8 Cloud Security Execs Reveal The Startups They're Most Excited About

The Leaders Of Tomorrow

Eight security CEOs, sales executives and technical leaders spoke with CRN about which startup or startups they believe are driving the most dynamic change that's relevant to cloud security.

Some security leaders flagged identity management or data encryption firms as the most innovative companies in the cloud security space given the need to protect data once it leaves a company's perimeter, run transactions on encrypted data, and provision and de-provision accounts for SaaS applications.

Other executives favored startups focused on cutting-edge technologies like delivering vulnerability and runtime analysis around containers and identifying new classes of threats and attacks in serverless architectures.

As part of CRN's Cloud Security Week 2018, here's a look at the startups that cloud security leaders are expecting to make waves in the months and years ahead.

Adam Bosnian, Executive Vice President of Global Business Development, CyberArk

Startups like Ramat Gan, Israel-based Aqua Security and Portland, Ore.-based Twistlock are attempting to provide a full stack of security around the container, delivering everything from vulnerability analysis to runtime analysis to ensuring they can measure the health of the container, Bosnian said. Both firms have demonstrated really good fundamental thinking and work within the container space, he said.

Everybody has been trying to jump into the container security space over the past year due to the success of Docker and Kubernetes, Bosnian said. But Twistlock and Aqua Security both have first-mover advantage, are from that environment, and are trying to provide container-specific knowledge and security, according to Bosnian.

Unlike other vendors attempting to move into container security, Bosnian said these two companies aren't attempting to container-scape or cloud-scape their on-premises solution and apply it to containers.

Rohit Gupta, Group Vice President, Cloud Security, Oracle

Santa Clara, Calif.-based Baffle and New York-based BigID both show promise around securing sensitive data whether that data is in a SaaS application, cloud application, or an application that runs in cloud IaaS, Gupta said.

BigID was named the most innovative startup during the 2018 RSA Conference, and can discover where data is, how it's being accessed, and what kind of consent privileges are in place, Gupta said. As privacy by design increasingly becomes a global standard, Gupta said services like what BigID offers hold a lot of promise.

Baffle, meanwhile, has demonstrated that its technology can allow enterprises to operate on encrypted data, Gupta said. Normally, when data is encrypted, Gupta said companies can't run transaction operations on it such as search, sort, queries or analytics.

To transact on encrypted data, Gupta said businesses would traditionally have to obtain a key, decrypt the data, run operations, and encrypt it back again. BigID, though, has been able to solve this problem for a limited set of use cases, according to Gupta.

Ryan Kalember, SVP of Cybersecurity Strategy, Proofpoint

Mountain View, Calif.-based Dome9 Security has done a really nice job of helping even relatively unsophisticated organizations get a grip on their public cloud security, Kalember said. Specifically, Kalember said Dome9 can help with leveraging Microsoft, Amazon and Google APIs to replicate firewall functionality and everything else people are used to having in a traditional on-premises data center.

Dome9 does a nice job of making sure users can only log into platforms like Amazon Web Service in a really strictly controlled way, according to Kalember. This is very useful in the context of securing clouds, Kalember said, since cloud compromise is most likely to happen through the improper use of credentials.

Although there's a whole marketplace of cloud workload protection platforms with some other great companies as well, Kalember said he's been attracted to Dome9 since they cover the widest range of threats.

Brian Roddy, Vice President of Cloud Security, Cisco Systems

Ann Arbor, Mich.-based Duo Security has done some pretty nice stuff on the identity management side of the equation, Roddy said, particularly as it relates to coming up with a simple identity perimeter. Specifically, Roddy praised Duo for coming up with a simplified way of doing two-factor and multi-actor authentication.

"I find it neat that they were able to make the speed and experience so powerful on mobile devices," Roddy said. "You don't have to do much work to implement it or to use it on a day-to-day basis."

Duo has made two-factor authentication so fast and simple that Roddy said he uses the product in his own personal life. Roddy also praised the work of San Francisco-based Okta in the identity management space.

Vittorio Viarengo, Vice President of Marketing, Cloud Business Unit, McAfee

Vendors in the data encryption and digital rights management (DRM) space like Atlanta-based Ionic Security and Palo Alto, Calif.-based Vera have shown promise in situations where an organization can't hug its data with cloud access security broker (CASB) technology and lock it down, Viarengo said.

Sometimes, Viarengo said, organizations have to let go of their data and let it be shared on personal devices or other areas outside their control. DRM, though, can be used to protect data once it leaves the perimeter of a company's application or managed cloud by requiring a key for access, according to Viarengo.

This has become more important as companies increasingly let their own employees carry out business on their own personal devices, Viarengo said. So if a user downloads confidential data to a personal device, businesses can either block it entirely or apply DRM to ensure that only the actual recipient is able to access the data in an encrypted manner.

Sanjay Beri, CEO, Netskope

Single sign-on and identity and access management vendors such as San Francisco-based Okta, Denver-based Ping Identity, and Irvine, Calif.-based SecureAuth help make it easier for companies to provision, de-provision, and sign on to all of their assets in the cloud, Beri said.

These companies have led the way in moving identity from an on-premises environment to delivering a seamless experience for companies regarding of whether they're accessing assets on-premises or in the cloud, Beri said. Through multifactor authentication, Beri said Okta, Ping Identity and SecureAuth can ensure users have access to all the corporate assets they need.

These companies handle the meat and potatoes of access and control such as streamlining the provisioning and de-provisioning accounts, Beri said, but do so in a way that's friendly and easy for Software-as-a-Service applications.

Gunter Ollmann, CTO, Security (Cloud and AI), Microsoft

Tel Aviv, Israel-based PureSec is focused purely on serverless security architectures and design, and has investigated and identified new classes of threats and attacks, Ollmann said.

PureSec is working to develop the next generation of security technology that will protect customers as they build upon their serverless architectures, according to Ollmann. The company benefits both from being a first- mover as well as the pedigree of its team, Ollmann said.

A lot of PureSec's leadership and team have done the journey from web application security into SaaS services and now into serverless architecture, Ollmann said. Ensuring that the vendor's leadership team has gone through the same journey they're asking partners and customers to undertake is good for all parties involved, Ollmann said.

Shawn Keve, Executive Vice President, Sales and Marketing, Simeio Solutions

Los Angeles-based Saviynt is one of the first vendors to truly tackle issues around governance for cloud infrastructure and application providers, said Keve of Simeio, No. 369 on the 2018 CRN Solution Provider 500. Saviynt also tackles the aspect of fine-grained controls as well, which a lot of users and businesses struggle with when they get into business applications.

Most vendors really only provide governance at the front door and maybe allow for the management of profiles within an application, Keve said. But there are few options beyond Saviynt that enforce segregation of duties, preventative access and controls at the task or function level within an application.

Saviynt has excelled particularly in the SAP environment as well as around some of the health-care applications like Epic, Keve said. The company can go deeper, Keve said, rolling security controls for both on-premises apps as well as cloud infrastructure into a governance platform that can be managed holistically.