From left to right: Rohan Sathe, CTO, and Isaac Madan, CEO

Cloud-Native Data Loss Prevention: Our Partnership with Nightfall

4 min read November 7, 2019
Spotlight Infra

Several years ago, I switched banks and had to update my direct deposit information at my employer. I Slacked the paperwork over to my HR rep, who then Slacked the new account number and my PDF over to her contact in finance to carry out the update. Easy, right?

Wrong. In an ever-stricter regulatory environment, that’s a security and compliance nightmare. What happens if there’s a data breach and our channel data is exposed? What happens if I send the data in the wrong channel, or someone gains unauthorized access to an employee’s Slack account? It’s bad for me, but worse for my employer’s security and compliance teams.

The migration from on-premise software to cloud SaaS apps has eased the process of sharing and receiving data, but has introduced a new, worrisome data sprawl issue. The problem is far larger than just bank account numbers in Slack. Unencrypted sensitive data of all sorts (e.g. the kind subject to FINRA, HIPAA, GDPR, and other privacy regulations) can be placed, unencrypted, into a universe of cloud services (e.g. Atlassian, Box, AWS) by well-intentioned but unwitting employees.

Enter Nightfall.

Nightfall, formerly known as Watchtower, is a cloud-native data loss prevention (DLP) product that integrates seamlessly with your business’s SaaS applications and data infrastructure to reign in the sharing of unencrypted sensitive data.

Our partnership with Nightfall started when we co-led its seed round last year alongside our friend Brian Ascher at Venrock. Today, we’re thrilled to announce that we’re redoubling our commitment to Isaac, Rohan, and the rest of the Nightfall team by co-leading their $20.3 million Series A with Brian.

Nightfall delivers an industry-leading, context-rich DLP solution. Here’s how it works: Nightfall integrates with your cloud SaaS APIs, and its natural language processing engine develops a deep understanding of what sensitive data looks like — both generally and specifically for your business. Leveraging this understanding, it continuously monitors your cloud services and detects when sensitive data is shared in violation of policy. Nightfall can then notify your security team and take remediation actions, all of which is configurable from an easy-to-use web interface.

Nightfall addresses a key limitation that existing solutions can’t solve: cloud services lack embedded capabilities to prevent the unauthorized sharing of sensitive data.

In fact, many cloud services don’t want to inspect data at all and leave it to customer security teams, who, in turn, face pressure from new regulations surrounding sensitive data.

Businesses have historically turned to legacy DLP products. These require lots of configuration and are un-adaptive, which leads to additional noise as rules obsolesce. They also require analysts to triage large numbers of alerts, and they simply can’t monitor the data stores of cloud services. As a result, legacy DLP products are rapidly becoming ineffective in a modern environment.

Nightfall takes a highly differentiated approach that the market demands.

Nightfall’s approach stands in contrast to more traditional rules-based approaches, meaning that it works just as well on structured data as unstructured data, on text as files, on well-formatted data as ill-formatted data. Security engineers love it: gone are the tiresome days spent tuning regular expressions. CISOs love it, too: their teams are freed up to focus on the pressing matters that aren’t yet machine-solvable.

Equally significant is Nightfall’s low-friction integration: unlike traditional DLP, it takes just a few clicks to plug into all of your cloud services’ APIs. The API integration also enables Nightfall to learn business context via your organization’s historical data, meaning that Nightfall delivers powerful detection that’s tailored specifically to your business. This context even has potential to extend cross-platform. For example, if you notice an employee downloading a bunch of files from Dropbox, that’s not alarming by itself; however, if your payroll system provides insight that an employee recently gave their two weeks’ notice, their behavior might be worth a follow-up.

Nightfall is at the forefront of products leveraging a broader business context to inform DLP decisioning, delivering more useful and more accurate results for customers. Isaac and Rohan are bringing their extensive expertise in machine learning and hyperscale systems to secure the enterprise public cloud, and we couldn’t be more excited to deepen our partnership with them.

Related Insights

How to Lower Your AWS Bill

AWS can quickly become the second largest expense for a company (after headcount). BCV Partner Aaref Hilaly and Momento co-founder Khawaja Shams share key habits that every company should be doing to lower its AWS bill at the growth stage.

Aaref Hilaly 1 min read
Business Building Infra Growth

Momento: Data Retrieval Doesn’t Have to Be a Pain in the “Cache”

There are two big movements in infrastructure software. One is open source, epitomized by Confluent and Mongo. These are projects that often incubate in large companies, or as hobbies for their talented founders, before blossoming into independent companies.  The other is “serverless”, which asks engineers to accept closed-source in exchange for ease of use, infinite…

Aaref Hilaly 3 min read
Spotlight Infra Seed

Large Language Models Will Redefine B2B Software

“We should partner with […]. They come up in 70% of our sales calls.” That’s what the new COO at one of our companies told us last week after her second week on the job. It stuck in my mind because only a few years back, it would have been impossible for her to know…

Sam Crowder 5 min read
Domain Insights Infra