Here’s some notes on our briefing with Priyadarshi (PD) Prasad (co-founder and CPO), Himanshu Shukla (co-founder and CEO), and Jimmy Phipps (Regional VP of Sales, East) of LightBeam. The briefing was organized by the LightBeam team. 

Key takeaways from the briefing:

• LightBeam was founded in 2020. Its co-founders worked at Nutanix before starting LightBeam together. The company recently had an oversubscribed Series A funding round which netted $17.8 million for expanding go-to-market initiatives and continued investment in building out the product.
• LightBeam is focused on shining light / discovering / making visible the sensitive data held within organizations. In our research programs, lack of awareness of what data exists is a common theme (e.g., see Figure 16 in our report Privacy Compliance in North America: Status and Progress in 2023), so this is a massive area of concern in a world increasingly denoted by data privacy and data protection regulations.
• LightBeam sees data security, privacy, and governance as a coherent / unified play, not a disconnected one. Its platform addresses all three areas in a unified way, which means that organizations have the opportunity to reduce the number of disparate systems for each of these areas. For example, when sensitive data is found (discovered), the platform also includes compensating controls to address data security risks, such as redaction and anonymization. For authorized individuals, redaction can be temporarily reversed on demand.
• The LightBeam product is offered as an on-premises or private cloud solution, not a public cloud service. This is important within highly regulated industries, such as financial services and healthcare, that want control over where their data is stored, indexed, analyzed, processed, etc. Many of LightBeam’s current clients are in these and related industries, and the company has seen nearly 300% growth over the past year in customers led by these industries.
• LightBeam includes capabilities for customers / consumers to initiate a data subject access request (DSAR) from a portal. LightBeam pulls together the requested data, based on its previous data discovery for any given person, using entity matching and correlation to differentiate between individuals. The DSAR is completed using automation, not manual effort, and is therefore both less costly to perform and much more responsive to consumer requests.
• Another automation enabled by LightBeam is reporting on who has access to sensitive data in any given system. This helps with ensuring access rights are correctly defined and implemented, and trimming access rights wherever possible to reduce inadvertent data leaks.
• LightBeam’s first use case is for the detection of sensitive data. Building on this base are additional use cases, such as the detection of intellectual property – and the establishment of appropriate controls to stop malicious and unauthorized access. The business value, therefore, is measured as the value of the reduction of data breaches due to proactive corrective action flowing from deep visibility.

For more, see LightBeam.

Here’s some notes on our briefing with Paul Mander (GM, Optery for Business) of Optery. The briefing was organized by the Optery team. 

Key takeaways from the briefing and some additional research:

• Optery has been in business for four years. There’s a consumer play and a business play. Paul is the GM of the business side.
• The key idea behind Optery is the removal of unwanted, unwarranted, or excessive personal data held across the internet, most of it due to surreptitious data sharing agreements between a site where an individual has an account or presence and a host of data aggregators and brokers. This sharing of data results in the creation of personal and sensitive data sets on individuals – name, address, contact details, etc. – being more widely available than what the individual has directly authorized. Optery says they find an average of more than 100 profiles per person.
• On the consumer side, individuals can sign up to Optery’s service for free. Optery periodically scans for personal data held by data broker companies (at over 330 sites at the time of the briefing) – and can scan on demand for a consumer, too. If data that the individual wants to control is located on any sites they haven’t authorized, Optery will send removal requests on behalf of the individual. While there is no fee for periodic scanning, there is a fee for instantiating the data removal process. Pricing for removal is graduated by the number of sites and the approach taken by Optery. See Optery’s site for consumer pricing and details, including the list of data broker sites covered by removal requests (depending on pricing tier).
• On the business side, Optery thinks about employee PII as an “attack surface” – that the ability for someone to gain knowledge about employees based on data they / their business hasn’t authorized for release and aggregation, creates opportunities for assessing weaknesses for cyberattacks (e.g., phishing, BEC, voice phishing) and physical attacks (it’s an increasingly dangerous world). Within the growing realm of data privacy regulations and compliance mandates that cover an increasing set of companies, being proactive about data removal from unauthorized sites reduces this attack surface. 
• We really liked the idea of proactively reducing the amount of unauthorized data available on individual and employees – data that can be used to build profiles for cyberattacks (such as phishing) or physical threats (if they know where you live, they can harass / stalk / harm you … or your family for use as leverage against you).

For more, see Optery.