When we started BigID in 2016, the problem of personal information misuse, abuse, and loss was gaining increasing awareness. We hadn’t yet learned about Facebook and Cambridge Analytica, Google location tracking and other now widely publicized privacy offenses, but it was clear that enterprises were going to need help safeguarding their customers’ personal information. Moreover, with GDPR now more visible over the horizon, we believed the new regulation would provide a roadmap to how best protect a consumer ’s privacy.
This bet that #privacymatters and that emerging regulations like GDPR would reshape how companies go about protecting personal data helped position BigID for a Big year in 2018 – and being named the RSA Conference Innovation Sandbox winner was an important part of that. We went into the 2018 RSA Conference and Innovation Sandbox program having just raised $14 million in our Series A in late January and had just started to scale team and sales. Being named a finalist in the RSAC Innovation Sandbox helped on both accounts, providing further credibility and awareness within. But the win ultimately was the real accelerant, helping to demonstrate to the larger security community that privacy was more than just policy and process; it was a critical data protection problem.
When I gave my RSAC Innovation Sandbox presentation last year, I said: BigID’s big idea is that privacy matters. This means bringing privacy out of the shadows and shifting it from policy and process to product. Moreover, it meant a rethink of how organizations go about protecting personal information. After all, you can’t protect what you can’t find. To assure protection and privacy of personal information you not only need to know what data you have, but also whose data you have.
We believe that enterprises must be more effective and responsible stewards of personal information. They must be more accountable to their customers and employees through a better accounting of the personal data they collect and process across the extended enterprise. GDPR helped draw corporate attention to this need through its sizeable fines and precise prescriptions. However, post-GDPR and post #RSAC 2018 companies have come to realize the importance of privacy protection will only grow with the introduction of new regulations in the US (like the new California Consumer Privacy Act) and internationally. The Internet as we know it was birthed at the end of the 20th century. Privacy and the attendant protection of personal data have in response quickly become a defining problem of the 21st century.