
Get in the KNOW
on LA Startups & Tech
Xdata security
Between a distinguished career as a U.S. Navy officer and various roles at IT and cybersecurity firms, Glen Day became the Los Angeles County Department of Health Services’ first chief privacy officer in 2002—a role tasked with overseeing HIPAA compliance for over a million medical patients.
At the time, governments and businesses alike were only beginning to understand the importance of privacy in a budding technological world, where data still straddled both analog and digital realms. Two decades later, the evolution of data storage and the cloud have turned companies into data hoarders. As a result, security breaches have become more sophisticated, and privacy compliance—from the European Union’s General Data Protection Regulation rules to California’s “right to be forgotten” law—has only increased.
“When you see companies dealing with these new ransomware attacks, it is a clear indicator that they've lost control of their data,” Day told dot.LA.
In 2018, Day founded NVISIONx, a Santa Monica-based cybersecurity startup that unveiled a $4.6 million seed funding round on Thursday. Boston-based Companyon Ventures led the round and was joined by investors Morgan Stanley Next Level Fund, SixThirty Ventures, Gutbrain Ventures, PBJ Capital and CreativeCo Capital.
NVISIONx founder Glen Day.
NVISIONx “data risk intelligence” platform manages data storage and protection for enterprise clients, with the goal of helping them avoid cybersecurity breaches that could lead to regulatory fines or the loss of intellectual property. The startup has already garnered a handful of major corporate clients—most notably Meta Platforms, the company formerly known as Facebook, as well as San Diego-based fleet management software provider Platform Science.
NVISIONx’s platform examines every piece of data in a company’s repository, and takes stock of what is outdated and what is valuable and needs to be protected. The program then assesses who owns the valuable data, looks at what protocols are in place to protect it, and makes sure those protections are in line with federal, state and international compliance regulations.
Day said he was inspired by his work at accounting giant Ernst and Young. There, he oversaw cybersecurity and intellectual property protections for companies like Nike, Qualcomm and Monster Energy, which would often have large databases filled with consumer information and unpatented intellectual property. Some companies would struggle to sift through large volumes of data to protect individuals’ privacy, which could then open them up to large fines if a security breach was discovered. Others had pieces of intellectual property or research and development data scattered across unprotected data containers, leaving them vulnerable to data leaks.
By getting rid of outdated or unnecessary data, Day said, companies can save millions of dollars on the security engineers and data storage costs often required to babysit large volumes of information. “When you purge the junk, not only does it reduce your compliance scope and reduce your attack surface—it also will save you millions on a recurring basis,” he said
The seed funding will go toward marketing costs, expanding NVISIONx’s technical offerings and integrations, and growing its sales team to garner more clients, Day added.
- Work-From-Home Market Fuels Saviynt Cybersecurity Growth ›
- Los Angeles Information Security News - dot.LA ›
- Santa Barbara Cybersecurity Startups Are Having a Moment - dot.LA ›
OpenX, a Pasadena-based ad tech company, agreed to pay $2 million to settle allegations that it amassed troves of data on children as it flaunted regulations intended to protect data privacy.
The venture-backed firm used code to “inadvertently” pull location specific data from users even when they opted out and sold children’s data to third party advertisers.
Once alerted of the practice by Google, which initially discovered the leak in October 2018, the company put barriers in place to end the breach.
“To put it plainly, it was a mistake,” the company admitted in a Tuesday blog post. “In this situation, an unintentional error was made.”
The company boasts that it’s the largest ad exchange offering advertisers targeted demographics or audiences.
Since its inception in 2008, OpenX has raised $85 million in venture funding, including Samsung Ventures, Accel Partners and Wavemaker Partners, among others, according to Pitchbook.
“We take this matter incredibly seriously, and since we have always held ourselves to the highest quality standards, we thought it would be helpful to provide some context and background about what happened and what we have done about it,” the company stated.
Bottomline: The company says “a very small percentage of our ad requests” came from apps that targeted kids.
Nonetheless, since the ad requests came from apps directed at children, the Federal Trade Commission concluded after an investigation that OpenX did not put in place sufficient safeguards or have a privacy policy in place that sought the permission of parents to release the data.
The failure to protect kids under the age of 13 violated the Children’s Online Privacy Protection Act of 1998, also known as COPPA, according to the FTC in a settlement filed on Dec. 15 with the U.S District Court in Los Angeles.
The law details what a website operator must include in a privacy policy, when and how to seek consent from a parent or guardian, and what responsibilities an operator has to protect children's privacy and safety online.
- EdTech Startup GoGuardian Raises $200 Million, Despite Privacy ... ›
- TikTok Under Scrutiny From Child Privacy Advocates - dot.LA ›
- Ring Doorbell's CTO Pushes Back On Privacy Concerns - dot.LA ›
It seems like every week there's some new high profile data breach. Credit card numbers, addresses, nude photos, Democratic National Committee emails—you name it, hackers have stolen it.
Amit Saha, the CEO of Saviynt Inc, the El Segundo-based security vendor, said the problem has only gotten worse during the pandemic, with so many people working from home and using their personal computers to access corporate networks.
For Saha and his company's 750 employees, that's created a lot of work—and an opportunity. Saviynt announced Monday that they've secured $130 million in capital financing from HPS Investment Partners and PNC Bank to expand their cybersecurity SaaS technology. It's a big bet that the pandemic-fueled demand can help them build a more global company.
The principle behind the tech: trust no one. "Whenever someone is presenting an identity—claiming who they are—we do not trust the credentials they provide," said Saha. "Rather, we factor in all the different attributes. Where are they logging in from? How frequently are they accessing? What are they trying to access? Based on all those factors we decide what is the right level of trust we need to impart."
This concept of verifying identities and controlling who has access to what is paramount to maintaining network security.
Data breaches can start, he said, with something as simple as a contract HVAC worker clicking on a suspicious link and inadvertently installing ransomware on his home computer. Suddenly, hackers have a portal to a corporate network.
"That contractor's access got compromised and that compromise, in turn, leads to compromise on some other access," said Saha. "The hackers are able to hop from one system to another until they got to the right set of resources, which in turn leads to breach of sensitive data or in some cases breach of your IP. The IP could be a movie…without naming names," he said in what seemed to be a nod to the infamous 2014 hack of Sony Pictures.
Saha said the funs will help the company expand to new geographic markets. The company has a strong presence in North America and India, and much of the new cash is earmarked to help them build up a presence in other countries.
Additionally, some of the funds will be used to invest in system integration partners like Deloitte, who help to install Saviynt's technology on corporate networks, many of which are cloud-based and require extremely fast response times and greater degrees of scalability than traditional on-premise networks.
The rest of the money will go towards research and development as the company seeks to bring new products to market that allow the company to verify human and machine identities across networks.
If the company has its way, their "Zero Trust" philosophy could help companies like Sony, or Facebook, or LinkedIn, or Yahoo, or Alibaba, or Marriott, or AdultFriend Finder, or Adobe, avoid another embarrassing breach.
"We are all about, 'how do we secure the person's access?'" Saha said. "How do we assure that people accessing that resource are the right people and that they're behaving the right way?'"
- Open Raven Raises $15M to Keep Data Secure in the Cloud - dot.LA ›
- Orca Security Lands $230M as it Looks to Grow in Los Angeles - dot ... ›
- How to Practice Cybersecurity at Home - dot.LA ›
- NVISIONx Cybersecurity Startup Raised $4.6M in Seed Funding - dot.LA ›
- Santa Barbara Cybersecurity Startups Are Having a Moment - dot.LA ›