Cloud security startup Obsidian Security Inc. today announced that it has closed a $90 million funding round led by noted tech investors Menlo Ventures, Norwest Venture Partners and IVP.

Three returning Obsidian backers participated as well: Greylock, Wing and Alphabet Inc.’s GV startup investment arm backed the startup’s Series C round. Overall, the company has raised $119.5 million since launching in 2017.

Organizations with more than 1,000 workers use an average of 150 software-as-a-service applications, according to Obsidian. Those applications are a target for hackers because they often contain sensitive business data. Obsidian has developed a cloud platform that aims to help companies more effectively secure the data they keep in SaaS deployments.

Some cyberattacks targeting SaaS applications rely on configuration mistakes to steal business information. A company might, for example, accidentally configure a folder in a file storage service to be accessible without a password. Or an organization’s deployment of a SaaS application may be integrated with another, third-party SaaS application that doesn’t have sufficient cybersecurity safeguards.

Obsidian can alert companies to configuration-related vulnerabilities in their cloud applications. While at it, the platform searches for cybersecurity risks related to user accounts. 

Inactive accounts in a SaaS application can become a cybersecurity issue if their login credentials are compromised. Hackers could use stolen login credentials to access the data that a company stores in cloud services. Obsidian’s platform can spot inactive accounts, as well as cases where sensitive business data is accessible to more users than is strictly necessary, a scenario that also presents cybersecurity risks.

Automating the detection of cybersecurity risks related to user accounts reduces the risk of a breach by allowing issues to be fixed more consistently. In an enterprise that has thousands of workers, manually evaluating every SaaS account for cybersecurity weak points can be impractical. Carrying out the process automatically using software, in contrast, makes it possible to detect issues as soon as they emerge and without a significant amount of manual work.

Another set of features in Obsidian’s focuses on identifying if hackers have gained access to a company’s SaaS applications. The platform generates alerts when it detects malicious activity. Obsidian provides contextual details, such as how a malicious user accessed sensitive data, to help administrators find opportunities to improve their company’s breach prevention approach.

“There hasn’t been a comprehensive and contextual platform for securing third-party SaaS applications until Obsidian,” said Chief Executive Officer Hasan Iman. “We’re not only enabling security teams to detect more threats and proactively improve their security posture, we’re bringing together all the stakeholders in SaaS adoption — application vendors, lines of business, security and IT operations — to create a shared-responsibility model for SaaS security.”

Obsidian’s platform works with more than a dozen SaaS applications from Google LLC, Microsoft Corp. and other major tech firms. The startup’s customer base includes major tech firms as well. Snowflake Inc. and Figma Inc., the interface design startup valued at $10 billion, are among the companies that rely on Obsidian to protect their SaaS environments.

According to the startup, the number of companies paying at least $100,000 to use its platform grew fivefold last year. Obsidian’s technology is drawing demand not only from tech firms such as Snowflake but also organizations in other verticals. The  startup has more than 80 customers across the industries where it maintains a presence, including multiple Fortune 500 firms.

Obsidian plans to grow its research and development team following the $90 million funding round announced today. The startup will also expand go-to-market efforts.  

Photo: Unsplash