Cloud Security Startup Elastica Takes Channel Approach For Growth

Cloud security startup Elastica came out of stealth mode last year and new channel chief Jarrett Miller, who is building out the company’s fledgling channel program, said this week that it inked a reseller deal with Accuvant.

Industry analysts say Elastica will need to differentiate itself in a growing field of cloud security vendors that essentially all do the same thing, with platforms that attempt to uncover unauthorized cloud-based applications and services used by employees, called "Shadow IT." The technology can then be extended to monitor and secure data in approved applications and services.

San Jose, Calif.-based Elastica calls its forward proxy a "Security Ops Center." It competes with Netskope, Skyhigh Networks, Ciphercloud and others that attempt to address an organization’s struggle to maintain control and visibility over data in file sharing and storage services, CRM services and other applications. The aim is to reduce cloud security risks, Miller said.

[Related: Discovering The SaaS Footprint]

Sponsored post

In an interview with CRN, Miller, who was hired as channel chief in October, said Elastica's analytics engine and strong team of data scientists will set it apart from its competitors. Its engineering team is led by Zulfikar Ramzan, who was the chief scientist at Sourcefire, which was acquired by Cisco Systems in 2013.

Elastica came out of stealth last year with more than $6 million in a first round of venture capital funding. In June it said it obtained another $18 million in funding. Elastica addresses the auditing of unauthorized cloud use within an organization and once its forward proxy is set up and configured, it monitors cloud-based services for intrusions and threats, Miller said. The company extracts information from incoming and outgoing traffic and applies its analytics engine against it to identify suspicious activity, he said.

In addition to its deal with Accuvant, Elastica is building out a broader channel presence, maintaining a 100 percent channel strategy, according to Miller. Elastica’s channel program is still in the early stages with a single Gold tier and a referral program.

’We are looking for security-focused integrators that have personnel who can go in and talk to a CISO about cloud application security and make them feel comfortable to make an investment,’ Miller said.

Miller, who left another noted security startup, Bromium, to take the lead channel role at Elastica, said he was drawn to the company’s culture and channel-centric approach. Prior to Bromium, Miller spent more than six years at managed security services provider Solutionary, an NTT Group company.

IT professionals are increasingly requesting to review and approve the cloud applications and services adopted by the business units within their organization. A new survey of 212 IT professionals and security practitioners conducted by the Cloud Security Alliance found concerns over data security most frequently holding up cloud projects, followed by loss of control and regulatory compliance. Organizations surveyed by the Cloud Security Alliance also expressed concern over compromised accounts and insider threats.

Despite the continued angst over cloud adoption, more than half of the IT professionals reported that they are pressured to approve potentially risky cloud application or devices that did not meet the organization's security or compliance requirements.

Shadow IT is a significant issue for a lot of CIOs, said Eric Noonan, CEO of Reston, Va.-based security solution provider CyberSheath. Organizations should first assess their current environment and determine if adding technology is truly necessary, said Noonan, who advocates organizations consider addressing policy and processes as enforcement mechanisms.

’Vendors are increasingly taking a supply chain view of their entire infrastructure,’ Noonan said. ’Some of these solutions are gaining attention because it’s easier to buy a tool than try to influence an entire organization and risk cannibalizing the entire IT team in the process.’