Obsidian Security raises $90 million to help businesses reduce SaaS security risk

Obsidian Security announced $90 million in Series C financing led by Menlo Ventures, Norwest Venture Partners and IVP, with participation from existing investors Greylock, Wing and GV. Obsidian, which has now raised $119.5 million in total financing, will add Menlo Ventures Partner Venky Ganesan to its board of directors.

Obsidian Security financing

A leader in the SaaS Security Posture Management (SSPM) category coined by Gartner, Obsidian was founded in 2017 to help security and IT operations teams bridge the security and compliance gaps created when lines of business adopt SaaS applications to run business-critical functions like finance, payroll, HR, sales and operations. The adoption of tools like Salesforce, Workday, Github, Google Workspace, Microsoft 365, ServiceNow and Zoom only accelerated during the COVID-19 pandemic with organizations of more than 1,000 employees using more than 150 SaaS applications on average.

This need to secure the most critical applications from external attacks, insider threats and misconfiguration, drove explosive revenue growth in 2021 for Obsidian. With 5x growth in deals of $100,000 or more last year, Obsidian has only just begun addressing the SaaS security gap.

“There’s a myopic focus on securing cloud infrastructure and company endpoints leaving a significant gap in the middle where users, data and business assets live — SaaS applications,” said Menlo Ventures Partner, Venky Ganesan. “In our conversations with CISOs and CIOs we have seen a profound shift that legacy security and configuration tools are not enough to protect an organization’s most critical assets. We believe that Obsidian’s holistic approach to SaaS security will help define this category.”

Obsidian fills the gap left by traditional security solutions by analyzing state and activity data within and across applications to help reduce over-privilege, optimize configurations, prevent sensitive data from being exposed, and detect compromised accounts and insider threats. This protection is critical as according to Microsoft, 80 percent of employees use applications that may not be compliant with an organization’s security and compliance policies. The security challenge is further complicated by the thousands of integrations and plugins available for some of the world’s most popular applications.

“There hasn’t been a comprehensive and contextual platform for securing third-party SaaS applications until Obsidian,” said Hasan Iman, CEO of Obsidian Security. “We’re not only enabling security teams to detect more threats and proactively improve their security posture, we’re bringing together all the stakeholders in SaaS adoption — application vendors, lines of business, security and IT operations — to create a shared-responsibility model for SaaS security. The need for this is exemplified by the recent breach at Okta. We’re honored to have investment partners like Menlo, Norwest and IVP join us in our mission.”




Share this