At Waltham cybersecurity firm CloudLock, a go-to example of the company’s technology at work is its so-called “Superman policy.” As in, “we’re able to show our customers if a single user is trying to access two different applications, from two different geographic locations, in a span of time that no human being would be able to traverse,” says Gil Zimmermann, co-founder and CEO of the firm. For instance, if a single user tries to use Salesforce in San Francisco and Workday in Boston, that would prompt an alert from CloudLock. The company can then automatically take actions prescribed for them in such an event—such as suspending the user or removing access to applications.
“We focus on people and uses rather than infrastructure,” Zimmermann told me.
And, of course, they focus on the cloud. And even in the red-hot cybersecurity space, CloudLock’s approach has allowed it to emerge as an especially promising player. They ranked as the fastest-growing security product company in the U.S. on the latest Inc. 5000 list—and as No. 93 fastest-growing overall—with revenue reaching $9.1 million last year from $256,000 in 2011. (That’s the year, BTW, that the company pivoted from storage analytics to cybersecurity.) As for this year, Zimmermann is expecting triple-digit revenue growth from 2014.
“We think that security can be done differently now in the era of the cloud,” he said.
One major benefit of the approach is that companies don’t have to know every single application that their employees are using—an impossible task, given that cloud applications number in the tens of thousands. Customers of CloudLock include Whirlpool, Akamai, Workday, HBO and Motorola. And CloudLock says it has analyzed more than 91,000 cloud apps to date.
The firm employs 140, with about 100 of those in Waltham and 25 in Israel. CloudLock has raised $38 million in funding to date from backers including Bessemer Venture Partners, Cedar Fund and Ascent Venture Partners. The company has received a good deal of inbound interest from investors and is eyeing the possibility of a new round by the end of the year, Zimmermann said. “We don’t need to raise, so we can afford to be very selective” about investors, he said.
Raising the Boston profile
“The aura of Silicon Valley gives it a little bit more press.”
As for challenges in continuing the growth, Zimmermann said one that comes to mind is a sense of being generally overshadowed by cybersecurity in Silicon Valley—unjustly. “I don’t think the East Coast is getting its fair share of the spotlight and glory” in terms of cybersecurity, he said. “We’ve got some seriously impressive companies in the space—CyberArk, Rapid7, Bit9 and more … but the aura of Silicon Valley gives it a little bit more press.”
And that can have an impact around perception—probably leading to more inbound interest in Valley cybersecurity companies than Boston ones, Zimmermann said. “It’s a little bit easier for those companies to get more attention and draw initial conversations (with potential customers) … The more we can raise the profile (in Boston), the better.”