How is BigID doing as of March 2022?

The way BigID works is that teams connect all of their data sources—from data warehouses like Snowflake and SaaS tools like Salesforce to raw CSV files, Github repos, S3 buckets, and more. BigID then scans across all of that data for PII and classifies and indexes it so teams can take action on it.

Targeting GDPR specifically was a key part of the GTM early on. BigID was able to ride the urgency that companies everywhere felt to quickly get into compliance with GDPR—particularly given that fines for non-compliance can hit 4% of annual revenue.

Their original wedge here was their PII Monitor tool—like Lifelock for PII—which allowed companies to connect all their data to customer and employee identities. 

But once inside organizations helping connect data to identities, BigID could start to layer on additional services that built on top of that visibility in two big ways:

Today, BigID is a subscription-based SaaS product with these various different vertical solutions layered on top.

The company’s target customer profile is firmly enterprise: today, they have roughly a few hundred customers in this segment, many of which signed up through reseller partnerships with AWS, Microsoft, SAP, and Snowflake. They are working to expand into the mid-market as well.

Companies pay based on their number of team members using the software, the amount of data in their systems being scanned, and need for advanced features like white-labeled reports and unlimited requests.

BigID’s customer base is relatively dispersed across industries like financial services, insurance, retail, healthcare, communications, and others.

BigID competes directly on the core data identification use case with companies like Ketch (CRV, Silicon Valley Bank), Dataguise (acquired by PKWARE) and 1Touch.io (National Grid Partners). 

They’ve also become competitive with companies like Transcend (Accel, Index Ventures) and Osano as a result of expanding into consent management and companies like OneTrust and Securiti.ai in the broader privacy operations space.

However, there’s still room for overlap and many winners here: enterprises may use a combination of tools like OneTrust and BigID, using BigID for data discovery and classification and complete their data inventory management in OneTrust.

Emerging tools like Ethyca (Lee Fixel, Lachy Groom) provide an API-based approach to compliance designed to help developers build compliant software by default going forward.

There are a few core tailwinds behind BigID’s growth:

The launch of GDPR and the California Consumer Privacy Act between 2016 and 2017 was a watershed moment for data security and privacy startup funding. VC firms invested just $1.7B in privacy tech in 2010—in 2019, that number rose to $10B. 

And the growth of this market hasn’t slowed as more and more companies have gotten into compliance. In 2021, privacy and security startups raised $15B as it became clear that regulators, especially in the United States and Europe, were not done. 

The continued appetite for legislation around security and privacy means that security and privacy startups will continue to have plenty of market to address—not even taking into account the force multipliers of cloud migration and expanded data collection.