Box Brings In Former Symantec, Yahoo Execs To Ramp Up Security, Trust5:58 PM EST Thu. Apr. 25, 2013
Cloud storage firm Box has hired two executives with significant information security experience in a bid to bolster trust with its customers and kindle growth in enterprise clients.
Los Altos, Calif.-based Box last week hired Justin Somaini, formerly chief information security officer at Yahoo, as its chief trust officer, and Niall Wall, formerly vice president and general manager at Symantec, was named as Box's senior vice president of business development. Box said both executives will help shape its new security activities with Wall focusing on building a partnerships strategy.
Somaini, a security industry veteran, told CRN his plan is to engage customers and promote the ongoing security initiatives at Box. For the first 90 days stepping into an organization, Somaini said he typically conducts a reality check to better understand what the organization's security model looks like.
"For Box, a major component of all this is the customers," he said. "It's going to be getting out and having conversations with the customers and then figuring out how to incorporate their concerns into our overall strategy."
Box, which specializes in cloud-based file sharing and storage, announced some new security initiatives in February at the 2013 RSA Security Conference. The updates included support for data loss prevention vendors CipherCloud and Code Green Networks and Samsung's KNOX mobile device management suite. The firm competes with Accellion, Egnyte and OwnCloud, among others, but is trying to appeal to enterprises by strengthening support for its customers' data security initiatives.
Somaini, also a former Symantec executive, is credited with reworking the security firm's security program and starting Yahoo's security program virtually from scratch. The challenges at Yahoo were wrapped around the scale of big data at a level not very many companies can speak to very well, he said. Symantec had a lot of complexity around the product lines forcing him to work with product developers and managers to drive products to solve deeply complex and valuable security problems.
NEXT: Availability To Remain High Priority At Box
Perhaps one of the biggest problems with cloud-based services are outages, which have ranked high on the list of enterprise cloud concerns, according to recent studies. Last year Box suffered a three-hour outage, and Somaini told CRN that he would work to insure availability was of heightened importance at the company.
"When look at three core tenets -- confidentiality, integrity and availability -- it depends on the company where the availability strategy rides," Somaini said. "There's no question about it that Box is already concerned about availability; it's one of the top priorities if not the top priority within the company."
And other industry executives agree, telling CRN that service outages would eventually be a serious problem for certain cloud providers. Service providers may see opportunity in adding private cloud services in the enterprise.
Somaini said he was attracted to Box because it is at the center of the online content collaboration movement and is doing so while taking security and trust much more seriously than other firms.
"I'm not coming in and creating something new; I'm coming in and fleshing out their strategy and driving it into our customers so that is focused an attentive," Somaini said.
Somaini is a strong believer in end-user education programs and creating a security-aware culture within the enterprise. He is known for conducting town-hall-style meetings regularly with employees, answering questions and concerns about both company data security and their personal needs. Social engineering and protecting account credentials were typical areas of discussion, he said.
"I want the employees to look at the world through the window I'm looking at, and until they do that, we're not going to see and understand the role that I have and the business' need to protect its data," Somaini said.
While there have been no serious data breaches attributed to cloud providers, Somaini said it is always a significant threat because cloud providers are storing massive amounts of data. Attackers have already used fake accounts at cloud providers to set up command-and-control communications or infect Web servers as part of a financially motivated cyberattack campaign.
"Cloud is very much in the wheelhouse of where the attackers are going," Somaini said.
PUBLISHED APRIL 25, 2013