CloudKnox Security, a cybersecurity startup that helps companies protect their private and public clouds from insider threats and poor security hygiene, has raised $12 million in a round of funding led by Sorenson Ventures, with participation from Dell Technologies Capital, ClearSky Security, and Foundation Capital.

The threats posed by external adversaries are well documented, thanks to countless high-profile cyberattacks, but risks from insiders — including employees and temporary contractors — are also thought to be on the rise. According to a 2018 report from the Ponemon Institute, the number of security incidents relating to careless workers grew from 10.5% to 13.4% between 2016 and 2018. Similarly, Verizon’s 2019 Data Breach Investigations report noted that 34% of all breaches in 2018 were caused by insiders — up from 28% the previous year.

Inside job

A number of high-profile “insider” breaches have been revealed in recent years, including at Tesla, which has sued former employees for stealing the carmaker’s confidential information and passing it on to third parties. Uber and Alphabet’s Waymo have also locked horns over stolen trade secrets. As these incidents highlight, insider threats aren’t just about employees inadvertently opening systems to exploits from third parties, they can also be the result of deliberate and malicious data leaks or intellectual property (IP) theft.

Founded in 2015, Sunnyvale, California-based CloudKnox sets about protecting companies by monitoring and enforcing “least privilege” policies in cloud environments. The principles behind least privilege stipulate that users only be allowed to access the information and systems they need to perform their job. Someone whose role is to enter data into a database doesn’t receive root access to a company’s systems, for example, so if their account is compromised by a malicious third party, damage is limited.

CloudKnox adopts a recently patented “activity-based access control” approach that makes it easier for enterprises to fine-tune permissions across their hybrid or cloud infrastructure. This effectively enforces restrictions for who can and can’t delete data, for example, and allows companies to introduce a “privilege-on-demand” system that grants access to certain powers for a predetermined period of time. This averts the classic security slip of granting someone system access to carry out a single task and then forgetting to revoke that access afterward.

CloudKnox also enables auto-remediation for machine-based identities (e.g. service accounts that carry out repetitive tasks automatically) so that all unused privileges can be automatically revoked on a regular basis. In the event that such accounts are compromised, damage is limited to whatever smaller subset of privileges the accounts had been granted.

Keeping tabs on who has access to which systems can be difficult, particularly in complex cloud environments spanning different platforms, with personnel coming and going and new services and machines being added to the mix. CloudKnox promises to help address insider threats (malicious or otherwise) by continuously monitoring for “over-privileged” machine and human users.

Above: CloudKnox access controls

CloudKnox had previously raised around $11 million, and with another $12 million in the bank it plans to “accelerate” its product development and and go-to-market (GTM) strategy.

“We’ve seen exceptional growth from customers and prospects looking to address the No. 1 risk in their cloud infrastructure,” said CloudKnox CEO and cofounder Balaji Parimi. “This positioned us to preemptively secure another round of funding to leverage strong market adoption and accelerate our customer expansion.”

Other companies are setting out to help clients safeguard their systems from breaches caused by insiders. French startup GitGuardian recently closed a $12 million funding round to help companies find sensitive data accidentally included in GitHub code repositories. This includes database login credentials, API keys, cryptographic keys, or anything that could be used by unauthorized third parties to access a system (e.g. a cloud or database).

More broadly, the global cloud security software market will reportedly hit nearly $36 billion by 2024, up from $28 billion in 2018. The trend of companies migrating to the cloud is creating a more fertile landscape for large-scale data breaches.

“CloudKnox’s vision is compelling: Enable security teams to proactively measure and mitigate the greatest risk from operating in the cloud,” said Home Depot’s chief information security office, Stephen Ward, who joins CloudKnox’s board. “It does so by delivering continuous detection and remediation of over-privileged identities while helping to understand and report on their cloud risk posture.”

Sign up for Funding Weekly to start your week with VB's top funding stories.