Metomic is a company that helps you detect and protect sensitive data across your SaaS apps. Pulse 2.0 interviewed Metomic CEO and co-founder Richard Vibert to learn more about the company.
Background Of Metomic’s Founders
Vibert is a data scientist with advanced degrees in Mathematics and the company co-founder and CTO Ben Van Enckevort, is an engineer with a Master of Engineering degree from Imperial College, London.
Before launching Metomic, Vibert led data strategy at Sotheby’s and worked at DeMystData where he leveraged machine learning to help global financial, telecommunications, and insurance organizations detect and combat fraud, assess credit risk, acquire customers, etc.
Ben has a background as a team lead for technical architecture and software engineering. Before joining Vibert to create Metomic, Ben co-founded Clarify, a time-tracking tool for freelancers and agencies that monitored data in SaaS applications and used automated work diaries to deliver more accurate timesheets.
“I can’t think of a better co-founder and CTO. Ben knows how to balance the demands of security professionals who need easy and automated ways to safeguard sensitive data while still allowing employees the ability to work and collaborate using cloud-based apps like Slack, Notion, Airtable, and more,” said Vibert.
Formation Of Metomic
The founders of the company had become interested in data security and privacy since they shared a conviction that companies can greatly improve their outcomes by making better use of data and that they could accelerate progress by utilizing SaaS productivity and collaboration apps. But the founders also understood that this vision – a company where everyone has access to the insights and data they need to make better decisions faster – would fall short if there was not a sure-fire way to ensure that sensitive data was only seen by those who should have access.
The question was how could they make these kinds of SaaS environments “safe” enough, even for security, privacy, and compliance teams in the most highly-regulated industries. That’s the challenge that they are seeking to address with Metomic.
What are Metomic’s core products and features?
“Our platform is pretty comprehensive and includes features for data discovery, data loss prevention, access controls, human firewall, insider threat, and compliance. We want to give security professionals complete visibility and control over what data is being processed, where it is, and who has access,” Vibert explained. “We start by connecting to the data layer of these popular collaboration apps via API and without the use of agents. We also leverage machine learning (ML) to identify those risks that matter most in order to combat the alert fatigue that can easily overwhelm IT and security teams. Finally, we help companies control what employees are doing with sensitive data inside SaaS apps by enlisting employees as a ‘Human Firewall’ with real-time warnings and one-click remediation when employees share data within SaaS apps.”
Metomic wants to make it as easy as possible for security, privacy, and compliance teams to ensure their organizations’ use of SaaS meets the expectations of regulations and standards like the GDPR, CCPA, HIPAA, and PCI DSS without slowing down employees’ work.
“We realized, after speaking with dozens of companies, that sensitive data was sprawled across every SaaS application they used and that 99% of it was now redundant and didn’t need to be there anymore,” Vibert added. “It was putting so much unnecessary risk on the entire business and stress that the security team simply didn’t need or deserve. We want to help these teams find this sensitivity and easily derisk it, without getting in the way of everyone else in the business.”
Evolution Of Metomic’s Technology
Metomic has been constantly improving its offering by using machine learning to help companies find the “Risks That Matter” inside their SaaS apps without getting in the way of employees doing their jobs.
The company’s AI is using dozens of data points to look for data sharing which could be risky. This includes the what, where, when and who.
– What data is being shared (e.g. customer passport photo is worse than an internal email address)?
– Where is the data being shared (e.g. if it’s shared in a Slack channel which has 2,000 people in it, that might be worse than in a private Slack channel between two people)?
– When is the data being shared? We’re looking for anomalies (e.g. if Google Drive files with sensitive data are being created at 2 am vs during business hours).
– Who is the data being shared with? How many internally? How many people are external? Is it public, etc?
Recently, the company raised a $20 million Series A round of funding led by cybersecurity investment firm Evolution Equity Partners.
“It has been instrumental in helping us hire the staff we need to expand our US operations. We are also using the investment to fund research and development,” Vibert noted.
Customer Success Story
When I asked Vibert about a customer success story, he cited TravelPerk. TravelPerk’s Security team was seeking a solution that would automatically provide visibility into Google Drive, Slack, and Zendesk as these apps were integral to daily business operations. Through Metomic, TravelPerk found a solution that gave them instant visibility of sensitive data via a dashboard. It then runs in the background with tailored alerts for the highest-priority risks.
“TravelPerk obtained value from Metomic in a matter of days. One of the key risks James wanted to mitigate was technical secret exposure, and Metomic was able to find relevant risks quickly,” Vibert noted.
What is the market that Metomic is targeting? “SaaS app usage continues to grow – it was up 18% last year, with businesses using, on average, more than 130 SaaS tools across the organization. And with the growth of remote work, the volumes of sensitive data being shared via these tools continues to rise,” analyzed Vibert. “It is incredibly easy for employees to share data on these apps every single day, leaving behind huge data risks in the natural course of day-to-day business. This can put an enterprise’s most sensitive data at risk, including personal identifiable information (PII), financial data, and security credentials.”
Differentiation From The Competition
What differentiates Metomic from the competition?
“We understand the benefits of these popular SaaS apps. We don’t want to get in the way of the productivity boost they enable by accelerating collaboration. But we also don’t want to overwhelm security teams with a large number of less-than-critical alerts,” Vibert replied. “We solve this by leveraging artificial intelligence to identify the risks that actually matter and by making it easy for security teams to involve their workforce in quickly remediating and preventing sensitive data risks through real-time Slack notifications. This combination of artificial intelligence and a ‘human firewall’ is the only way to scale data security for the modern workforce.”
What are some of the company’s future goals?
“Today, organizations don’t have the visibility to answer questions like ‘how much PII is in my Google Drive?’ In five years, the ability to answer this question – and more nuanced ones like ‘which US employees have access to EU customer data?’ – will become table stakes. We hope to lead the way,” Vibert concluded.