In 2014, a malicious hacker destroyed a source code hosting provider after gaining control of—and wiping out—the company’s cloud computing infrastructure. The company, called Code Spaces, shuttered after finding that its data, backups, and machine configuration files had been nuked.
Similar mishaps spring from the same root. Last year a computer technician who had been fired from his job at an online college demanded $200,000 to help the school unlock its Google Cloud account, which contained student e-mails and coursework. A few months later an Amazon employee caused a major outage after accidentally botching a routine software command, knocking many more computer servers offline than intended.
The common theme among these horror stories: someone with administrator credentials for a cloud service who causes businesses serious problems, intentionally or not. In all cases, the culprits performed some action that shouldn’t have been allowed in the first place.
This is the situation that CloudKnox, a new cybersecurity startup, says it aims to rectify. The company has built a software product that lets businesses fine-tune the powers information technology professionals wield across cloud environments.
Balaji Parimi, CEO and cofounder of CloudKnox, calls the approach “activity-based access control.” He set out to create a system that enables businesses to tweak and refine their cloud administrator permissions; for example, preventing people from deleting data and terminating critical processes at will, or otherwise limiting the scope and duration of these superusers’ authority.
Parimi tells Fortune that he got the idea for the business in 2016, after chatting with a longtime friend, Sri Shivananda, then PayPal’s vice president of infrastructure, now PayPal’s chief technology officer. Parimi, then VP of engineering at CloudPhysics, a data center analytics provider, commiserated with Shivananda over a shared headache: how to manage security controls across public and private clouds.
By Parimi’s count, there are 7,800 distinct privileges—or unique actions—afforded to administrators across Amazon Web Services, Microsoft Azure, Google Cloud, and VMware vSphere. He describes the profusion of capabilities as “almost unthinkable for one person or team to understand.”
Reconciling all these disparate administrator permissions “blows up everyone’s mind, even the smartest guys I know,” Parimi says.
Crucially, Parimi says he designed CloudKnox to work across hybrid cloud environments, meaning businesses that split their operations between on-premise and third party data center systems. Rival cybersecurity firms include HyTrust and Dome9.
Now CloudKnox has raised $10.75 million in venture capital funding to help it tackle the issue. Investors in the round include venture capital firms ClearSky Security and Foundation Capital as well as Dell Technologies Capital, the startup investing arm of Dell.
Prakash Kota, chief information officer of Autodesk, a maker of design software and early CloudKnox customer, says CloudKnox’s product simplified an IT issue that would otherwise be “too complex and tedious” to manage.
Creighton Hicks, a partner at Dell Technologies Capital, says he has known Parimi for many years, including when Parimi worked as an engineer at VMware. “His experience and background give him tremendous insight into the problem CloudKnox is addressing,” he says.
Jay Leek, managing director at ClearSky and former chief information security officer of Blackstone, the private equity giant, says he lead the latest investment round in CloudKnox because the startup seeks to prevent cloud catastrophes, rather than just remediate them. “They’re shrinking the attack surface down to the least common denominator possible,” he says.
CloudKnox, which has about 20 employees, said it would put the cash infusion toward building out its engineering, sales, and marketing teams.
