Data security firm built on power of authorization reveals $110m funding

Tarun Thakur, Chief Executive Officer and Co-Founder of Veza

Veza, a data security platform built on the power of authorization, announced it is emerging from stealth. Veza, founded in 2020, announced funding of over $110m from top VCs.

The venture firms included; Accel, Bain Capital, Ballistic Ventures, GV, Norwest Venture Partners, and True Ventures, as well as angel investments including Kevin Mandia, Founder and CEO, Mandiant; Enrique Salem, former CEO, Symantec and Partner, Bain Capital; Lane Bess, former CEO, Palo Alto Networks; Manoj Apte, former CSO, ZScaler; Joe Montana, Liquid2 Ventures; and, security leaders Niels Provos, Karthik Rangarajan, and many more.

What is the state of data security globally?

Data is rapidly and irreversibly moving to the cloud, but organizations around the world are still missing a critical piece of data security: authorization. Because legacy and first-generation data security solutions don’t work in hybrid multi-cloud environments, data and security leaders face significant challenges related to ransomware, digital transformation, cloud adoption, loss of customer trust due to data breaches, and failed audit and compliance.

With the amount of data tripling from 2020 to 2025 and incidents of cyber crime doubling every year, organizations need a data security solution that can give them the power to understand, manage, and control who can and should take what action on what data.

“When we founded the company two years ago, we were driven to help advance the state of data security for decades to come,” said Tarun Thakur, CEO and Co-Founder of Veza.

“Data and security teams have been inundated with tools, and yet have not been able to answer a fundamental question: Who can and should take what action on what data?”

“Thanks to the dedication of our team, and the invaluable feedback from our customers, Veza has demonstrated the power of authorization metadata as the source of truth to help organizations modernize data security for the hybrid multi-cloud era. We are committed to helping enterprises trust confidently so they can unlock the value of their data,” Tarun said.

What makes Veza’s security platform unique?

Veza is the first and only data security platform that is built on the power of authorization. The platform supports both on-premise and cloud systems, and makes it possible for security teams to understand the sensitive nature of data; manage human identities; and service accounts across hundreds and even thousands of disparate data systems, apps, and cloud services. Veza’s core differentiation is its Authorization Metadata Graph. This includes:

  • A high-performance streaming engine that integrates out-of-band and agentless, with multiple cloud and on-premises identity, data, apps, compute and infrastructure systems
  • A canonical object model that organizes identities, relationships and granular data objects
  • A translation layer that processes multiple system-specific permissions and converts them into a natural language for data and security professionals, delivered in single control pane
  • Data Security applications, including: real-time search about who has access to what; authorization-rich workflows for access governance and privilege management; pre-built least-privilege violation alerts and associated recipes to fix them; automated rules and queries for remediation; recommendations; and much more.

“Finally, a start-up taking on cybersecurity’s biggest challenge: Our collective ignorance to our own data environments,” said Nicole Perlroth, special advisor to Veza; former New York Times cybersecurity reporter and advisor, Cybersecurity and Infrastructure Security Agency.

“No senior executive has been able to say with a straight face that they know where their data lives and who has access to it. This platform marks a huge advance for cyber defense.”

Numerous Fortune 500 and emerging organizations across multiple industries, including finance, health care, hospitality, media and technology, high-tech, trust Veza. Veza’s customers include: ASAPP, ATN International, Barracuda Networks, Choice Hotels, InComm, Nozomi Networks, The Translational Genomics Research Institute (TGen), and many more.

“The execution of data security policies is challenging because there is a large variety of data security products that provide specific security controls against specific repositories. This emphasizes the need and opportunity for market convergence and emergence of new data security markets that enable appropriate business access privileges to use data or share it with partners throughout its life cycle,” said Brian Lowans, Senior Director Analyst, Gartner.

What are Veza’s customers’ thoughts on the product?

“Authorization is a fundamental security requirement for any company creating value from data,” commented Craig Rosen, Chief Security & Trust Officer, ASAPP.

“It’s time for a modern approach that allows companies to see beyond authentication and master the complexities inherent to authorization in a multi-cloud world. Veza takes the intricate problem of aligning identities to data to truly understand who has access to what and simplifies it in a way that’s easy to consume for any organization, no matter its size.”

“Axon’s mission is to protect life and protect truth by enabling public safety through technology. And that focus on safety certainly extends into the security of the entire Axon ecosystem. Using Veza, our security teams have gained valuable visibility across our systems — apps, infrastructure, and data — to better understand who can access what, helping drive stronger privileged access security practices,” commented Jenner Holden, CISO, Axon.

“If you’re using a cloud of any size, there are plenty of things that you’ve done in the past that didn’t have the right governance around them. And being able to go back, see that, fix it, and then put governance on top of it to ensure that it doesn’t sprawl again, that’s one of the things that we love about Veza,” said Jason Simpson, VP Engineering, Choice Hotels.

“We needed to understand how users and service accounts have been entitled to specific data. Veza is the only tool I’ve seen that can show you both parts of the picture. One part is the people or accounts who are supposed to have access as part of a security group,” commented Steven Guy, Vice President Security Solutions, InComm Payments.

“There’s a flip side where you look at it from the data end and say, this is who has access, and this is how it was granted. Veza is the clearest view I’ve ever seen for data access.”

What are Veza’s investors saying?

“Managing authorization for the cloud can be an area of quicksand for CISOs and Information Technology teams, since multi-cloud environments are extremely broad. Veza helps teams manage this complexity with ease. As a result, the company has already seen impressive adoption among a variety of enterprise customers,” said Eric Wolford, Partner at Accel.

“It’s time for a scalable approach to authorization, built to tackle the dynamic nature of hybrid multi-cloud enterprise environments. Pulling together the relationships between any enterprise identity, app, and data system, and managing those relationships in a single place. Veza makes the task of understanding who has access to what data simple, yet scalable for even the largest firms,” said Enrique Salem, former CEO Symantec and Partner Bain Capital.

“It turns out you need a lot of trust to implement zero-trust. That’s because what built big security firms in the past, creating safe spaces defined by securing networks and endpoints, no longer makes sense in a hybrid multi-cloud world. Veza’s insight is that, authorization brings trust to zero-trust,” said Jake Seid, Co-Founder and General Partner, Ballistic Ventures.

“Organizations need a data security product built both for the on-premise and multi-cloud world. Veza’s comprehensive approach pulls together authorization metadata from disparate systems and presents them in a single schema: the metadata authorization graph. It’s the only company that can show you the truth of your data permissions — or authorization — across your organization’s entire cloud ecosystem,” said Karim Faris, General Partner at GV.

“We’re excited to work with Tarun Thakur and the Veza team on the road ahead.”

“The Veza is a perfect example of what we call ‘founder-market-fit’. The leadership, with its deep domain experience in data, witnessed a universal trend firsthand: the volume of data born in the cloud is exploding and the task of managing who can and should have access to that data is an intractable problem,” said Rama Sekhar, partner at Norwest Venture Partners.

“Veza tackles this challenge head-on by translating the vast complexity of identities, permissions and data sources into a single control panel. Their approach has already earned the trust of an impressive roster of customers and we look forward to seeing Veza continue to help enterprises around the world secure their data,” Rama further commented.

“We jumped at the chance to fund Tarun and the team for a second time. The ingenious organisation is filling a major gap in data security for environments across both on-premises and the cloud, and we believe this is the team uniquely suited to carve out and lead a massive new category,” commented Puneet Agarwal, partner at True Ventures.