02/06/2023
Our Investment in Command K
Building the world’s smartest command-center for enterprise security
Today we are excited and proud to announce our seed investment in CommandK, a devtools company building the infrastructure to protect sensitive data at standards adopted by best-in-class companies globally. Developers can think of CommandK as a single access and control plane for all of their sensitive-data related needs: including secrets, user’s PII data, product and infrastructure configs, and more. All of this with a one-click ready to deploy on-premise/cloud across the enterprise. With a nominal initial set-up by the DevOps team and zero additional development effort from the software engineering team, we allow companies to become Day-1 ready to manage their sensitive data instantly.
Our investment thesis in CommandK very rooted in the team. This is a very, very strong technical team. Rohan & Jayesh both worked in infrastructure and engineering roles at Disney+ Hotstar, Jupiter, Amazon, and Google. At Hotstar — a live and on-demand OTT service in India — Jayesh helped build the core platform that holds the current world record for the most concurrent live connections (~25 million) on any internet product. Rohan built some of the most sophisticated back-end infrastructure for Jupiter, one of India’s fastest-growing neo-banks. CommandK has been built on top of the years of experience the founders have had to solve this issue in their prior roles.
At Lightspeed, we have time and again seen deeply technical founders tackling a challenging problem through technical wizardry, and layering GTM engines on top as a winning formula. We saw this at Supabase, Hasura, Rubrik, Nutanix, Thoughtspot, Grafana, and dozens of other startups. So, a large part of our thesis stems from the founding team’s deep understanding of the problem, speed of learning and execution, and customer centricity from day one.
Second, companies today adopt various strategies to protect their sensitive data — data such as secrets, e.g., API tokens, SSH keys or passwords; PII data, including customer phone numbers or emails; and business-sensitive data such as company financials or intellectual property. The solutions adopted often involve multiple DIY tools. Moreover, these solutions are cobbled together by generalist developers instead of security specialists. At fast-growing mid to late-stage companies, the burden on developers to move fast is too high, and security often becomes an afterthought. In 2022 alone, companies spent almost $5M in a single instance of a data breach. In customer conversations we sensed a very sharp unsolved pain point with a willingness to pay.
Finally, a strong tailwinds supporting the problem statement: A number of trend-lines have magnified the problem of sensitive data management: (i) more stakeholders per project and the advent of OSS which leads to higher probability of outages due to security related mishaps (ii) more 3rd party app e.g. Twilio, Stripe which increases security footprint sprawl (iii) explosion of microservices, ~60% of enterprises use microservices each of which requires additional and continuous security monitoring (iv) shift left movement in security / devSecOps— developers have to manage not just code but, increasingly so, all the scaffolding around it.
Even though developers are increasingly being asked to enforce security protocols at companies, solving for security and associated sensitive data-management passes the ‘raise your hand if you want to work on this problem’ test within most organizations. That is to say, most developers do not raise their hands for solving this. This gap is what we want to fill at CommandK.
We launched our private beta in Dec-22 and amongst our customers are (1) A large, US-India public-listed company with 500+ engineers who used us to increase visibility into the secrets footprint and centrally implement access control and governance policies that helped them achieve compliance faster (2) A large fintech who want to restrict access to certain data via our single control plane to manage access & policies for all resources across all clouds and clusters and (3) A fast-growing US-based crypto company that had a massive secret sprawl that CommandK helped them identify and centrally quarantine.
Our waitlist has expanded rapidly in just a few weeks to dozens of enterprises across India, US and EU. Not only that, we have on-boarded an amazing set of partners, advisors and investors to the company as part of our recent seed round.
The developer ecosystem to manage code is way more mature than that for managing sensitive data and associated configurations. This gap can no longer be ignored or put on a back-burner. Large companies such as Docker, Atlassian, and Github were built on the backs of helping developers better manage code and micro-services. We believe CommandK will be the defining company in helping developers understand and manage their security posture, secrets, and config infrastructure with the same efficiency and safety as they manage their code today.
Feel free to sign up to CommandK’s private beta waitlist here.
— Hemant Mohapatra & Manjot Pahwa
About Lightspeed: Lightspeed is a multi-stage venture capital firm focused on accelerating disruptive innovations and trends in the Enterprise, Consumer, and Health sectors. Since 2000, Lightspeed has backed entrepreneurs and helped build companies of tomorrow, including Snap, Hasura, OYO, Affirm, AppDynamics, Nutanix, Supabase, Byju’s, Supabase, and Udaan. Lightspeed and its affiliates currently manage more than $18 Billion across the global Lightspeed platform, with investment professionals and advisors in India, Silicon Valley, Israel, China, Southeast Asia and Europe.
Authors