48-hour, buy-one-get-one free — TC Sessions: Enterprise 2019

/0 Comments/in /by

Every startupper we’ve ever met loves a great deal, and so do we. That’s why we’re celebrating Prime day with a 48-hour flash sale on tickets to TC Sessions: Enterprise 2019, which takes place September 5 at the Yerba Buena Center for the Arts in San Francisco.

We’re talking a classic BOGO — buy-one-get-one — deal that starts today and ends tomorrow, July 16, at 11:59 p.m. (PT). Buy one early-bird ticket ($249) and you get a second ticket for free. But this BOGO goes bye-bye in just 48 hours, so don’t wait. Buy your TC Sessions: Enterprise tickets now and save.

Get ready to join more than 1,000 attendees for a day-long, intensive experience exploring the enterprise colossus — a tech category that generates hundreds of new startups, along with a steady stream of multibillion-dollar acquisitions, every year.

What can you expect at TC Sessions: Enterprise? For starters, you’ll hear TechCrunch editors interview enterprise software leaders, including tech titans, rising founders and boundary-breaking VCs.

One such titan, George Brady — Capital One’s executive VP in charge of tech operations — will join us to discuss how the financial institution left legacy hardware and software behind to embrace the cloud. Quite a journey in such a highly regulated industry.

Our growing speaker roster features other enterprise heavy-hitters, including Aaron Levie, Box co-founder and CEO; Aparna Sinha, Google’s director of product management for Kubernetes and Anthos; Jim Clarke, Intel’s director of quantum hardware; and Scott Farquhar, co-founder and co-CEO of Atlassian.

Looking for in-depth information on technical enterprise topics? You’ll find them in our workshops and breakout sessions. Check out the exhibiting early-stage enterprise startups focused on disrupting, well, everything. Enjoy receptions and world-class networking with other founders, investors and technologists actively building the next generation of enterprise services.

TC Sessions: Enterprise 2019 takes place September 5, and we pack a lot of value into a single day. Double your ROI and take advantage of our 48-hour BOGO sale. Buy your ticket before July 16 at 11:59 p.m. (PT) and get another ticket free. That’s two tickets for one early-bird price. And if that’s not enough value, get this: we’ll register you for a free Expo-only pass to Disrupt SF 2019 for every TC Sessions: Enterprise ticket you purchase (mic drop).

Interested in sponsoring TC Sessions: Enterprise? Fill out this form and a member of our sales team will contact you.

Amazon adds Hindi to the Alexa Skills Kit

/0 Comments/in /by

Users of Amazon’s voice assistant will soon be able to talk to Alexa in Hindi. Amazon announced today that it has added a Hindi voice model to its Alexa Skills Kit for developers. Alexa developers can also update their existing published skills in India for Hindi.

Amazon first revealed that it would add fluent Hindi to Alexa last month during its re: MARS machine learning and artificial intelligence conference. Before, Alexa was only able to understand a few Hinglish (a portmanteau of Hindi and English) commands. Rohit Prasad, vice president and head scientist for Alexa, told Indian news agency IANS that adding Hindi to Alexa posed a “contextual, cultural as well as content-related challenge” because of the wide variety of dialects, accents and slang used in India.

Along with English, Hindi is one of India’s official languages (Google Voice Assistant also offers Hindi support). According to Citi Research, Amazon holds about a 30 percent market share, about the same as its main competitor, Walmart-backed Flipkart.

Is ‘REvil’ the New GandCrab Ransomware?

/0 Comments/in /by

The cybercriminals behind the GandCrab ransomware-as-a-service (RaaS) offering recently announced they were closing up shop and retiring after having allegedly earned more than $2 billion in extortion payments from victims. But a growing body of evidence suggests the GandCrab team have instead quietly regrouped behind a more exclusive and advanced ransomware program known variously as “REvil,” “Sodin,” and “Sodinokibi.”

“We are getting a well-deserved retirement,” the GandCrab administrator(s) wrote in their farewell message on May 31. “We are a living proof that you can do evil and get off scot-free.”

However, it now appears the GandCrab team had already begun preparations to re-brand under a far more private ransomware-as-a-service offering months before their official “retirement.”

In late April, researchers at Cisco Talos spotted a new ransomware strain dubbed Sodinokibi that was used to deploy GandCrab, which encrypts files on infected systems unless and until the victim pays the demanded sum. A month later, GandCrab would announce its closure.

A payment page for a victim of REvil, a.k.a. Sodin and Sodinokibi.

Meanwhile, in the first half of May an individual using the nickname “Unknown” began making deposits totaling more than USD $130,000 worth of virtual currencies on two top cybercrime forums. The down payments were meant to demonstrate the actor meant business in his offer to hire just a handful of affiliates to drive a new, as-yet unnamed ransomware-as-a-service offering.

“We are not going to hire as many people as possible,” Unknown told forum members in announcing the new RaaS program. “Five affiliates more can join the program and then we’ll go under the radar. Each affiliate is guaranteed USD 10,000. Your cut is 60 percent at the beginning and 70 percent after the first three payments are made. Five affiliates are guaranteed [USD] 50,000 in total. We have been working for several years, specifically five years in this field. We are interested in professionals.”

Asked by forum members to name the ransomware service, Unknown said it had been mentioned in media reports but that he wouldn’t be disclosing technical details of the program or its name for the time being.

Unknown said it was forbidden to install the new ransomware strain on any computers in the Commonwealth of Independent States (CIS), which includes Armenia, Belarus, Kazakhstan, Kyrgyzstan, Moldova, Russia, Tajikistan, Turkmenistan, Ukraine and Uzbekistan.

The prohibition against spreading malware in CIS countries has long been a staple of various pay-per-install affiliate programs that are operated by crooks residing in those nations. The idea here is not to attract attention from local law enforcement responding to victim complaints (and/or perhaps to stay off the radar of tax authorities and extortionists in their hometowns).

But Kaspersky Lab discovered that Sodinokobi/REvil also includes one other nation on its list of countries that affiliates should avoid infecting: Syria. Interestingly, latter versions of GandCrab took the same unusual step.

What’s the significance of the Syria connection? In October 2018, a Syrian man tweeted that he had lost access to all pictures of his deceased children after his computer got infected with GandCrab.

“They want 600 dollars to give me back my children, that’s what they’ve done, they’ve taken my boys away from me for a some filthy money,” the victim wrote. “How can I pay them 600 dollars if I barely have enough money to put food on the table for me and my wife?”

That heartfelt appeal apparently struck a chord with the developer(s) of GandCrab, who soon after released a decryption key that let all GandCrab victims in Syria unlock their files for free.

But this rare display of mercy probably cost the GandCrab administrators and its affiliates a pretty penny. That’s because a week after GandCrab released decryption keys for all victims in Syria, the No More Ransom project released a free GandCrab decryption tool developed by Romanian police in collaboration with law enforcement offices from a number of countries and security firm Bitdefender.

The GandCrab operators later told affiliates that the release of the decryption keys for Syrian victims allowed the entropy used by the random number generator for the ransomware’s master key to be calculated. Approximately 24 hours after NoMoreRansom released its free tool, the GandCrab team shipped an update that rendered it unable to decrypt files.

There are also similarities between the ways that both GandCrab and REvil generate URLs that are used as part of the infection process, according a recent report from Dutch security firm Tesorion.

“Even though the code bases differ significantly, the lists of strings that are used to generate the URLs are very similar (although not identical), and there are some striking similarities in how this specific part of the code works, e.g., in the somewhat far-fetched way that the random length of the filename is repeatedly recalculated,” Tesorion observed.

My guess is the GandCrab team has not retired, and has simply regrouped and re-branded due to the significant amount of attention from security researchers and law enforcement investigators. It seems highly unlikely that such a successful group of cybercriminals would just walk away from such an insanely profitable enterprise.

The Good, the Bad and the Ugly in Cybersecurity – Week 28

/0 Comments/in /by

The Good

Microsoft has addressed 77 vulnerabilities in its July Patch Tuesday update, with 15 of them rated as critical and two known to be under active exploit.

Adobe has issued a small group of updates, with surprisingly none for Acrobat Reader or Flash.

Eleven of the critical bugs are for scripting engines and browsers, and the four others affect the DHCP Server, GDI+, the .NET Framework and the Azure DevOps Server/Team Foundation Server.

The Bad

Zoom is a success story. The small startup was able to disrupt the giants that repeatedly failed to solve a growing need for Enterprise – allow a flawless video conference. So many have tried before; Cisco, GoToMeeting and even Google and Uber, but only Zoom got it right. Zoom was able to become profitable and went public.

This week, we learned the Apple Mac version contained a software vulnerability that could lead to remote command execution (RCE) on any macOS device, even if the Zoom app had been uninstalled. Zoom has pushed out an emergency patch to address the zero-day vulnerability for Mac users that could potentially expose a live webcam feed to an attacker, launching the user into a Zoom video chat they’d never intended to join.

The move is a surprise reversal of Zoom’s previous stance, in which the company treated the vulnerability as “low risk” and defended its use of a local web server that incidentally exposed Zoom users to potential attacks.

Meanwhile, Apple have taken things into their own hands and released an update to their malware removal tool (MRT.app) that removes the affected Zoom components. Apple users need to restart the Mac first, however, as Apple’s MRT protection is only run once at each boot time.

The Ugly

Back in 2018, the Singapore-based company Broadcom tried to acquire Qualcomm as part of its plans to relocate its headquarters to the United States. They failed after President Donald Trump said he had “credible evidence” that the deal had the potential to threaten the national security of the United States. Symantec, who is still protecting (too) many enterprises, suffered in recent years from financial instability and executables turnouts.

Will Broadcom be able to fix these leadership problems that the well funded Symantec could not? If you look at the history of similar attempts with Symantec’s traditional rival McAfee, which was bought by Intel and then sold to TPG Capital and Thoma Bravo, the answer is nothing great should be expected.

Not that that’s stopping McAfee from trying again. In an attempt to join the rush of security companies going public, McAfee has announced that they might announce a listing later this year. Or they might not. Wat? It seems the owners are also considering the possibility of an outright sale. Confused? Watch this space!

 

Like this article? Follow us on LinkedIn, Twitter, YouTube or Facebook to see the content we post.

Read more about Cyber Security

With $34B Red Hat deal closed, IBM needs to execute now

/0 Comments/in /by

In a summer surprise this week, IBM announced it had closed its $34 billion blockbuster deal to acquire Red Hat. The deal, which was announced in October, was expected to take a year to clear all of the regulatory hurdles, but U.S. and EU regulators moved surprisingly quickly. For IBM, the future starts now, and it needs to find a way to ensure that this works.

There are always going to be layers of complexity in a deal of this scope, as IBM moves to incorporate Red Hat into its product family quickly and get the company moving. It’s never easy combining two large organizations, but with IBM mired in single-digit cloud market share and years of sluggish growth, it is hoping that Red Hat will give it a strong hybrid cloud story that can help begin to alter its recent fortunes.

As Box CEO (and IBM partner) Aaron Levie tweeted at the time the deal was announced, “Transformation requires big bets, and this is a good one.” While the deal is very much about transformation, we won’t know for some time if it’s a good one.

Transformation blues

Judge dismisses Oracle lawsuit over $10B Pentagon JEDI cloud contract

/0 Comments/in /by

Oracle has been complaining about the procurement process around the Pentagon’s $10 billion, decade-long JEDI cloud contract, even before the DoD opened requests for proposals last year. It went so far as to file a lawsuit in December, claiming a potential conflict of interest on the part of a procurement team member. Today, that case was dismissed in federal court.

In dismissing the case, Federal Claims Court Senior Judge Eric Bruggink ruled that the company had failed to prove a conflict in the procurement process, something the DOD’s own internal audits found in two separate investigations. Judge Bruggink ultimately agreed with the DoD’s findings:

We conclude as well that the contracting officer’s findings that an organizational conflict of interest does not exist and that individual conflicts of interest did not impact the procurement, were not arbitrary, capricious, an abuse of discretion, or otherwise not in accordance with law. Plaintiff’s motion for judgment on the administrative record is therefore denied.

The company previously had filed a failed protest with the Government Accountability Office (GAO), which also ruled that the procurement process was fair and didn’t favor any particular vendor. Oracle had claimed that the process was designed to favor cloud market leader AWS.

It’s worth noting that the employee in question was a former AWS employee. AWS joined the lawsuit as part of the legal process, stating at the time in the legal motion, “Oracle’s Complaint specifically alleges conflicts of interest involving AWS. Thus, AWS has direct and substantial economic interests at stake in this case, and its disposition clearly could impair those interests.”

Today’s ruling opens the door for the announcement of a winner of the $10 billion contract, as early as next month. The DoD previously announced that it had chosen Microsoft and Amazon as the two finalists for the winner-take-all bid.

Why the Pentagon’s $10 billion JEDI deal has cloud companies going nuts

11 Bad Habits That Destroy Your Cybersecurity Efforts

/0 Comments/in /by

In one of my discussions with Lester Godsey, CISO for the City of Mesa, about the role of the CISO, he said “Start by eating your vegetables”. Like many other fields in life, there is nothing better than the words of the wise and experienced. Enterprise security, like a healthy body, needs to rest on solid foundations. Although we were discussing the use of Artificial Intelligence and other advanced technologies that can help us face the risks cyber threats are posing to our way of life, the reality is that too many organizations are really behind on the basic security tasks that can improve their cyber resistance. In this post, I will cover 11 of the most common security gaps that can affect your enterprise.

11 Bad Habits That Destroy Your Cybersecurity Efforts

1. Reused Passwords

When your users register for other services on the web, too many of them will reuse their corporate passwords. In other words, when attackers are able to harvest passwords from weak websites external to your enterprise network, they can gain access to your users’ passwords and use these to breach your network. LogMeIn survey shows 59% of people use the same password everywhere.

Recommended Action: Insist on 2FA and MFA authentication, educate about security hygiene and encourage the use of unique passwords created by password management software.

2. Weak Passwords

One of the most popular passwords policies in corporate use is that passwords must include starting with a number and use a character with a Shift. This encourages many users, who are averse to learning whole new password phrases every 90 days, to only change the last character. 2q2w3e4r% becomes 2q2w3e4r^, which then becomes 2q2w3e4r& and so on every 3 months. Attackers know to look for these patterns and can easily gain access to your network with them. According to the recent Verizon Data Breach Investigations Report, 81% of hacking-related breaches leveraged either stolen and/or weak passwords.

Recommended Action: Invest in employee education and safe password practices. Mandate strong passwords and reconsider whether your password policy is really helping or harming your security efforts.

3. Social Networking

The amount of data your users are sharing with the world on social media allows attackers to learn a lot about your business and to profile your users for targeted phishing. Whether it’s Facebook allowing others to harvest user data, or just your staff posting detailed resumes on LinkedIn, it’s all data that attackers can use to craft targeted emails that can lead to a network compromise.

Recommended Action: Use simulated phishing campaigns on your workforce and make sure your security solution can recognize malicious code execution even from trusted processes.

4. Delayed Patching

Every month we hear about more and more vulnerabilities that are discovered and then patched – both on the OS level and at the application layer. Once a patch becomes available, they are quickly reverse engineered by cybercriminals to develop exploits that work well on any unpatched devices. Threat actors work fast, while users are typically slow to update and upgrade. The effort of patching often and patching early is not going away, and requires constant attention by IT and SecOps.

Recommended Action: Patching is just one of many protection layers, not a silver bullet that can completely protect your devices. Deploy an advanced EDR solution as a last line of defense against undiscovered vulnerabilities and new attack vectors.

Use software that can help automate patching to ensure all your endpoints are up-to-date.

5. Internet of Things (IoT)

Connecting more and more devices to your enterprise network, without considering the security factor, is a major risk. Many of these devices have old firmware that is easy to exploit, and they then become the weakest link in your armour and open up a route to your assets. Some IoT devices even include operational backdoors, like hardcoded admin credentials intended for maintenance but easily repurposed by threat actors. If you don’t know what devices are connected to your network, how can you defend against them when they turn malicious?

Recommended Action: Visibility across your entire network is vital, so look for and deploy a security solution that can meet that minimum requirement.

6. Linux

Many organisations are packed with Linux-based servers and services that are designed to provide maximum productivity, but if they are not managed properly, those boons can come at the expense of security. With unpatched distros vulnerable to attacks from maliciously crafted TCP packets, or long-standing but little-known privilege escalations, attackers will quickly find their way into unmanaged Linux devices.

Recommended Action: Deploy security software that is multi-platform and which can mitigate vulnerabilities in operating system software.

7. Legacy AV

It’s not a secret that traditional antivirus, a technology that was built to solve a problem that evolved from file-based viruses but turned into an endless stream of nation state level malware, including in-memory and lateral movement, does not save you from cyber threats. It’s true that over time, legacy vendors like Trend Micro, Symantec and McAfee have evolved to provide affordable IT solutions, but we see day-in and day-out how much money enterprise (and city halls) are paying for relying on weak security solutions.

Recommended Action: Active EDR solutions are the best way to protect your endpoints against ransomware and other attacks.

8. Unnecessary Rights

When attackers penetrate your network, they will look immediately for admin accounts as they will allow an easy way to move laterally to find their targets. Too many organizations fail to follow the maxim of “least privilege”. In other words, all users – right up to the CEO – should only have the rights to do what they need to do. A bank doesn’t give the Marketing Director the keys to the vault, and you shouldn’t be giving her – or anyone else – the keys to access critical parts of your network if that’s not in their job description.

Recommended Action: Removing unnecessary privileges whenever possible will reduce your attack surface dramatically.

9. Supply Chain Attacks

We select cloud vendors, manage our business intelligence through external services, manage our HR with external vendors and generally outsource more often than ever before. A legitimate software vendor pushes out what looks like a trustworthy software update to users, but it’s really a destructive instrument of cyber threats, in scale.

Recommended Action: Plug the holes that whitelisting and digital certificates create with a security solution that autonomously detects malicious code execution, whatever its source.

10. Temp Employees, Contractors & Others

The reality for the enterprise today is that it is always understaffed. While we outsource more often than ever before, we sometimes don’t have the means to enforce the right security controls and manage access to its absolute minimum. The result is we give unauthorized users access to our assets, opening the door for both internal threats and making ourselves an easy target for hackers to exploit.

Recommended Action: Take the burden off your over-worked teams by deploying software to manage access control.

11. Plugins

Chrome, Drive, Firefox and others. We allow our users to install plugins without knowing who is behind them, granting access to mailboxes, shared documents and other PII information in the business. These can offer an easy way for threat actors to compromise your business at scale, harvest your data and steal your intellectual property.

Recommended Action: Plugins are no different from any other executable software and should be monitored by a good EDR security solution.

Conclusion

The headlines always focus on the zero day vulnerabilities utilizing advanced attacks on the Enterprise, but it is too easy to compromise many of our networks when the basics aren’t even in place.  Who needs advanced attacks when an enterprise hasn’t secured its devices from routine vectors that have been known for years? The above list represents easy to implement methods to upscale your cybersecurity resistance. Manage your endpoints, manage your users and protect your business from the ground up. As Lester Godsey wisely said, “Start by eating your vegetables!”

Like this article? Follow us on LinkedIn, Twitter, YouTube or Facebook to see the content we post.

Read more about Cyber Security

Signavio raises $177M at a $400M valuation for its business process automation solutions

/0 Comments/in /by

Robotic Process Automation has been the name of the game in enterprise software lately — with organizations using advances in machine learning algorithms and other kinds of AI alongside big-data analytics to speed up everything from performing mundane tasks to more complex business decisions.

To underscore the opportunity and growth in the market, today a startup in the wider segment of process automation is announcing a significant fundraise. Signavio, a company founded out of Berlin that provides tools for business process management — “providing the ‘P’ in RPA,” as the company describes it — has picked up an investment of $177 million at what we understand is a valuation of $400 million.

This round is large on its own, but even more so considering that before this the company — founded in 2009 — had only raised around $50 million, according to data from PitchBook. This latest capital injection is being led by Apax Digital (the growth equity team of Apax Partners), with DTCP. It notes that existing investor Summit Partners is also keeping a stake in the business with this deal.

The company was founded by a team of alums from the Hasso Plattner Institute in Potsdam, Germany, who used research they did there for creating the world’s first web modeler for business process management and analytics as the template for Signavio’s own Process Manager. (The name “Signavio” seems to be a portmanteau of “navigating through signals,” which essentially explains the basics of what BPM aims to do to help a business with its decision making.)

Partly because it’s raised so little money, Signavio has been somewhat under the radar, but it has seen a huge amount of growth. It says that revenues in the last 12 months have grown by more than 70%, and its software is used by more than one million users across 1,300 customers — with clients including SAP, DHL, Liberty Mutual, Deloitte, Comcast and Puma. It counts Silicon Valley as its second HQ these days; that trajectory will be followed further with this latest funding: Signavio says the funding in part will be going to international expansion of the business.

“10 years ago, we set out on a journey to tackle the time-consuming practices that limit business productivity,” said Dr. Gero Decker, CEO and co-founder of Signavio, in a statement. “This significant new investment further validates our approach to solve business problems faster and more efficiently, unleashing the power of process through our unique Business Transformation Suite. We are thrilled to welcome Apax Digital as our new lead partner, and look forward to building upon our success to date by leveraging our partners’ operating capabilities and global platforms for our international expansion.”

The other area of investment will be the company’s technology suite. While BPM has been around for years as a concept — and indeed there are a number of other companies that provide tools that are compared sometimes to Signavio’s, such as from biggies like IBM and Microsoft through to Kissflow and others — what’s interesting is how it’s had a surge of interest more recently as organizations increasingly start to add more automation into their IT infrastructure, in part to reduce the human labor needed for more mundane back-office tasks, and in part to reduce costs and speed up processes.

Robotic process automation companies like UiPath and Blue Prism bring some of the same processing tools to the table as Signavio, although the argument is that the latter — which says it helps to “mine, model, monitor, manage and maintain” customers’ data — provides a more sophisticated level of data crunching that can be used for RPA, or for other ends. (It also works with several of the big RPA players, mainly Blue Prism but also UiPath and Automation Anywhere.)

“As businesses have become more global, and workforces more distributed, business processes have proliferated, and become more complex,” noted Daniel O’Keefe, managing partner, and Mark Beith, managing director, of Apax Digital, in a joint statement. “Signavio’s cloud-native suite allows employees across an enterprise to collaborate and transform their businesses by digitizing, optimizing and ultimately automating their processes. We are tremendously excited to partner with the Signavio team and to support their vision.” The two will also be joining Signavio’s board with this round.

OneTrust raises $200M at a $1.3B valuation to help organizations navigate online privacy rules

/0 Comments/in /by

GDPR, and the newer California Consumer Privacy Act, have given a legal bite to ongoing developments in online privacy and data protection: it’s always good practice for companies with an online presence to take measures to safeguard people’s data, but now failing to do so can land them in some serious hot water.

Now — to underscore the urgency and demand in the market — one of the bigger companies helping organizations navigate those rules is announcing a huge round of funding. OneTrust, which builds tools to help companies navigate data protection and privacy policies both internally and with its customers, has raised $200 million in a Series A led by Insight that values the company at $1.3 billion.

It’s an outsized round for a Series A, being made at an equally outsized valuation — especially considering that the company is only three years old — but that’s because of the wide-ranging nature of the issue, according to CEO Kabir Barday, and OneTrust’s early moves and subsequent pole position in tackling it.

“We’re talking about an operational overhaul in a company’s practices,” Barday said in an interview. “That requires the right technology and reach to be able to deliver that at a low cost.” Notably, he said that OneTrust wasn’t actually in search of funding — it’s already generating revenue and could have grown off its own balance sheet — although he noted that having the capitalization and backing sends a signal to the market and in particular to larger organizations of its stability and staying power.

Currently, OneTrust has around 3,000 customers across 100 countries (and 1,000 employees), and the plan will be to continue to expand its reach geographically and to more businesses. Funding will also go toward the company’s technology: it already has 50 patents filed and another 50 applications in progress, securing its own IP in the area of privacy protection.

OneTrust offers technology and services covering three different aspects of data protection and privacy management.

Its Privacy Management Software helps an organization manage how it collects data, and it generates compliance reports in line with how a site is working relative to different jurisdictions. Then there is the famous (or infamous) service that lets internet users set their preferences for how they want their data to be handled on different sites. The third is a larger database and risk management platform that assesses how various third-party services (for example advertising providers) work on a site and where they might pose data protection risks.

These are all provided either as a cloud-based software as a service, or an on-premises solution, depending on the customer in question.

The startup also has an interesting backstory that sheds some light on how it was founded and how it identified the gap in the market relatively early.

Alan Dabbiere, who is the co-chairman of OneTrust, had been the chairman of Airwatch — the mobile device management company acquired by VMware in 2014 (Airwatch’s CEO and founder, John Marshall, is OneTrust’s other co-chairman). In an interview, he told me that it was when they were at Airwatch — where Barday had worked across consulting, integration, engineering and product management — that they began to see just how a smartphone “could be a quagmire of privacy issues.”

“We could capture apps that an employee was using so that we could show them to IT to mitigate security risks,” he said, “but that actually presented a big privacy issue. If [the employee] has dyslexia [and uses a special app for it] or if the employee used a dating app, you’ve now shown things to IT that you shouldn’t have.”

He admitted that in the first version of the software, “we weren’t even thinking about whether that was inappropriate, but then we quickly realised that we needed to be thinking about privacy.”

Dabbiere said that it was Barday who first brought that sensibility to light, and “that is something that we have evolved from.” After that, and after the VMware sale, it seemed a no-brainer that he and Marshall would come on to help the new startup grow.

Airwatch made a relatively quick exit, I pointed out. His response: the plan is to stay the course at OneTrust, with a lot more room for expansion in this market. He describes the issues of data protection and privacy as “death by 1,000 cuts.” I guess when you think about it from an enterprising point of view, that essentially presents 1,000 business opportunities.

Indeed, there is obvious growth potential to expand not just its funnel of customers, but to add more services, such as proactive detection of malware that might leak customers’ data (which calls to mind the recently fined breach at British Airways), as well as tools to help stop that once identified.

While there are a million other companies also looking to fix those problems today, what’s interesting is the point from which OneTrust is starting: by providing tools to organizations simply to help them operate in the current regulatory climate as good citizens of the online world.

This is what caught Insight’s eye with this investment.

“OneTrust has truly established themselves as leaders in this space in a very short time frame, and are quickly becoming for privacy professionals what Salesforce became for salespeople,” said Richard Wells of Insight. “They offer such a vast range of modules and tools to help customers keep their businesses compliant with varying regulatory laws, and the tailwinds around GDPR and the upcoming CCPA make this an opportune time for growth. Their leadership team is unparalleled in their ambition and has proven their ability to convert those ambitions into reality.”

Wells added that while this is a big round for a Series A it’s because it is something of an outlier — not a mark of how Series A rounds will go soon.

“Investors will always be interested in and keen to partner with companies that are providing real solutions, are already established and are led by a strong group of entrepreneurs,” he said in an interview. “This is a company that has the expertise to help solve for what could be one of the greatest challenges of the next decade. That’s the company investors want to partner with and grow, regardless of fund timing.”

Swit, a collaboration suite that offers ‘freedom from integrations,’ raises $6 million in seed funding

/0 Comments/in /by

A marketplace dominated by Slack and Microsoft Teams, along with a host of other smaller workplace communication apps, might seem to leave little room for a new entrant, but Swit wants to prove that wrong. The app combines messaging with a roster of productivity tools, like task management, calendars and Gantt charts, to give teams “freedom from integrations.” Originally founded in Seoul and now based in the San Francisco Bay Area, Swit announced today that it has raised a $6 million seed round led by Korea Investment Partners, with participation from Hyundai Venture Investment Corporation and Mirae Asset Venture Investment.

Along with an investment from Kakao Ventures last year, this brings Swit’s total seed funding to about $7 million. Swit’s desktop and mobile apps were released in March and since then more than 450 companies have adopted it, with 40,000 individual registered users. The startup was launched last year by CEO Josh Lee and Max Lim, who previously co-founded auction.co.kr, a Korean e-commerce site acquired by eBay in 2001.

While Slack, which recently went public, has become so synonymous with the space that “Slack me” is now part of workplace parlance at many companies, Lee says Swit isn’t playing catch-up. Instead, he believes Swit benefits from “last mover advantage,” solving the shortfalls of other workplace messaging, collaboration and productivity apps by integrating many of their functions into one hub.

“We know the market is heavily saturated with great unicorns, but many companies need multiple collaboration apps and there is nothing that seamlessly combines them, so users don’t have to go back and forth between two platforms,” Lee tells TechCrunch. Many employees rely on Slack or Microsoft Teams to chat with one another, on top of several project management apps, like Asana, Jira, Monday and Confluence, and email to communicate with people at other companies (Lee points to a M.io report that found most businesses use at least two messaging apps and four to seven collaboration tools).

Lee says he used Slack for more than five years and during that time, his teammates added integrations from Asana, Monday, GSuite and Office365, but were unsatisfied with how they worked.

“All we could do with the integrations was receive mostly text-based notifications and there were also too many overlapping features,” he says. “We realized that working with multiple environments reduced team productivity and increased communication overhead.” In very large organizations, teams or departments sometimes use different messaging and collaboration apps, creating yet more friction.

Swit’s goal is to cover all those needs in one app. It comes with integrated Kanban task management, calendars and Gantt charts, and at the end of this year about 20 to 30 bots and apps will be available in its marketplace. Swit’s pricing tier currently has free and standard tiers, with a premium tier for enterprise customers planned for fall. The premium version will have full integration with Office365 and GSuite, allowing users to drag-and-drop emails into panels or convert them into trackable tasks.

While being a late-mover gives Swit certain advantages, it also means it must convince users to switch from their current apps, which is always a challenge when it comes to attracting enterprise clients. But Lee is optimistic. After seeing a demo, he says 91% of potential users registered on Swit, with more than 75% continuing to use it every day. Many of them used Asana or Monday before, but switched to Swit because they wanted to more easily communicate with teammates while planning tasks. Some are also gradually transitioning over from Slack to Swit for all their messaging (Swit recently released a Slack migration tool that enables teams to move over channels, workspaces and attachments. Migration tools for Asana, Trello and Jira are also planned).

In addition to “freedom from integrations,” Lee says Swit’s competitive advantages include being developed from the start for small businesses as well as large enterprises that still frequently rely on email to communicate across different departments or locations. Another differentiator is that all of Swit’s functions work on both desktop and mobile, which not all integrations in other collaboration apps can.

“That means if people integrate multiple apps into a desktop app or web browser, they might not be able to use them on mobile. So if they are looking for data, they have to search app by app, channel by channel, product by product, so data and information is scattered everywhere, hair on fire,” Lee says. “We provide one centralized command center for team collaboration without losing context and that is one of our biggest sources of customer satisfaction.”