Security Experts:

Cloud Security Firm Lacework Raises $42 Million

Funding Will Help Company Expand DevOps and Workload Security Offerings for Cloud, Container, and Hybrid Environments

Mountain View, Calif-based cloud security firm Lacework has closed a $42 Million Series C funding round from Sutter Hill Ventures and Liberty Ventures, bringing the total raised to $74 million. Lacework provides a purpose-built platform for the modern environment, including DevOps and orchestration to cloud, cloud native and hybrid workloads.

Lacework was founded in January 2015 by Sanjay Kalra (CPO) and Vikram Kapoor (CTO).

The new funding will be used for further product and market development, and is supported by several new board appointments. Andy Byron is moving from chief revenue officer at Cybereason to become President at Lacework, and will run all go-to-market operations.

Lacework Logo

Traditional security products -- even 'NextGen' products -- are primarily firewalls or endpoint products. These have their place, explains Lacework CEO Dan Hubbard in an associated blog, but neither "have been purpose fit for modernized IT service consumption models; IaaS, PaaS, and cloud-native technologies such as container and Kubernetes."

One of the problems is that cloud environments don't just change the infrastructure -- they are changing the way software is being developed. Where developers once had to engage with separate IT and security teams to gain change control approval, they can now run their own infrastructure on-demand, at scale, and often without traditional IT.

"The shift here is for security to be integrated into the process, not isolated from it in the world of the 'Next Generation'," writes Hubbard. "Call it DevSecOps, Secure DevOps, or SecDevOps, I just call it collaboration and teamwork in New Generation Security."

The ability for faster change at greater scale brings its own new risks; but the same programmability in cloud environments that creates these risks can also be used to mitigate them. Hubbard describes the environment as 'predictable chaos engineering', where it is normal for nodes to come and go and it all just continues to work.

"What this practically means," he says, "is that instead of simply enforcing something at the network layer and continuing to have a machine on your network that is potentially infected you can orchestrate it offline. Additionally, when programmatic configuration mistakes happen in your infrastructure you can orchestrate them to be fixed, on the scale of one or one hundred with a software rollout."

Lacework's proposal is that security for new processes and infrastructure within the cloud is best served by new product designed for the cloud. But, "The security market is crowded with point solutions and legacy vendors trying to become relevant for containers and the cloud," explains Mike Speiser, partner at Sutter Hill Ventures and new Lacework board member. 

"The cloud is certainly no less secure than on-prem; but it's very different. The cloud is secure if you make it secure; but you have to think about it in a new way. Lacework helps to do that," explains Stefan Dyckerhoff, Lacework board member and managing director of Sutter Hill Ventures.

Lacework raised $24 million in a Series B funding round in August 2018.

Related: Researchers Find 21,000 Exposed Container Orchestration Systems 

Related: Security, Compliance Remain Biggest Concerns Over Cloud 

Related: Cloud Security Firm Aporeto Raises $20 Million 

Related: Darktrace Raises $50 Million at $1.65 Billion Valuation 

view counter
Kevin Townsend is a Senior Contributor at SecurityWeek. He has been writing about high tech issues since before the birth of Microsoft. For the last 15 years he has specialized in information security; and has had many thousands of articles published in dozens of different magazines – from The Times and the Financial Times to current and long-gone computer magazines.