The challenge spurred Guy Guzner, who previously co-founded Fireglass, a cybersecurity startup that Symantec acquired in 2017 for a reported $250 million, to incubate a startup to help enterprises tackle SaaS vulnerabilities. Called Savvy, the startup today raised $30 million in a funding round led by Canaan with participation from Cyberstarts and Lightspeed.
Savvy, which Guzner co-launched with Yoav Horman, Eldar Kleiner and David Ben Zakai in 2021, aims to minimize “user-initiated” security incidents involving SaaS. How? Mainly through pop-ups that alert a user when they’re about to make an “insecure” action. Installed as a browser extension, Savvy can watch for problematic actions that a user might take on a desktop or laptop, such as submitting sensitive data to ChatGPT.
On the back end, security teams can create workflows with automation playbooks that trigger when users take certain actions. The platform can track “improvements” over time and report insights and metrics down to the role, team and user levels, optionally performing employee risk profiling.
“For example, when a user attempts to submit sensitive data, Savvy will alert them to the risk,” Guzner explained via email. “The goal of Savvy is to help users improve cyber hygiene without derailing their productivity. If users can circumvent security to complete work just a bit quicker, they often will.”
If Savvy sounds invasive, well, that’s because it has the potential to be. But tools like it are becoming more common, regardless of how employees feel about them. According to Harvard Business Review, 60% of companies with remote workers use staff monitoring software, including tools that keep track of the programs employees use and how often they use those programs.
The market for employee monitoring software, bolstered by companies’ increasing desire for greater business intelligence and analytics across their workforces, is projected to be worth $12.3 billion by 2033.
When asked about Savvy’s privacy implications, Guzner asserted that the platform takes pains to limit the amount of sensitive data that it collects and uses. The Savvy app does most of its data processing locally and delivers a deployment model where customers can run the platform in a private cloud. But Savvy does collect data — specifically metadata — for monitoring and reporting purposes, and the company stores it for 180 days by default.
That metadata retention might concern the users being monitored — and the companies entrusting Savvy with their data, for that matter. But Guzner not-so-subtly implied that it comes with the territory.
“Enterprises increasingly recognize the importance of offering employees the freedom to use SaaS to fulfill their work responsibilities. But rapid SaaS adoption, the lack of standardized apps and their security controls and the complexities introduced by app integrations are burdening security teams,” he said. “This challenges security and business managers to keep up with user requests for new apps and secure the ones already being used. A fundamental shift in the decision-making and actions surrounding software usage is required to address SaaS sprawl.”
Guzner says that the tranche announced today will be put toward scaling Savvy’s go-to-market presence and 50-person team, focusing on the U.S. market, and building out the company’s customer support and success functions. Savvy counts “several” Fortune 500 customers in tech, hospitality and consumer goods verticals among its 15 customers, Guzner claims, and has a total of 100,000 users under management.
It’s worth noting that Savvy is in a relatively stable place considering the current state of cybersecurity startup funding. According to Crunchbase, financing for venture-backed startups in cybersecurity dropped 58% to $2.7 billion, down from the $6.5 billion these startups saw in Q1 2022.
“SaaS has been a boon for the enterprise, enabling business-led initiatives and offloading effort and resources from internal IT and development. [But] unbridled SaaS sprawl is challenging resource-strapped enterprises to enforce effective security controls at scale,” Guzner said. “We started selling our solution earlier this year while still in stealth mode and we’re seeing a growing demand from enterprise customers for our solution, so it made sense to raise funds now and scale the company.”