Adoption of the Cloud for data storage and analytics has been a boon to businesses of all sizes, but it also can create an IT nightmare for managing who has security rights to access which data and under what circumstances.
As a result, the global data access control market, valued at $10.31 billion in 2019, is projected to reach $20.02 billion by 2027, according to Fortune Business Insights.
One company that is helping to define the category is the Boston, Massachusetts-based Immuta. Founded in 2015 by Iraqi war veteran Matthew Carroll, Immuta positions itself as the market leader in secure data access, providing data teams with one universal platform to control access to analytical data sets in the Cloud.
Immuta Founder and CEO Mathew Carroll
The idea for Immuta came about when Carroll was a U.S. Army intelligence officer in Baghdad charged with managing streams of intelligence data. “Coming out of the US intelligence community, the problem the Cloud was solving for us wasn't about rationalisation and decreased total costs like it was for most businesses. It was about solving the problem of how do I share data more effectively? How do I get access to data faster? And that journey started with just throwing data into s3 buckets. And we wanted more users who had the technical capabilities to join that data together,” says Carroll.
But that created the problem of securing data access rights for each of the data users, each of whom might have different security authorization levels. And with speed to data access often being a life-or-death decision for battlefield commanders, Carroll set about creating a solution.
The government provided Carroll with his first contract to solve the problem, though the agency that provided the funds is classified. “And so we built the company. That led to them to say, ‘Hey, how would you do it?’ We said, ‘Well, you can stitch these 29 systems together to build a platform. And the security aspect was a big component of that, too. But how do you do it safely and securely? We realised that to provide secure access, you need a symbiotic relationship between legal, governance teams that own the data, and the consumers of that data. And so this concept of security is really the amalgamation of these three different departments working together. So, security is no longer just about protecting a third party adversary. Security is about privacy, contractual management. It's about how do we make risk decisions. All of that encompasses this new concept of data security,” says Carroll.
While Carroll and his co-founders Steven Touw and Michael Schiller formally launched the company in 2015, it took a year to build a commercially viable product that would provide the data access control, allowing for the complexity of legal, contractual and security obligations in one software platform. But the company has been on a steady rise since.
Its strategy to build native integrations with the largest Cloud data platforms like Snowflake, Databricks, AWS, Google and Microsoft has allowed Immuta to grow significantly over the past few years. In 2021, the company saw more than 100% increased revenue, nearly doubled its customer base and expanded its employee headcount by 100% to more than 250 employees working with such blue chip customers as JB Hunt, S&P Global and AON.
The company’s growth trajectory has allowed it to attract $258.2 million in venture funding, including its June 8, 2020 $100 million E round led by NightDragon Security that values the company at $1 billion. Additional investors include Snowflake Ventures, Intel Capital, DFJ Growth, Drive Capital, Greycroft, Blu Venture Investors and others.
Carroll sees three trends driving Immuta’s continued growth. “First, I think you're going to see a lot more consumer protection around data use. So that gives us an incredible opportunity for us to act as a balance to allow corporations to leverage that data while still sustaining privacy and ethical oversight of data processing. The second thing is this concept of data contracts. There’s great potential for us with the automation of regulatory oversight of privacy. Thirdly, the globalisation of data jurisdictions is not going to slow down. The future of our potential is a policy platform in the Cloud, where we can apply these data security components anywhere in the world, whether it's regulatory policy, contractual policy, or just internal business rules,” says Carroll.
Carroll grew up in what he describes as a blue-collar family in Boston. He graduated from Brandeis College in 2005 with a degree in Chemistry, Biochemistry and Biology with thoughts of becoming a doctor, but discovered it wasn’t for him. “I enjoyed the science. I enjoyed chemistry and all that, but I just didn't like the field at all. And at the time, the war [in Iraq] kind of went a little crazy. So, I joined the Army thinking I'll still do applied research, because that made all the sense in the world when you're 21. And they most definitely did not need a chemist with no PhD. But what they did need was bodies. And so, I ended up with military intelligence,” says Carroll.
Nine months later, he was in Baghdad and his experiences there changed his life. While the war continued to rage in Iraq, he saw the introduction of smartphones, drones with video being overlaid on to maps, and the amalgamation of many different types of data to make battlefield decisions. “I was a dumbass 21-year-old kid that had an insane amount of responsibility,” says Carroll. He learned that data is really powerful, but also comes with a lot of responsibility with his own and other’s lives on the line. But he learned he was good at data and that experience set him up on his private sector career and entrepreneurial path.
After four years in the Army, he left military service for the private sector to become Product Director at 42six in 2009. That company was acquired by CSC, where Carroll worked his way up to the CTO position for the company’s Defence and Intelligence unit, prior to founding Immuta in 2015.
As for the future for Immuta? “I want to be the ‘Cloudflare for data.’ I think as the internet continues to scale globally, a framework is necessary to provide data policy oversight. There are regulatory and contractual obligations to process that data, whether it's on the device, whether it's in a car, whether it’s at a telco center somewhere or in one of the big Clouds, organisations need a consistent manner to enforce policy everywhere. Immuta wants to be the software that makes those decisions possible for these companies,” concludes Carroll.
