At a glance
Securiti was founded in 2018 by Rehan Jalil (formerly SVP Cloud Security at Symantec after founding Elastica, acquired by Blue Coat for $280M). Headquartered in San Jose. Raised $156 million in venture funding across Series A (Mayfield), $50M Series B (General Catalyst, 2020), and $75M Series C (2022), with strategic investments from Capital One Ventures, Citi Ventures, and Aramco Ventures. In December 2025, Veeam Software completed its acquisition of Securiti for $1.725 billion — the largest data security exit to date. Approximately 600 Securiti employees joined Veeam. Rehan Jalil became President of Security and AI at Veeam.
The $1.725 billion acquisition price at approximately 23x revenue reflected Veeam's conviction in the unified "data resilience plus data governance" thesis. Post-acquisition, the platform continues under the Securiti brand as a Veeam company, with new integrations (Agent Commander, launched February 2026) combining Veeam's backup and recovery infrastructure with Securiti's AI governance capabilities.
What Securiti actually is
Securiti's core architecture is the Data Command Graph — a knowledge graph that maps relationships between data objects, entitlements, sensitive information, AI models, and regulatory requirements. Built on this graph, the Data Command Center unifies DSPM, PrivacyOps, AI governance, and compliance automation across hybrid multicloud environments with over 1,000 pre-built integrations. The compliance framework coverage is the broadest of any vendor VendorAudit covers: 100+ global privacy regulations including GDPR, CCPA, HIPAA, PIPL (China), LGPD (Brazil), and the EU AI Act.
Securiti is best understood as a privacy-first platform that added security posture management, rather than a security-first platform that added privacy. This shapes the architecture — classification tuning, scan scheduling, and data governance workflows reflect a compliance team's priorities more than a security operations team's. Buyers with security-first mandates should evaluate whether the operational model matches their team's workflow.
Capability assessment
Strengths: Broadest compliance framework coverage of any vendor in the category. EU AI Act compliance workflows are production-ready; no competitor has comparable depth across privacy regulations and AI governance simultaneously. The Data Command Graph architecture enables relationship-level visibility — not just "this file contains PII" but "this PII is accessible by these roles, subject to these regulations, and referenced by these AI models." The module-based UX is consistently praised as more intuitive than competitors. Accenture was named 2025 Partner of the Year, indicating strong enterprise channel reach.
Known limitations — scanning performance and architecture: Practitioner reviews document a consistent set of deployment challenges that buyers must understand before committing. Scanning of large unstructured data stores — large S3 buckets, file repositories, unstructured SaaS content — has been reported as slow and in some cases problematic for unrecognised file types. One verified practitioner review states directly: "Scanning unstructured data stores needs improvement. The system has issues when scanning unrecognized file types or large data stores (e.g., S3 buckets)."
Securiti's scanning architecture for on-premises data stores requires either routing data to Securiti's cloud infrastructure (which raises data sovereignty concerns for regulated industries) or deploying significant on-premises compute resources to run the scanning engine locally. Neither option is free: the cloud routing approach has data egress implications and may conflict with regulatory requirements for data not leaving the jurisdiction; the on-premises approach requires hardware provisioning that adds to the true cost of ownership. Buyers with on-premises or regulated-jurisdiction data should ask specifically about the scanning architecture for their environment and get explicit answers about whether data leaves their infrastructure.
Classification tuning: Out-of-the-box classification accuracy is good for common data types (PII, financial data, healthcare records) with standard formats. For custom business data types — organisation-specific codes, proprietary data structures, industry-specific regulated data that doesn't match standard patterns — significant tuning is required. Budget for 4–8 weeks of classification tuning post-deployment to achieve acceptable false positive rates for complex environments. This is not unique to Securiti, but it is a more material issue for a platform that is selling the comprehensiveness of its coverage: the broader the claimed coverage, the more tuning is required to make the coverage operationally useful.
Production rollout vs POC: Multiple practitioner reviews note a gap between POC performance and production rollout quality. One Gartner Peer Insights review: "Production rollout was marred by buggy updates [and] average product support." This pattern — strong POC, rougher production experience — is worth testing explicitly in your evaluation: ask for references from production deployments at organisations of similar scale and data complexity to yours, not just POC references.
The Veeam acquisition — risks and opportunities
The December 2025 acquisition by Veeam changes the Securiti risk profile in both directions.
Reduced existential risk: As a Veeam subsidiary, Securiti has near-zero company survival risk. Veeam has over 550,000 customers and strong recurring revenue from the data resilience market. The acquisition price validates the Data Command Center thesis and provides product investment capacity.
New acquisition-related risks: The question VendorAudit would put to any buyer of Securiti contracts in 2026 is: how much of Securiti's product development capacity is being redirected toward Veeam backup integration use cases? The Agent Commander launch in February 2026 demonstrates that Veeam is prioritising the combined backup+governance narrative. This is strategically coherent for Veeam, but it may accelerate the parts of the Securiti roadmap that are relevant to existing Veeam customers while de-prioritising standalone DSPM capability development. A backup-and-recovery vendor's roadmap priorities are different from a pure data governance platform's. Buyers should explicitly ask: what percentage of Securiti engineering capacity is allocated to features that require Veeam infrastructure vs. standalone Data Command Center features?
The first 18–24 months post-acquisition is historically the highest-risk window for product and support quality disruption. Contractual protections matter: negotiate product feature commitments, support SLA continuity guarantees, and pricing stability through the integration period.
Company health — revised post-acquisition
Health score revised upward from 68 to 82 reflecting the Veeam acquisition's removal of existential risk. The primary health concerns are now: integration execution risk, potential roadmap reorientation toward backup-integration use cases, and Veeam's own exit or IPO horizon (expected within 2–4 years) which will trigger another ownership transition for Securiti.
Strengths and weaknesses
Best for: Multi-jurisdiction regulated enterprises needing unified DSPM, privacy automation, and AI governance. Existing Veeam customers for whom the combined backup+governance thesis is genuinely compelling. CISOs and Chief Privacy Officers sharing a platform budget. EU AI Act compliance programmes where Securiti has more breadth than any competitor.
Worst for: Organisations with large unstructured data stores requiring high-throughput scanning — validate scan performance against your actual environment before signing. Buyers with data sovereignty requirements for on-premises or jurisdiction-locked data — get explicit answers about the scanning architecture. Security-first teams who find the compliance-team UX and workflow model a mismatch with their operations. Buyers who need contractual certainty through a stable ownership structure — two ownership transitions (VC to Veeam, then Veeam IPO/sale) in a 3-year contract window is a real risk.
Negotiation and buying considerations
The Veeam relationship opens up potential bundled pricing for existing Veeam customers. For new customers, get explicit contractual commitments about: (1) standalone Data Command Center roadmap vs. Veeam-integration roadmap feature investment split; (2) scanning architecture for your specific data store types — in writing, not in a sales demo; (3) SLA continuity as the integration proceeds; (4) price protection through the Veeam IPO/exit window. The $1.725 billion acquisition price implies Veeam expects meaningful revenue growth from Securiti, which means pricing pressure upward over time.