- Valuation Model
- Expert Interviews
- Founders, funding
How is BigID doing as of March 2022?
Jan-Erik Asplund
Co-Founder at Sacra
BigID is a data governance platform doing about $75M ARR. BigID helps companies comply with regulations like GDPR and CCPA that require them to let users request, modify, and delete from their systems any potentially personally identifiable information (PII).
What makes that a challenge in the first place is that PII consists not just of voluntarily submitted data like names and emails, but also inferred indicators like geolocation history, browsing behavior, and shopping history.
Companies today store a lot of data on users. That data is collected and stored in different tools all around the enterprise, making it difficult to manage.
The company was last valued at $1.25B after their $100M Series D (split into a $70M round and a $30M extension) with a share price around $5.35 per share. Investors include Boldstart Ventures, Bessemer Venture Partners, Tiger Global, Comcast Ventures, Salesforce Ventures, and SAP.io.
Product
The way BigID works is that teams connect all of their data sources—from data warehouses like Snowflake and SaaS tools like Salesforce to raw CSV files, Github repos, S3 buckets, and more. BigID then scans across all of that data for PII and classifies and indexes it so teams can take action on it.
Targeting GDPR specifically was a key part of the GTM early on. BigID was able to ride the urgency that companies everywhere felt to quickly get into compliance with GDPR—particularly given that fines for non-compliance can hit 4% of annual revenue.
Their original wedge here was their PII Monitor tool—like Lifelock for PII—which allowed companies to connect all their data to customer and employee identities.
But once inside organizations helping connect data to identities, BigID could start to layer on additional services that built on top of that visibility in two big ways:
- Adding more forms of compliance for existing customers
- Expanding to new industries through new forms of compliance
Today, BigID is a subscription-based SaaS product with these various different vertical solutions layered on top.
The company’s target customer profile is firmly enterprise: today, they have roughly a few hundred customers in this segment, many of which signed up through reseller partnerships with AWS, Microsoft, SAP, and Snowflake. They are working to expand into the mid-market as well.
Companies pay based on their number of team members using the software, the amount of data in their systems being scanned, and need for advanced features like white-labeled reports and unlimited requests.
BigID’s customer base is relatively dispersed across industries like financial services, insurance, retail, healthcare, communications, and others.
Competition
BigID competes directly on the core data identification use case with companies like Ketch (CRV, Silicon Valley Bank), Dataguise (acquired by PKWARE) and 1Touch.io (National Grid Partners).
They’ve also become competitive with companies like Transcend (Accel, Index Ventures) and Osano as a result of expanding into consent management and companies like OneTrust and Securiti.ai in the broader privacy operations space.
However, there’s still room for overlap and many winners here: enterprises may use a combination of tools like OneTrust and BigID, using BigID for data discovery and classification and complete their data inventory management in OneTrust.
Emerging tools like Ethyca (Lee Fixel, Lachy Groom) provide an API-based approach to compliance designed to help developers build compliant software by default going forward.
Future/TAM expansion
There are a few core tailwinds behind BigID’s growth:
- Growing compliance burden: US states proposed 27 bills for online privacy in 2021, up from 2 in 2018. And on March 24th, the EU agreed on the most sweeping change to internet privacy laws in Europe since GDPR. Everything from app stores to online advertising to ecommerce is likely to be affected as jurisdictions pass additional legislation designed to curtail the power of big tech platforms.
- Data shifting to the cloud: Per O’Reilly, 49% of companies are still running hybrid cloud and on-premises. As more and more companies continue to migrate to the cloud, they lose some of that on-premises control of their data, and maintaining data security becomes even more urgent and challenging.
- Companies storing more data: SaaS analytics tools are getting more sophisticated and consumer endpoint devices are proliferating, driving the creation of more and more data. In 2020, Seagate estimated that the amount of data collected by enterprises was growing about 42% YoY—and would surpass 2 petabytes per year by 2022.
The launch of GDPR and the California Consumer Privacy Act between 2016 and 2017 was a watershed moment for data security and privacy startup funding. VC firms invested just $1.7B in privacy tech in 2010—in 2019, that number rose to $10B.
And the growth of this market hasn’t slowed as more and more companies have gotten into compliance. In 2021, privacy and security startups raised $15B as it became clear that regulators, especially in the United States and Europe, were not done.
The continued appetite for legislation around security and privacy means that security and privacy startups will continue to have plenty of market to address—not even taking into account the force multipliers of cloud migration and expanded data collection.
Further reading
- Interviews: https://medium.com/privacy-talk/privacy-talk-with-dimitri-sirota-ceo-and-co-founder-at-bigid-8be11109a539
- Customer count: https://venturebeat.com/2020/12/17/bigids-quick-1-billion-plus-valuation-shows-rise-of-data-intelligence-and-privacy/
- O’Reilly cloud stats: https://findstack.com/cloud-adoption-statistics/
- Data growth: https://www.seagate.com/news/news-archive/seagates-rethink-data-report-reveals-that-68-percent-of-data-available-to-businesses-goes-unleveraged-pr-master/
- Privacy tech funding: https://medium.com/the-rise-of-privacy-tech/2021-privacy-tech-review-baaf6413443e
- Privacy market: https://techcrunch.com/2021/04/20/whos-funding-privacy-tech/
- Fundraising #1: https://techcrunch.com/2016/05/24/bigid-takes-2-1m-to-help-enterprises-grok-customer-data-privacy-risks/
- Fundraising #2: https://techcrunch.com/2020/12/16/bigid-keeps-rolling-with-70m-series-d-on-1b-valuation/
- Thesis #1: https://medium.com/salesforce-ventures/is-your-data-an-asset-or-a-liability-introducing-our-newest-investment-bigid-549a1bb39145
- Thesis #2: https://medium.com/bigid-on-id-privacy/the-big-idea-gets-even-bigger-announcing-bigids-50m-series-c-and-the-next-generation-bigid-ef83b1e198c1
- Thesis #3: https://www.bvp.com/news/bessemer-series-c-investment-bigid