While many businesses tend to rely on the hybrid cloud, companies can’t ignore the growth of cloud apps and the need to keep all that cloud data secure.That is why venture capitalists are more interested than ever in investing in cloud security startups. Fortune Business Insights expects the cloud security market to grow from $43.74 billion in 2024 to $156.25 billion by 2032.
VC investment in cloud security companies will follow — and numbers recently released by Altitude Cyber support this notion. The consulting group reported that cloud security startup funding went from $907 million in 2023 to $1.397 billion in 2024 — a 35% increase year-over-year.
Dino Boukouris, founder and Managing Partner at Altitude Cyber, offers one caveat.Cloud security funding in 2024 reached nearly $1.4 billion, but that was heavily skewed by Wiz’s $1 billion Series E round in May, valuing the company at $12 billion, the largest cybersecurity funding raise across all sectors in 2024. Boukouris added that Wiz was also the highlight of cloud security financing activity the year before in 2023 when they raised $300 million at a $10.3 billion valuation. “Investors continue to search for innovative cloud security solutions, but are also doubling-down on the larger, growing platforms that provide a one-stop-shop for cloud security,” said Boukouris. "While more mature cloud security companies like Wiz have received significant funding, we continue to see new and exciting companies like Upwind and Sweet emerging in the space with full support from the investor community." Danny Brickman, co-founder and CEO of Oasis Security, said investors are doubling-down on cloud security funding because the stakes keep getting higher. Brickman pointed out that as organizations rapidly shift more infrastructure and data to the cloud, the attack surface has expanded just as threats have become more sophisticated.“In 2023, reported data breaches surged by 80%, topping 3,200 incidents, while global cybersecurity spending soared past $170 billion,” said Brickman."As AI-driven threats evolve, the demand for innovative, scalable security solutions is only growing — making cloud security one of the hottest areas for investment right now."While cloud startups may not make the everyday reading feed for many, they are all doing the hard behind the scenes work to secure funding and develop a targeted approach to cloud security.For this list, we stuck with startups that were founded as recent as 2021, had significant funding rounds in the past year or two, and had a very targeted cloud security technology strategy. The cloud security challenges the companies on our list are attacking include securing the browser, delivering automated remediation, more effective management of non-human identities (NHIs), and a focus on a AI/human approach to cloud security.“Cloud infrastructure represents an unbound cybersecurity threat landscape and commands attention, particularly from an attacker's view,” said Bob Ackerman, founder and managing director at AllegisCyber Capital."The dynamic ebb-and-flow of cloud perimeters renders traditional attack surface management endpoint security less relevant and demands cybersecurity frameworks that can ‘flex’ with the cloud, while providing security. The cloud forces us to re-think security and will usher in a new generation of innovation.”Company: LayerXFounded: 2021, emerged from stealth, October 2022Founders: Or Eshed, chief executive officer; David Vaisbrud, chief technology officerFunding: $26 million Series A round in May 2024, bringing total funding to date to $34 millionProduct: LayerX Platform ArchitechtureFocus: LayerX believes the browser has become the core workspace of the modern enterprise. Thus, SaaS apps such as Google Workspace, Office 365, Salesforce, Monday.com, Adobe Creative Cloud, Oracle Cloud, Dropbox, and many others, are now the main work interfaces for most users. The company aims to build a comprehensive protection tool for the browser that seeks to leverage all the production potential of the web, while maintaining the highest level of security.Or Eshed in his own words: "With businesses shifting to cloud-based services and remote or hybrid work becoming ubiquitous, the web browser has become the central hub of enterprise productivity. As such, it also requires dedicated security controls. Enterprise browsers and extensions are the security solutions that protect against web-borne threats and risks that exploit the browser."Company: Opus SecurityFounded: 2022Founders: Meny Har, chief executive officer; Or Gabay, chief technology officerFunding: Emerged from stealth in October of 2022 with $10 million in seed fundingProduct: Unified Cloud-Native Remediation PlatformFocus: Security teams today are inundated with alerts from numerous tools across sprawling, hybrid IT environments. The sheer volume of findings creates challenges in prioritizing what truly matters. Often, teams spend time on duplicative or low-risk issues, while critical vulnerabilities remain unaddressed. Developers, meanwhile, face friction in the remediation process, receiving generic or unclear tickets that disrupt their workflows and fail to offer actionable guidance. By consolidating fragmented findings, de-duplicating alerts, and leveraging AI-driven prioritization, Opus aims to make sure that teams focus only on the highest risk vulnerabilities. This promises to reduce security costs and eliminate unnecessary remediation efforts, letting teams work more efficiently and collaboratively.Meny Har in his own words: “The rapid expansion of cloud environments has created a paradox for security teams – unparalleled scalability comes with equally unprecedented complexity in managing vulnerabilities. This complexity leaves organizations struggling to keep pace with evolving threats while balancing business agility."Company: ZEST SecurityFounded: 2023Founders: Snir Ben Shimol, chief executive officer; Uri Aronovici, chief technology officerFunding: In July 2024, ZEST exited stealth with $5 million in seed fundingProduct: Agentic-AI Cloud Risk Resolution Platform Focus: Today’s security products are good at identifying cloud risks, vulnerabilities and misconfigurations, but the industry has a remediation problem. More than 62% of incidents are directly related to risks organizations already know about — risks with open tickets for remediation that teams couldn’t fix in time. Today, remediation processes today are extremely manual, time consuming and in some cases, impossible. However, recent advancements in AI and the rapid adoption of DevOps systems have paved the way for a fresh approach to resolving cloud risks. ZEST aims to redefine cloud risk remediation by automating these processes for security and DevOps teams.Snir Ben Shimol in his own words: "In recent years, the focus has been on cloud risk identification, but what we now have is a ‘failure to remediate’ problem. We founded ZEST to solve a big challenge within a new market. By providing security teams with resolution paths — whether that’s mitigation using existing tools, or preventative remediation using Infrastructure as Code (IaC), organizations can finally level the playing field with threat actors. Just three years ago, building a product like this wouldn’t have been possible. We have a unique opportunity to tackle this now by taking advantage of developments in GenAI and the rapid adoption of DevOps systems."Company: Skyhawk SecurityFounded: 2022Founder: Chen Burshan, chief executive officer Funding: Spun out of Radware with a $35 million investment from Tiger Global ManagementProduct: Skyhawk’s Synthesis Security Platform Focus: Cloud data breaches are doubling year-over-year and they're happening at a greater speed than ever before. Skyhawk aims to stop those incidents before they become a breach by offering context to help analyze the 5,000 alerts-per-day many SOCs handle. The company’s underlying technology is an AI-based Autonomous Purple Team, a 3-layer threat detection engine that’s continuously challenged by an AI-based Red Team. The AI-powered Blue Team and Red Team (they call them AI twins) simulate a customer’s specific attack surface and identify the paths of least resistance to their most valuable business assets against Skyhawk's CDR engine, resulting in verified detections and responses. This approach promises to reduce the MTTR and MTTD to seconds and bridges the gap between SOC and cloud teams.Chen Burshan, in his own words:"Skyhawk’s unique [technology promises to] improve and adapt the threat detection engine to be accurate to the customer’s specific architecture, thus making sure our customers can respond automatically to incidents and bridge gaps between SOC and cloud teams with context."Company: Oasis SecurityFounded: 2022Founders: Danny Brickman: Co-founder and CEO; Amit Zimerman: co-founder and CPO Funding: $5 million seed and a $35 million Series A, also a $35 million Series A ExtensionProduct: Oasis NHI Security CloudFocus: The security of machine-to-machine access via NHIs, such as service accounts, API keys, and secrets, is now a significant and unresolved weakness that has become a primary target for cyber attackers. The shift to hybrid multi-cloud, microservices architectures, and agile development has driven an exponential growth of NHIs, now outnumbering human identities by a factor of 20 times, creating a massive attack surface. With more business processes being automated via AI-powered workflows, it’s now crucial for organizations to deploy a comprehensive non-human identity strategy. The Oasis NHI Security Cloud aims to close this gap with a cloud service that leverages advanced AI-based analytics to automatically discover NHIs, assess their risk, detect potential attacks, identify their human owners and govern them throughout the environment. Danny Brickman in his own words: "We designed Oasis to be infrastructure agnostic, seamlessly integrating with tools and processes of choice, and built inside the platform a new class of purpose-built AI analytic engine to automate the discovery, risk assessment, and governance of NHIs." – Danny Brickman, co-founder and CEO, Oasis SecurityCompany: AponoFounded: 2022Founders: Rom Carmel, chief executive officer; Ofir Stein, chief technology officrFunding: $5 million in seed funding; $15.5 million Series A funding in October 2024Product: Cloud Privileged Access PlatformFocus: Apono offers continuous discovery and real-time visibility for both resources and existing access across the cloud, including hybrid and multi-cloud environments. This continuous monitoring feature lets organizations keep track of their cloud resources and refine access policies accordingly. With a complete view of the cloud, Apono promises to let security teams manage access to both existing and newly created resources. Instead of relying on unfeasible manual access management, Apono delivers automated discovery and provisioning to handle the scale and speed the cloud requires.Rom Carmel in his own words: “The cloud has revolutionized how businesses operate, but it has also introduced new security challenges. Apono is at the forefront of addressing these challenges with our innovative cloud access management platform. By automating access provisioning and continuously monitoring cloud resources, we help organizations reduce their attack surface and respond swiftly to potential threats. Our goal is to make secure cloud operations a reality for all our customers." – Rom Carmel, CEO, AponoCompany: TamnoonFounded: 2022Founders: Marina Segal, co-founder and CEO; Idan Perez, co-founder and CTOFunding: $5 million seed funding September 2023; $12 million Series A funding, September 2024Product: Managed Cloud Security RemediationFocus: Tamnoon is a hybrid AI-human managed service developed from the ground up specifically for cloud security remediation. It integrates with existing cloud security tooling, like a cloud security posture management (CSPM) tool, or data security posture management (DSPM) tools. It also fuses artificial intelligence (AI) with human intelligence to provide expert-guided remediation processes at scale for the cloud that does not break business operations. Using technology and cloud expertise, every alert gets investigated and contains a detailed impact analysis before creating customized remediation playbooks that fit the customer’s deployment model.Marina Segal in her own words “Cloud remediation requires a balance between human expertise and advanced automation. Blind reliance on automation without human oversight in critical environments is like flying a plane without a pilot—we’d all stop flying. At Tamnoon, we’ve bridged this gap, combining purpose-built AI with the experience of our cloud security experts to create a safer, faster path to reducing critical cloud threats.” – Marina Segal, co-founder and CEO
An In-Depth Guide to Cloud Security
Get essential knowledge and practical strategies to fortify your cloud security.
Implementation of a backdoor that would enable government access to Apple users' cloud storage data could set a precedent for authoritarian nation-states and threat actors, with Electronic Frontier Foundation's Thorin Klosowski noting the threat of a global emergency stemming from the secret order.
To address these threats artificial intelligence-powered tools have been developed to enhance threat detection and response, while zero-trust architecture has become a widely accepted framework for cloud security thanks to its strict identity verification requirements.
The growth is being driven by cloud-first security approaches, hybrid work models, and artificial intelligence-powered solutions, according to the report, which pointed to cloud security as the greatest driver.
