can truly be trusted.

A data security platform built for the hybrid multi-cloud era

Veza’s co-founders had a singular vision to create a data security solution built specifically for an era where, while applications and data moved to the cloud, security lagged behind. In yesterday’s on-prem environments, basic questions like who has access to and control over data were both easier to answer and less critical, given that companies only needed to understand access for employees, and data was not accessed from outside the traditional perimeter. In the multi-cloud era, that’s all changed. The trend to cloud and ultimately hybrid multi-cloud is so massive that Ballistic saw an obviously huge opportunity.

Going beyond authN to authZ

Authentication (authN) platforms were a very important step for scaling security. However, authentication tends to be SAML focused and SAML tends to be application centric. We recognized that Veza’s focus on authorization (authZ) rather than just access (authentication) is a unique value proposition that customers would find compelling and tightly aligned with their cloud journey. It’s a truly disruptive technology for a specific reason. While authN tends to be app centric, authZ can truly apply across all resources in your organization, including data and infrastructure.

Why authorization, why now?

Organizations have been looking for better, more efficient ways to leverage user identities for accessing corporate assets securely. We first saw this with directories, single sign-on, and multi-factor authentication. As organizations shifted to cloud, the adoption of technologies for securing identities and access accelerated, starting with apps and infrastructure.

Now, data, the substrate of the apps we use every day, has also been reconstructed for the cloud. Companies have evolved from just migrating to cloud to really betting their business on its success. Data in the cloud gives organizations the ability to innovate faster. But there are also tough, new security challenges. While there are countless cybersecurity tools out there, there was nothing that put data governance squarely in focus — no technology that manages not only how users access data, but how they gain authorization to interact with it. Until now.

Trust with confidence, delivered by Veza

Veza’s vision is rooted in trust. From the start, the company sought to enable organizations to trust the relationship between user identities and enterprise resources — to enable you to securely and confidently store and utilize your data in the cloud. To do so, Veza gives you a 360-degree view into authorization across all your systems. The data-centric SaaS solution maps identities starting with your identity provider (e.g., Okta, AAD) to cloud permission systems (Azure RBAC, AWS) to apps (GitHub, JIRA) and to data systems like Snowflake, Redshift, and more.

It is the only solution that meets the data security needs of the multi-cloud era. The only solution that can answer the core question of who can and should take action on what data — who has authorization. While still early in its journey, but with great momentum and opportunity ahead, we are excited to see what’s next for Veza.

If you have initiatives around data lake governance, privileged access for data, zero-trust data security, and more check out Veza.

We’re driven by urgency

We have a profound sense of moral responsibility to address the growing threats to society’s cyber infrastructure. Learn more about why we exist.