Cracking the Code on Data Security Posture Management with Ani Chaudhuri

Join Ani Chaudhuri, CEO of Dasera, as he unpacks the evolution of Data Security Posture Management (DSPM), shares his journey from founding startups to leading in cybersecurity, and reveals the keys to building a secure data future.

Written By: supervisor

0

Cracking the Code on Data Security Posture Management with Ani Chaudhuri

The following interview is a conversation we had with Ani Chaudhuri, CEO & Co-Founder of Dasera, on our podcast Category Visionaries. You can view the full episode here: Ani Chaudhuri, CEO & Co-Founder of Dasera: $21 Million Raised to Build the Future of Data Security

Ani Chaudhuri
I’m great, Brett. Great to be here with you and looking forward to a really interactive session here. 


Brett
Yeah, I’m super excited as well. And I’d love to kick off with some questions about RSA. So we’re recording this on May 16. RSA was what last week? How was RSA for you?

Ani Chaudhuri
Isa was great. There was a lot of activity this year and of course the toe cases were like full, there were so many hundreds of boots and were kind of meeting back to back. I was looking at my apple watch to see how many miles I had walked in the four days that I was there. It was like 21 miles. 


Brett
That’s insane. That’s good though. It’s good for the health. 


Ani Chaudhuri
Yeah, it’s good for the health and it’s good for business. 


Brett
Amazing. I love it. Now, when I was looking through your background, I see that you founded a company back in 2000. So take us back to that company that you founded in 2000. What was going on in your world? 


Ani Chaudhuri
Well, I come from like two generations of military, and business was never something that I was thinking about. But I went to business school anyway. And when I came out, one of the things I wanted to do was to solve problems in a meaningful way. The company I was working with is one of India’s premium premier companies. It’s called Tata Steel. While I was there, the Internet happened and immediately I fell in love with what was possible and I left Tata steel to start a company which was India’s first commodities portal. And what we did was we helped manufacturers and traders transact steel. 


Brett
And whats the biggest difference? So it looks like the current company today, you founded that in 2019. So theres about a 20 year gap between those companies. Obviously, I know you did a lot in between, but just using those two as reference points, how has building a technology company changed in the past 20 years. 


Ani Chaudhuri
Oh wow. Thats actually a very good question. So between now and my first company, in the 20 years I have founded four companies, this being the fourth, and I’ve also worked at large companies. In the meantime, things that have changed was firstly, the first company I founded was india. And this was a time india where you didn’t have VC’s, you didn’t have mentors. Indian companies were known to be service companies. And so platforms and products wasn’t the indian things. So I think that was one thing that we did first. The second was that whenever you built a technology company, right up to about 15 years back, like if I go back to my second company, which was an online backup company, we actually used to have our own servers. You had to have a data center where you were taking care of physical servers.

Ani Chaudhuri
Also a lot of the software you had to write yourself, there weren’t that many services. So there was a lot of reinventing the wheel that was happening. Now what has happened is you can now focus on the business and you can focus on your core ip while you can leverage the existing infrastructure and the existing services. This is almost like if I were to go back, let’s say 2300 years in the US, and you went to a new place, you had to figure out where water was and like what materials you would use to build a town. But today, if you move to a city, there was plumbing, there was electricity, there were places to stay already. I think that’s the kind of difference there has been in the last 20 years. 


Brett
Some chart I saw online a while ago, it said that on average, and I think this is in 1999, they said on average, it costs $5 million to start a technology startup back then and today it’s like $50 or $500, something like that. And just seeing that on a chart was pretty crazy. 


Ani Chaudhuri
I don’t know whether I agree with like $500 to start a company, especially technology company, because I think the definition of technology companies has changed. For example, if you were to go back 20 years and you wanted to create an e commerce company, you would have to take care of everything today. You would basically put together Shopify and set up your own store there. But I think the entry barrier is so low that $500 company may not be worth anything. So if you kind of change the lens from money to value created, I think it is just as hard to create value. And it takes just as much money to create value today as it was 20 years back. 


Brett
Yeah, I love that. Now let’s switch gears and let’s dive a bit deeper into everything that you’re building today. So let’s start off with just a high level on the problem. What problem are you solving?

Ani Chaudhuri
So the problem we are solving can be defined with four questions around data security. Like, everybody’s talking about securing their data, because the risk around data is just huge, and we are data driven society now. But how do you make it safe? That’s the big problem now that you break it down into four questions. And the four questions that are necessary to secure data are, where is my data? What data do I have? Who has access to it? And what risk are they introducing when they’re interacting with that data? And so what we have done is we have created a platform that answers these four questions and then automates data security and governance controls using a bunch of policies. So it makes it really easy to get started with data security. 


Ani Chaudhuri
And then we have gone about disrupting the pricing by giving you a starting point of about $500 per datastore per month so you can get started. There’s no excuse not to get started in terms of protecting your data. 


Brett
How would you describe the state of data security today? 


Ani Chaudhuri
Good question. Again, I think there are three ways of looking at it. One way of looking at it is from the consumer’s point of view. The second way of looking at it is from the company and practitioners point of view. And the third way of looking at it is from the regulatory and security framework. From a consumer point of view, the number of breaches has continually gone up. Like last year alone, it was like 2400 breaches, and it’s gone three x in the last three years. So you can imagine how much of your data is out there. So what is out there is already out there. 


Ani Chaudhuri
The second point, which is from a company or a practitioner’s point of view, I think the data infrastructure and the number of people and the ways they handle data has become so diverse that it’s practically impossible to manually do anything. So then they turn to platforms like us. And then the third element is that because of the importance of data, both from dark web as well as state actors perspective, governments have kind of woken up. So they have brought in regulations that force companies to look at data differently. So today I say like, it is not that certain industries are regulated. All industries are regulated for data. Some are more regulated than others. So thats kind of how I would define this overall state of the data security market. 


Brett
Now take us back to the early days of the company. So what did the first six months. 


Ani Chaudhuri
Look like, oh, wow, that’s a long time back. It feels like startup years. So my co founder, Noah Johnson, is a PhD from UC Berkeley. Noah and I met in early 2019, and we started talking about his PhD work. And were excited to talk to other people about using his PhD work, which was around privacy preserving algorithms to take it to market. And after he and I kind of, in the first six months, what we did was we interviewed a lot of people, trying to understand the problem and defining it very tightly. And then we started building the product. Initially, it was a small room. This was pre Covid, and within, I think, four months of the company’s founding Covid hit. And it was almost like the world had come to a standstill in many aspects. 


Ani Chaudhuri
We weren’t even sure how this would all end up. And so we’re so glad that we’ve kind of gone past that stage. And we are at a place today where we are probably one of the leading data security companies in this space. 


Brett
How long from launch did it take for you to acquire your first paying customer? And then what did you learn from that process of getting that first paying deal across the line?

Ani Chaudhuri
That’s a very good question. So any startup, like, I have been through four startups, and each of them has kind of morphed as we have learned more in the market. And this one was no exception. So the first time when we started, were thinking about the Sera. It started off with the name of first principle. We were thinking that it would be an insider threat tool, which is people access data using SQL queries and we would be able to inspect those SQL queries and basically point at different types of risk from SQL queries. By the time that were ready, we thought were ready was in 2021, mid to late 2021. And so went from those people who were, I would say design partners, a couple of them became our first paying customers. 


Ani Chaudhuri
From there on, we kind of evolved the product to a point where we not only look at insider threat, but the entire data lifecycle, and then we can automate data security and governance controls for all of your structured, semi structured, unstructured and application data in the cloud and on prem, which is way, way larger than what we thought the company would be. 


Brett
Lets talk a little bit about marketing. So if we had to summarize your approach to marketing, what does that marketing strategy and approach look like? 


Ani Chaudhuri
Good question again. So if you think about marketing in cybersecurity and by marketing, I will say go to market because its marketing and sales it is a very expensive proposition, especially in a new category like ours. If you look at the spend, for every dollar that is brought into as ARR, this space spends anywhere between ten to $20 per dollar that is brought in. Because this is a new category, this is going to gradually go down. But that’s where the status. One of the things that we have realized in this particular space is that there has been some consolidation, some larger companies have brought in some of the capabilities that are there. And so we have changed that. Number one, we have pissed up our messaging. Number two, what we have done is that we talk about our differentiators differently. 


Ani Chaudhuri
Number three, we have anchored our go to market in two ways. One is, of course, there is the direct go to market, but we’re also partnering and oeming aggressively. And third is we have changed the pricing model where people don’t have to worry about budget anymore by reducing it to like $500 per datastore per month. 


Brett
And when it comes to the category, here is the category data security posture management, or what is that market category? 


Ani Chaudhuri
Yes, this space is called data security posture management. What it means is that you have data everywhere. The first place to make sure that you have understanding of your risk is to know the status quo of where your data is, what data you have, who has access to it. And then comes the second part, which is as people are interacting with that data, what is the risk? And if there is a risk, how do you automatically either escalate it or remediate it? So that’s kind of what is DSPM. We were talking to a couple of analysts recently, and they basically said that DSPM looks static, but if you add it with a space called DDR, which is more reactive, that when you combine the two, you have something called data protection. 


Ani Chaudhuri
And I think that is where the space is going, which basically means you will have a combination of security companies, you will have a combination of backup and restore companies, you’ll have a combination of data platforms who will all cooperate to provide insights that have been actionable.

Brett
This show is brought to you by Front Lines Media podcast production studio that helps b, two b founders launch, manage, and grow their own podcast. Now, if you’re a founder, you may be thinking, I don’t have time to host a podcast. I’ve got a company to build. Well, that’s exactly what we built our service to do. You show up and host, and we handle literally everything else. To set up a call to discuss launching your own podcast, visit Frontlines IO podcast. Now back today’s. Episode. Now, I’ve done a lot of work in the cybersecurity space. I’ve worked with a cloud security post for management or CSPM company a few years back, and then I work with an ASPM company as well. And I remember when ASPM got officially recognized by Gartner. I think it was sometime around last year. That’s when the market got serious.

Brett
And that’s where a lot of these vendors who were kind of scattered, it seemed like, you know, everyone was kind of talking about it as something completely different. All of a sudden, every vendor was saying, we are an application security posture management platform, and it’s just been very competitive. Now, is that something that you’ve seen with DSPM as well?

Ani Chaudhuri
Yeah, I think most categories, kind of, especially when Gartner is involved, goes through the same cycle, which is, first there is like everybody’s trying to define what the market is, whether it is the vendor, whether it’s the analyst, whether it’s the buyer. And then Gartner is able to aggregate the ideas and thoughts and the vision of these companies. They define it more tightly, and that begins to shape the market. And when that happens, everybody who is in the neighborhood tries to hang on to that category. Now, the interesting thing is that either they hang on to the category for marketing purposes, or they hang on to the category because that’s their vision. In the end, you still have to deliver value on that roadmap. 


Ani Chaudhuri
And I think that it’s a combination of how much you’re spending and how good your product is over a period of time that will decide whether. Which are the winners in the space. I think DSPM is going through that same cycle right now. 


Brett
When did Gartner officially recognize DSPM? 


Ani Chaudhuri
I think it was about a year and a half back. But even their definition has evolved over a period of time, and it’s still evolving, actually.

Brett
Are you actively working with analyst firms, then, to try to shape that definition.

Ani Chaudhuri
Of the category since a year or so back? Yes. 


Brett
What did you learn from engaging with analyst relation firms?

Ani Chaudhuri
Okay. I think there is a give and take in analyst relationships which I didn’t understand early on when I started interacting with analysts. The give and take is that a lot of times we think of analysts as people who actually know, but I think they are the people who aggregate and are able to connect dots because they have, like, better visibility. Right. And so the give is that you have to continue to educate them and you have to share their experiences so that they can put your dots in that big map. And then you also have to listen in to the dots that they are seeing. And so I do think it’s a give and take. And that’s been my learning working with analysts. Some of them are really smart and they know what they are talking about. 


Ani Chaudhuri
Several of them have gone through these category definitions and so they have a meaningful expertise around how categories develop and how they morph and how they tweak themselves. And we are learning every day that we interact with them.

Brett
What do you think is the key to standing out in the field of cybersecurity? So when you walk the halls of RSA or black hat, it really truly does sound like everyone is saying the exact same thing, even though its completely different products in that type of world. How do you stand out, how do you be different and how do you capture the attention of the market?

Ani Chaudhuri
The thing is that if you were the only person in the market, you missed something because nobody else is talking about it. So how can it be a real market? And are there some visionaries who are talking about things before they have happened? The answer is yes. But because we are in the business space, I think there is generally going to be a groundswell around things that become more and more important. So I think it is natural that there will be multiple players. So for example, if you look at data security, posture management, okay, DSVM, less than 1% of all companies have a data security strategy in place that is mature. And the time for this space, the total addressable market is huge, which means that there is a 99% market to be tapped. 


Ani Chaudhuri
The way you stand out, number one, is that you will spend a lot of money. So that’s 1 second is that you can have a product that can be called, not just call differentiated, but prove to be differentiated, like specific things in the product that you say or do or you deliver. Nobody else can even deflect a question when it comes to that differentiator. So our strategy from the very beginning has been that we will be the best technology in the space, then we will be the best customer success company in the space. And then we are going to go and talk about marketing and sales. That allows us to deploy capital in a very efficient manner. 


Ani Chaudhuri
Because of this reason, we kind of re architected our product for partnerships and oems because we realize that yes, the Palo Alto and crowdstrikes of the world and the rubrics of the worlds did go acquire some companies so that they can tightly integrate. But there are lots of companies that compete with them and they need these weapons too. And that allows us to kind of partner with those companies and bring something to the customer. 


Brett
As I mentioned there in the intro, you’ve raised 21 million today. What have you learned about fundraising this time around? 


Ani Chaudhuri
Yeah, good question. So, you know, the first, which is the pre seed, is based on purely the team and what they’re trying to do. And this is almost resume based. So that’s the pre seed money. In the seed money, when you’re raising seed money, you’re able to show that customers are using it, whether they’re paying for it or not, but they’re beginning to use it. Right. And you’ve gotten some lessons as you were building the product and the series a for us. We raised it in, like, last year, which is 2023, in the early part of the year, January, February, when, like, there was blood on the streets. And what we realized that it was incredibly hard to raise that money. But then were able to get our customers to stand up and say, like, this is a great product. 


Ani Chaudhuri
This solves XYZ problems for us. And that’s when investors are convinced. So you kind of have to, at every stage of your company’s life, instead of looking at it from a fundraising perspective, think about the customer journey and how mature you are as a company on that customer journey. And once you are able to translate it and tell the story around that, I think everything else lines up. 


Brett
Can you give us a taste of the type of growth that you’re seeing today? 


Ani Chaudhuri
Sure, we can. So from last year to this year, one of the things that we realized was that last year was a year where people were educating themselves about data security. So you would be doing POC is you would be meeting a lot of people and they would say, this is something important, but not for now. We’ll budget for it next year. And now we are seeing that the same budgets are coming into play. So, for example, our expected growth this year is going to be in five to ten x from last year. And we are on our way to being able to achieve that. 


Brett
What do you attribute to that success and that growth? I’m sure any founder, especially anyone in cybersecurity right now, would love to be able to answer that question in the same way. What have you gotten right? 


Ani Chaudhuri
I think it is a combination of three things. Again, the first one is market readiness. You can have the best product, you can have the best marketing and sales motion, but if the market is not ready, it’s not ready. You cannot do anything about it. So I think the market, number one is ready. Second is as these spaces emerge, everybody’s trying to figure out what the right solution is, and then they reach a point where they’re generally comfortable with a definition of use cases that they want to address first. And so I think that is something that we can control and we have controlled it well, where our storyline and our use cases are very clear. And the third one is you get better by doing things. 


Ani Chaudhuri
And so what has happened is over the last several quarters, as we have interacted with prospects, with customers, as they come back, as they use the product, we’ve gotten better ourselves. And so it’s a combination of market conditions have become better. Second is that the market and us and analysts have kind of gotten penciled in version of what an ideal product at this level of maturity of the market looks like. And thirdly, that we have gotten really good at what we do. 


Brett
When it comes to your marketing and your communication, are you typically targeting like the director, vp, level of data security, or is it all about the CISO, or is it about the end user? 


Ani Chaudhuri
We as a company have decided to focus on the CISO, and in some cases we are also experimenting with the data organization, but primarily CISO. There are pluses and minuses to it. The kind of product that any data security company is, it requires a lot of permissions. It requires people to be convinced about you so that they can give you the keys to their kingdom, because guess what? You will be touching their data because you’re protecting it, right? And so it is not one of those where an individual engineer can get it started because you’ll not have all of the necessary permissions. So I think it’s top down sell at this point. Once we are bundled in with other larger partners, a couple of them we have already announced, which Washington, Cisco and cohesity, we announced it a couple of weeks back.

Ani Chaudhuri
We have two or three in the pipeline, which we will be announcing through June and July. I think those will reduce the amount of friction that we see today as a startup. 


Brett
Final question for you here before we wrap up, let’s zoom out three to five years into the future. What’s the future look like? 


Ani Chaudhuri
This was a question I asked analyst, and so I think I’m going to give you an original answer, because this is what we are supposed to do. Listen and understand where the space is going. I think data security, data protection, and these terms will evolve is going to be about the data itself. Every form of data, whether it is structured unstructured, whether it is images, whether it is design plans, all types of data, anywhere that it is, that is this infrastructure and data types, and then it will go into applications and people who are accessing it. It is already there in most cases. But interestingly, the data in use monitoring where we have a lead I think is going to get even more interesting. 


Ani Chaudhuri
It is going to get more interesting not because of what people call AI today, but enterprise AI solutions and applications is going to be a bigger headache than any chat GPT that you are thinking about today. I think encompassing all of this and providing a solution that can automate a bunch of remediations is going to be key and I think that’s where the space is going again. It will be collecting signals from different places, from different platforms so that it’s more context aware. Otherwise it is going to flood the market with additional alerts is how I think about it. 


Brett
Amazing. Love the vision and I’ve really loved this conversation. We are up on time, so we’re going to have to wrap here. Before we do, if there’s any founders that are listening in that want to follow along with your journey, where should they go? 


Ani Chaudhuri
They can come to https://www.dasera.com or they can email me at ani@dasera.com. 

 

Brett
Well, thank you so much again for taking the time. Really appreciate it. This episode of Category Visionaries is brought to you by Front Lines Media, Silicon Valley’s leading podcast production studio. If you’re a b two b founder looking for help launching and growing your own podcast, visit frontlines.io podcast and for the latest episode, search for category visionaries on your podcast platform of choice. Thanks for listening and we’ll catch you on the next episode. 

Leave a Reply

Your email address will not be published. Required fields are marked *

Write a comment...