 Welcome back to Boston, everybody watching theCUBE's coverage of AWS Reinforce 22 from Boston. The land of Chowda, Lobster, the socks are ruining my summer. Andy Smith is here as the CMO of Laminar. Andy, good to see you. Good to see you, great to be here. So Laminar came out of stealth last year, 2021, sort of as we were exiting the isolation economy. Yeah. Why was Laminar started? Really about, there's two mega trends in the industry that created a problem that wasn't being addressed, right? So the two mega trends was cloud transformation, obviously. That's been going on for a while, but what most people don't realize is it really accelerated with COVID, right? Being, everybody having to be remote, et cetera, various stats I've read like increased five times, right? So cloud transformation, a now problem, right? That's going on. And the next big mega trend is data democratization. So more data in the cloud than ever before, and this is just going and going and going. And the result of those two things, more data in the cloud, how am I securing that data? You know, the breach culture we're in, like every day a new data breach coming up, et cetera, just one, Twitter one, yesterday, et cetera, that those two things have caused a gap with data security teams, and that's what he heard and addressed. Yeah, so, you know, to your point, and we tracked this stuff pretty carefully, quarterly, and you saw, it was a really interesting trend. You actually saw AWS's growth rate accelerate during the pandemic. Absolutely. You're talking about, you know, a couple of hundred billion dollars for the big four clouds, if you include Alibaba, and it's still growing at 35, you know, 40% a year, which is astounding. So, okay, so more cloud, more data. Explain why that's a problem for practitioners. Yeah, exactly. The reality is, in the security, what are we doing? What, all the security? It's about protecting your data in the end, right? Like, we're here at this, at Reinforce, all these security vendors here, really it's about protecting your data, your sensitive data. And, but what had been happening is all the focus was on the infrastructure, the network, et cetera, et cetera, and not as much focus, particularly on the data. And the move to the cloud gave the developers and the data scientists way more power. They no longer have to ask for permission. And so, they can just do what they want. And it's actually wonderful for the business. The business is moving faster, you spin up applications sooner, you get new insights, so all those things are really great, but because the developer has so much power, they can just copy data over here, make a backup over here, et cetera, and security has no idea about all these copies of the data that are out there, and they're typically not as well protected as that main production source, and that's the gap that exists. Okay, so there was this shift from sort of perimeter hardening the perimeter, hardening the infrastructure, and now your premises, it's moving to the data. We saw when there was, during the pandemic, there was definitely a shift to endpoint security, there was a shift to cloud security, rethinking the network, but it was still a lot of chasing the whack-a-mole. And people have talked about, this is a data problem for years, but it's taken a while for companies, for the technology industry to come at it. You guys are one of the first, if not the first. Why do you think it took so long is this because it's really hard? Yeah, I mean, it's hard, you need to focus on it, that traditional security has been around the network and the box, right? And those are still necessary. It's important to use identity to cover the edge, to make sure people can't get into the box, but you also have to have data. So what happened is there's really good solutions for enterprise data security, looking at database, technology, et cetera. There are good solutions for cloud infrastructure security, so the CSPMs of the world and the CWPPs are protecting containers, protecting the infrastructure, but there really wasn't much for cloud, everything you build and run in the cloud. So basically your custom applications in the IaaS and PAS environments, there really wasn't anything solving that and that's really where Laminar is focused. Okay, so you guys use this term shadow data, we talked about shadow IT, what's shadow data? Yeah, so what we're finding at 100% of our customer environments and our POVs and talking to CISOs out there is that they have these shadow data assets and shadow data elements that they have no clue that existed. So here's the example, everybody knows the main RDS database that is in production and this is where our data is taken from, but what people don't realize is there's a copy of that in a dev environment. Somebody went to run a test and it was supposed to be there for two weeks, but then that developer left, forgot, left it there, they left the company. Oh, now it's been there for two years. That there was an original SQL database left over from a lift and shift project. They got moved to RDS, but nobody deleted that thing. There, you know, it's a database connected to an application, the application left, but that abandoned database is still sitting. These are all real life customer examples of shadow data that we've run into and what the problem is that main production data store is secured pretty well. It's following all your policies, et cetera, but all these shadow data resources are typically less well-protected, unmonitored, and that is what the attackers are after. So you're, you know, the old, the Watergate follow the money, you're following the data. Following the data. How do you follow that data? If there's so much of it and it's, you know, sometimes, you know, not really well understood where it is, how do you know where it is? Yeah, it's the beauty of partnering with somebody like AWS, right? So with each of the cloud providers, we actually take a role in your cloud account and use the APIs from the cloud provider to see all the changes and all the instances are going on. Like it is, the problem is way more complicated in the cloud because, I mean, AWS has over 200 services, dozens of ways to store data, right? It's wonderful for the developer, but it's very hard for the security practitioner. And so because we have that visibility through the cloud provider's APIs, we can see all those changes that are happening. We can then say, ah, that's a data store. Let me go analyze, make a copy, have a snapshot of that and do the analyzing of that data right inside our customer's account without pulling the data out and we have complete visibility to everything and then we can give that data catalog over to the customer. All right, I got to ask you a couple of Colombo questions. So if, you know, we talk about encryption, everything's encrypted, everything. If the data is encrypted, why then would I need Laminar? Because, I mean, we're making sure that the data is encrypted, right? Often it's supposed to be a knot, right? Two is we're going to tell you what type of data is inside there. How is this, is this health information? Is it personal identity information? Is it credit cards, you know, et cetera, et cetera? So we'll classify the data for you. We will also then, there's things like retention period. How long should we hold on to that data? All the things about, who has access? What's the exposure level for that data? And so when you think about data security posture, what's the posture of that data? You're looking at those data policies. It's something that has been very well-defined and written down, but in the past, there was just no way to go verify that that policy is actually being followed. And so we're doing that verification automatically. So without the context, you can't answer those other questions. So you make sure it's encrypted, if it's not, or you can at least notify me that it's not. You don't do the encryption, right, or do you? We don't do it ourselves, but we can give you here. Here's the command in the Amazon to go encrypt it, right? And then I can automate that. And then the classification is key because now you're telling me the context so I can say, okay, apply this policy to that data, retain it for this long, get rid of it after X number of years, or if it's work in process, get rid of it now, and then who should have access to that data? And so you can help at least inform how to enforce those policies. Exactly, and so we call it guided remediation because what we're talking to a CISO, they're like, I need 400 more alerts like a hole in the head. Like that doesn't do me any good. If you can't tell me how to resolve the security gap that I have or this, then it doesn't do me any good. And the first it starts with, who do I need to go talk to, right? So they have hundreds, if not thousands of developers. Oh, great, you found this issue. I don't know who to go, like I can't just delete it myself, but I need to go talk to somebody. Really, should this be deleted? Do we really need to hold on to this? So we help guide who the data owner is. So we give you who to talk to, you give you all the context. Here's the data, here's the data asset that it's in. Here's our suggestion. Here's the problem. Here's our suggestion for solution. And you started the company on AWS? Started on AWS, absolutely. So what's the, of course, it's the best cloud and why not start there? So what's the relationship like? I mean, how'd you get started? You said, okay, hey, we got an idea for a company. We're going to build it on AWS. We're going to become a customer. We're going to, you know- We actually, so Insight Partners is our main investor. And they were very helpful in giving us access to literally hundreds of CISOs who we had conversations with before we actually launched the company. And so we did some shifting and to figure out our exact use case. But by the time we came to market, it was in February this year where we actually GA the product that we're like product market fit nailed because we'd had so many conversations that we knew the problem in the market that we needed to solve and we knew where we needed to solve it first. And the relationship with AWS is great. We just got on the marketplace, just became a partner. So really good, good start. So I got to ask you. So I always ask this question. So how do you actually know when you have product market fit? It's about those conversations, right? You know, so like I've been to lots of startups and sometimes you each have a conversation and then they're saying, oh, we kind of want this and we kind of like that. And so the more conversations you have, the more you know you're solving a real problem, right? And you react to what that prospect is telling you back and or that advisor or that whoever we're talking to. And every single one of the CISO conversations we had was I don't have a good inventory of my data in the cloud. And the reason I asked that, because I was asking startups like, when do you scale? So I think startups sometimes scale too fast or they try to scale too fast and they'll hire 50 sales people and then they, you know, they got a 50% churn but they're trying to optimize their go to market when they got 50% of their customers are going to leave. So it's got to be the sequential thing. So you got product market fit. So are you in the scaling phase now? We are, yeah, yeah, yeah. So now it's about how quickly can we deliver? We're ramping customer base significantly and, you know, we've got a whole go to market team in, you know, sales and marketing in the U.S. and often off to the races. And you just run on AWS or you run on other clouds? It's multi-cloud. So AWS Azure, GCP, et cetera. Okay, so then my, Lisa, my next question is it sort of, you can do this within each of the individual clouds today. Do you see a day and maybe it's here today where you can create a single experience across those clouds? Today it's a single experience across clouds. So our SaaS portion runs in AWS but the actual data analysis runs in each cloud provider. So AWS Azure, GCP and Snowflake too, actually. Ah, okay. So I come through your whatever portal if I can use that term. And that's running on AWS, your SaaS, as you say. And then you go out to these other environments like GCP, Azure, AWS itself and Snowflake and I see Laminar. Is that right? There's a piece running inside our customer's environment. So we have a customer, we get a role inside of their cloud account or read-only role inside of their cloud account and we spin up serverless functions in that cloud account. That's where all the analysis happens and that's why we don't take any data out of the environment. So it all stays there. And therefore we don't actually see the data outside of the environment. I can tell you there's a metadata comes out. I can tell you there are credit cards inside that data store but I can't tell you exactly which credit card it is because I don't know. So all the important actions happens are there and just the metadata comes out so we can give you a cross-cloud dashboard of all your sensitive data. And of course, so taking the example of Snowflake, they're going across clouds. They're building what we call super cloud, sort of a layer that floats on top. You're just sort of going wherever that data goes. Yeah, exactly. So there's a component that lives in the customer's environment in those multi-cloud environments and then a single view of the world dashboard that is our SaaS component that runs in AWS. So you guys are, am I correct? You're series A funded? Series A funded, yeah, exactly. And already scaling, you know, to go to market. Which is early to scale, right? I mean, you've got startup experience, right? Absolutely. How does it compare? Well, what was amazing here was access, I mean, really it was through the relationship with Insight. It was access to the CISOs that I had never had at any of the other startups I was with. You're trying to get meetings, you're meeting with a lot of practitioners, you know, et cetera, but getting all those conversations with buyers was super valuable for us to say, ah, I know I'm solving a real problem that has value that they will pay for, right? And so that was a year and a half probably still of all that work going on. We just waited to GA until we understood the market. Yeah, Insight, they're amazing. Talked about scaling. I mean, the last 10 years that PE firm has just gone wild in terms of just their philosophy, their approach, their cadence, their consistency, and now, of course, their portfolio. Yeah, and they started doing a little bit earlier and earlier stage. I mean, I always think of them as PE too, but they did our seed round, right? They did our A round, and they're doing earlier stage, but particularly what they saw in Laminar was exactly what we started this conversation with. They saw cloud transformation speeding up. They saw data democratization happening. They're like, we need to invest in this now because this is a now problem to solve. Yeah, it's interesting, because when you go back, even pre-2010, you talk to, you know, look at Insight, they would wait, they wouldn't invest in companies unless there was, you know, on the way to five plus million dollar ARR. They weren't doing seed deals. Totally. They saw, wow, these actually can be pretty lucrative and we can play and we have a point of view. And yeah, so cool, well congratulations. I'll give you the final word. What should we be watching for from Laminar as sort of, you know, milestones that you guys want to hit and indicators of success? Yeah, it's all about growth, partnerships, you know, integrations with other of the players out here, right? And so, you know, like scaling our AWS partnership is one of the key aspects for us. And so, you know, just look for the name out there and you'll start to see it a lot more and if you have the need, you know, come look us up at laminarsecurity.com. Awesome, well thanks very much for coming to theCUBE and good luck, we appreciate it. All right, wonderful, thanks. You're welcome, all right, keep it right there, everybody, this is Dave Vellante. We'll be back right after this short break from AWS re-invent 2022 in Boston. You're watching theCUBE.