Investment Note

Our investment in DataMasque

DataMasque team

INVESTING IN THE NEXT GENERATION OF ‘DATA MASQUING’ AND DATA OBFUSCATION SOLUTIONS

12 SEPTEMBER 2023

Off the back of mandatory data masking requirements for all businesses who are ISO27001 compliant (estimated to be over 50,000 globally), we are excited to be partnering with the DataMasque team, leading their first round of external investment of NZ$2.7m. The funding will help accelerate DataMasque’s global growth as data security and privacy takes the forefront in all business operations in regulated industries.

THE CURRENT PROBLEM

In the current ever-expanding digital environment, challenges associated with data privacy, security, and compliance have become explicitly prevalent. As technology advances and data becomes more pervasive, the need to protect sensitive information has become paramount.

DataMasque solves a problem facing many modern companies dealing with large amounts of digital sensitive customer data; ‘How to use that data securely?’

As businesses look to build new products or upgrade their services, many turn to their own customer data in this testing phase, creating an unnecessary vulnerability for cyber criminals. This is because using real data provides higher quality return output, however, poses a risk given development environments are less secure. Development and testing environments typically have less stringent security measures compared to production environments, making them more susceptible to breaches, unauthorised access, or accidental leaks. DataMasque solves this problem by giving businesses a simple way to replace sensitive data with realistic alternatives. This allows businesses the freedom to engineer with ‘synthetic’ customer data, without putting real customer information at risk. 

PROTECTING AGAINST DATA BREACHES AND ACHIEVING COMPLIANCE

Some of the largest data breaches ever recorded have originated in development or testing environments, including Uber (here) and T-Mobile (here).

Privacy regulations and standards like GDPR, PCI-DSS, HIPPA and IRAP require organisations to protect and limit access to personal data. With data breaches becoming more sophisticated, data masking is a critical part of an organisation’s compliance and data protection strategy.

The international standard for Data Security, ISO27001 recently updated the mandatory security controls to include data masking. This means that if a business wants to protect customer data to the international standard, they will need to make sure data masking is a part of that process. DataMasque is in a prime position to take advantage of this next wave in business data protection.

THE SOLUTION “DATAMASQUE”
WHAT IS DATA MASKING?

The goal of data masking is to protect sensitive data, while providing a functional alternative for when real data is not needed. A copy of the data is produced that uses different values but in the same format, therefore maintaining its functional properties. Subsequently, in the event that the data is accessed by unauthorised personnel, the data becomes of zero value.

WHY DATAMASQUE

It’s estimated that 80% of US enterprises are either not masking or use custom scripts and manual data preparation techniques to protect their sensitive data. As organisations increasingly deploy hybrid and multi-cloud environments, legacy solutions fail to maintain referential integrity and data consistency across environments increasing the risk of customer data being used for development, testing or training purposes. Where, typically organisations must make trade-offs between data security and data utility, DataMasque’s production realistic data makes it possible to achieve both.  

DataMasque achieves this by integrating into organisations data provisioning pipelines (the process of copying data from production to non-production environments) and replacing sensitive data such with realistic, functional and consistent values. No production dataset is perfect, and DataMasque’s imitate function means that data can be masked down to a field level, meaning the data is fully production realistic.  

The built in sensitive data discovery tool scans an organisations database and automatically identifies and highlights new unmasked data, meaning companies can spend less time keeping data masking current and more time on development.

DataMasque is the exclusive masking provider for leading data management platform Cohesity and is available through the AWS and Azure marketplaces. The business has achieved international success with deployments in Australia, the USA, New Zealand and India across government, financial services, telecommunications and healthcare.

INVESTMENT THESIS
HERE AT OIF, WE ALWAYS AIM TO BACK THE BEST FOUNDERS AND TEAMS, AND THE DATAMASQUE TEAM IS NO EXCEPTION  

From our first interaction with Grant (CEO), Aimee (CPO), and Greg (CFO) and the rest of the DataMasque team, it was clear they brought unique insights into the current problem faced by enterprise companies managing sensitive data. Grant brings with him a wealth of expertise in managing globally diverse teams and clients within highly regulated industries. His previous roles such as Global Head of Product Sales for a leading data registry company in Australia and New Zealand demonstrates a proven track record of driving business growth and expansion.  

Together the founding team have demonstrated deep sector knowledge and combined with their strategic vision, we believe that DataMasque is on track towards becoming a dominant player in the market.

INCREDIBLY LARGE AND GROWING MARKET WITH REGULATORY TAILWINDS

As a result of the growing technological landscape combined with the heightened risk of data breaches, the market for data security compliance is growing at an immense speed on a global scale, with Gartner forecasting spend on InfoSec and Risk Management to reach US$221 billion by 2025. Additionally, the synthetic data generation market is expected grow from ~$200m in 2022 to ~$2.1bn by 2028, representing an annual CAGR of 46% (According to MarketsandMarkets). Further accelerating the growth of this market is the introduction of new global regulatory standards, more specifically ISO 27001:2022 - Control 8.11-Data Masking, which requires organisations to implement measures to protect personal information that is processed or stored in non-production environments.  

STRONG EARLY TRACTION WITH GLOBAL ENTERPRISE AND GOVERNMENT CUSTOMERS

It is clear that we are not the only ones impressed with DataMasque and the solution they provide. There are not many companies that within 12 months of launching to market, have grown ARR by 15% MoM and have won multiple enterprise customers with the likes of TAL, One NZ, Resolution Life and Best Western as some active users of DataMasque.

WHERE TO NEXT?

DataMasque has already secured distribution partnerships with the likes of AWS marketplace and other leading industry partners and counts global enterprise companies and governments as key customers. As businesses continue to face increasing pressure to maintain data privacy and security standards, data masking solutions like DataMasque will continue to become increasingly critical in a company’s security architecture. And with a team proven in scaling businesses, combined with a best-in-class product, we believe there is no better company to back than DataMasque and we are super excited to partner with them on their journey.