- On Tuesday, the data security startup Open Raven launched out of stealth with $4.1 million in seed funding.
- Open Raven builds software that helps companies find where data is stored, protects it, and alerts security teams about exposure.
- Several startups have changed how their software can be used because of competition from cloud providers like Amazon Web Services, but Open Raven decided to make its software open source because it believes it will benefit from developers' code contributions.
- Visit Business Insider's homepage for more stories.
Open Raven co-founder and chief product officer Mark Curphey says it has become all too common to read about a data breach in the news.
He says there's a root cause to this: organizations don't even know where their own data is.
"There's often little control," Curphey told Business Insider. "Companies don't know what they have or where it is."
That's why he and co-founder Dave Cole launched the Open Raven, which finds where data is stored and protects it. On Tuesday, the 12-person data security startup launched out of stealth with $4.1 million in seed funding from investors like Upfront Ventures, Goldman Sachs board member Phil Venables, and Dragos.
It also released a preview of the community edition of its product, which will find and query data. It's open source, which means that anyone can use, download, or contribute code to it. And this summer, Open Raven plans to release the full version of its open source product, as well as added commercial features for classifying data, finding data breaches and alerting security teams about any exposure.
This could help customers prevent massive breaches before they happen, Curphey says. Some of its early customers and design partners include Toyota and PayPal.
"We're the only company that's figuring out where the actual data stores are," Curphey said. "Most of the people tackling data security, you have to know where your data is. If you look at all the breaches that are happening, breaches are happening because people don't know where the data stores are in the first place."
'The challenge is they still can't figure out where the data is'
Curphey and Cole met at Internet Security Systems 20 years ago. Cole would go on to work at Symantec, CrowdStrike, and most recently Tenable, which he helped bring to IPO in 2018. As for Curphey, he worked at Charles Schwab and Microsoft, and then founded SourceClear, which was acquired by CA Veracode in 2018.
"We're startup guys," Curphey said. "We both learned lots of lessons on what to do and how to do it correctly. This is the next big problem we wanted to solve."
Besides that, Curphey is known as the creator of the Open Web Application Security Project (OWASP), an online community that shares articles, documentation, and tools on application security.
After leaving their most recent roles, Curphey and Cole both got together to figure out what's next. Cole had always wanted to be a CEO, while Curphey had already done that at SourceClear and wanted to focus on the product, so he says it was a "perfect fit."
Together, they surveyed chief information security officers to ask what keeps them up at night, and he says almost all of them said they're worried that they don't know where their data is, and data breaches are happening constantly.
"When you talk to CISO's and you talk to those customers, the challenge is they still can't figure out where the data is," Curphey said.
What's more, with the passage of the General Data Protection Regulation and the California Consumer Privacy Act, there can be massive fines if companies don't adhere to these rules.
"As Dave and I sat down and thought about the tenants of the company, we said, we've got to solve a meaningful problem, it's got to be a fun place to work, we've got to figure out how to make money, and it's gotta be open source," Curphey said.
'The customers are able to see how things work'
Open Raven plans to make the underlying technology available as open source and build commercial features on top of it. Curphey says this will help Open Raven hold itself accountable as a secure project and allow users to add features to the code if they wish.
"Not only is it great for the company to recruit the best talent, from a security perspective, the customers are able to see how things work, particularly when you're dealing with data and privacy," Curphey said. "That's extremely important for them."
Still, because of concerns about competition with cloud providers like Amazon Web Services, Open Raven worked with open source licensing lawyer Heather Meeker on what's the best way to license its software. Other companies, like Redis Labs and Confluent, have changed how their software is licensed after AWS started selling their software on its cloud.
Open Raven considered the Business Source License. This license has more restrictions on how software is used, and Sentry and Cockroach Labs decided to use it to protect its technology from being sold by large cloud providers like AWS.
However, Open Raven decided that it was still better to use the open source license Apache 2.0 because its software will benefit from developers' code contributions.
"We all came to the same conclusion that using a standard open source license, Apache 2.0 is the correct one for both us and our customers because it gives everyone all the benefits of open source," Curphey said.
Besides building out its open source project, Open Raven plans to use its funding to build out its engineering team and product. Open Raven is tackling a difficult technical problem, Curphey says, but VC's are actively trying to invest in this field.
"The toughest for us is the technical challenges," Curphey said. "We're incredibly lucky we have an amazing talented engineering team. That's the biggest challenge."