Metomic cofounders Ben van Enckevort, CTO, and Rich Vibert, CEO.

Image Credit: Metomic

Collaboration is a data security nightmare. The more accessible data is to employees working remotely, the greater the risk of it falling into the wrong hands. After all, today’s critical data assets aren’t just residing in tightly controlled on-premises servers, they’re often openly available in SaaS apps and collaboration tools like Slack. 

However, a new breed of data security provider is emerging, looking to prevent data leakage from SaaS apps altogether. One such provider is Metomic, which today announced it has raised $20 million as part of a series A funding round led by Evolution Equity Partners. Metomic specializes in using artificial intelligence (AI) to detect data leaks in SaaS apps. 

Metomic’s solution uses AI to identify data leakage risks in real time with no-code workflows that security teams can use to automate data policies across SaaS applications like Google Apps, Slack, Jira and Zendesk. 

This “human firewall” approach means that if a user exposes a sensitive file, Metomic will generate a real-time notification to notify the compliance team about potential violations. 

The cost of collaboration 

The announcement comes as SaaS apps have emerged at the heart of a number of high-profile data breaches, the most notable impacting Rockstar Games and Uber, where hackers used social engineering to gain access to both companies’ internal Slack channels.

One of the unfortunate realities of the hybrid work era is that SaaS apps are a honeypot of confidential information and intellectual property that cybercriminals can and will exploit if they have the opportunity to. 

“With the growth of remote work, the volumes of sensitive data being shared via these tools continues to rise. It is incredibly easy for employees to share data on these apps every single day, leaving behind huge data risks in the natural course of day-to-day business,” said Richard Vibert, Metomic CEO and cofounder. 

Augmenting these challenges is a lack of transparency over what types of sensitive information and IP are shared. 

“Today, organizations don’t have the visibility to answer questions like ‘how much PII is in my Google Drive?’ In five years, the ability to answer this question — and more nuanced ones like ‘which U.S. employees have access to EU customer data?’ — will become table stakes,” Vibert said.

Metomic’s answer to these challenges is to provide a solution that enables security teams to create custom classifiers for what constitutes PII. Then the tool will use those classifiers to automatically identify sensitive data shared within the app, assign an AI-driven risk score, and redact it if it’s protected. 

A look at the SaaS security market 

Metomic’s solution sits within the SaaS security market, which researchers valued at $8.2 billion in 2021, and estimate will reach $21 billion by 2028 as more organizations look to secure their attack surface against threat actors. 

One of Metomic’s main competitors in the market is Wing Security, which raised $20 million in series A funding last year with a platform designed to discover SaaS apps, users and vulnerabilities. 

Another key competitor is AppOmni, which offers inventorying for all installed third-party apps, as well as configuration management and threat detection for SaaS applications and identification of data leaks. Last year, AppOmni raised $70 million in series C funding.

The key differentiator, according to Vibert, is Metomic’s use of AI “to identify the risks that actually matter. And by making it easy for security teams to involve their workforce in quickly remediating and preventing sensitive data risks through real-time Slack notifications.”