Adallom, which aims to secure the growing pools of data stored in SaaS systems, now has $15 million in series B funding to boost its sales presence in the U.S. and its R&D in Israel.
Most legacy security software vendors focus on perimeter-based defenses such as proxies and firewalls, but as more corporate data flows into third-party SaaS systems — Salesforce.com(s crm), Workday(s wday), Office 365(s msft), Google(s goog) Apps for business etc. — the data is no longer inside the perimeter to be defended, said Tal Klein, VP of marketing for Adallom, Menlo Park, Calif.
When your admin defines Adallom as the company’s identification proxy, it can monitor user behavior across the specificed SaaS applications and warn of anomalies.
For example, if Jane Doe signs into Salesforce.com at 8:00 a.m. PDT from California and then signs into Google Apps from China an hour later, that is flagged. Ms. Doe, or whoever is claiming her identity, would then be locked out of both accounts and required to call in to regain access. Or if she is leaving a company and suddenly logs into Salesforce.com to crawl a thousands of instances to collect names and addresses to take with her, Adallom likewise sees that as an issue that Salesforce.com itself would not necessarily view as a bad thing.
“If someone who normally accesses 5 or 10 records at a time suddenly tries to access 2,000 records, we can identify that as a threat — either from inside or from malware,” Klein said.
Adallom itself has partnerships with Salesforce.com, Microsoft (for Office 365); SuccessFactors(s sap), Box and Google. It won’t have this fertile market to itself however — a raft of other startups including Skyhigh Networks and Skyfence are also attacking it and, while legacy security providers still focus on desktop and on-premise server security, they’ll need to jump into this market either by internal development or acquisition.
Index Ventures led the round with contributions from Sequoia Capital Israel. This funding comes atop a $4.5 million round in December 2012.