Security professionals are inundated with warnings about misconfigurations, management permissions, and S3 buckets being exposed to the internet amid the barrage of non-stop notifications. And there’s probably no end in sight as a company’s cloud footprint continues to grow. Today, the Cloud Security Alliance estimates that 67% of organizations host sensitive data or workloads in the public cloud. Imagine what that will look like in the years to come.
As a security researcher, I’ve felt the pain of cybersecurity in the wake of cloud transformation, caught between the benefits it brought to organizations, the headaches it caused for security teams that already depended on resources, and the numbness that comes from the constant Rush emerged on warnings. I recently met up with a good friend who is the CISO of a fintech company. When he shared his concerns, it was further confirmation that security officials couldn’t — and wouldn’t — keep up with all these warnings and demands.
More than 20 percent of the warnings result in false alarms. This insight helped me to find the missing piece of the cloud security puzzle that today forms the basis of Solvo’s cloud solutions. As an industry, we were short-sighted – we looked at static configurations of cloud accounts and searched for the same patterns – which led to Solvo sparking the inspiration to create an application layer analysis to improve infrastructure security.
A new path for cloud security
The biggest challenge we observed was managing data assets that security teams needed to protect. Our latest innovation, Data Posture Manager, which tracks compute and data assets to show which ones are vulnerable and the exact impact they are having on the business, was designed to give public cloud users the power to manage cloud security data and applications of their companies.
Unfortunately, with the speed of development pipelines and the ongoing cybersecurity skills shortage, misconfigurations and mismanaged identity and access policies are more common than any organization would like. In fact, our internal data shows that 85% of excessive permissions exist on the average cloud account. It was clear that we had to pull back the layer of risky cloud permissions so we could show them which one Businesses always have access to sensitive data and the damage it could ultimately cause.
A recent study by 451 Research found that 45% of organizations had experienced a cloud-based data breach in the last 12 months. It shouldn’t come as a surprise that these numerical dates match the anecdotal stories we hear every day. Of the recent security breaches at Okta and Uber, there’s no shortage of examples that validate the cloud security challenges facing the industry. The old combination of people, processes and tools that we have relied on for the past 40-50 years of cyber defense has not aged well. It’s time to get it right for the cloud generation of computing that’s coming our way.
Promoting a company beyond technology
In addition to creating a unique approach to cloud infrastructure security, our intention when launching Solvo was to create a diverse environment and a safe space for ideas. As an entrepreneur, you must fight the tendency to hire people who think and act the same way you do. A company without diverse DNA will not maximize its growth or potential. It started with our employees – one of our first employees was not a technologist or a business leader, but an organizational psychologist. In order to build a security company that breaks new ground, we had to start by examining all the biases of hiring at the door – we didn’t go the beaten path to create our company culture.
As I built this company, I learned that it is critical to stay close to your customers and listen carefully to their needs, frustrations and expectations. Build a product for them – not for your company. As someone who has spent his entire career in R&D and cloud computing, I know what customers need to do to keep their data secure. However, I’m still learning how we can make this progressively easier. Sometimes they’ll back off and explain why something might not be working in their environment — it’s important not to dismiss these conversations as they can be the most educational. To truly listen to the user’s needs, check your ego at the door and embrace an innate sense of humility. It doesn’t matter how brilliant a product may be if it’s too difficult to use.
Advice for co-entrepreneurs
There are a handful of lessons that have shaped Solvo, but three in particular have been lifelines in nurturing this startup. First, surround yourself with people who will encourage you but also hold you accountable for the ultimate mission. There is a difference between negativity and accountability. As an entrepreneur with voices pouring in from all sides, knowing how to differentiate is important, especially when developing a unique software product in a crowded market.
Second, don’t be afraid to seek advice from other peers, technologists, and business leaders who have already been through this process. They are a source of invaluable advice on what worked and what didn’t. With that in mind, remember that every entrepreneurial journey is different and there is no one path to success.
Third, spend time consciously selecting the right partners who believe in the common mission with just as much passion and a unique perspective – remember the yin and yang of founders and the importance of lighting blind spots. This is possibly the most important decision you will make.
The way forward
There were several defining moments and insights that led to the creation of Solvo – the exponentially growing cloud security problem, the fact that the most impactful products are the most user-friendly, that a good team eschews homogeneity, and that the voice of the user might be the most important voice in the product development process. I knew the challenges we would face in building a business would be complex, but little did I expect that the dedicated investments in creating a diversity of thought, purpose and a sense of shared urgency would come together in an event like this would dynamic path.
We cannot overlook the magnitude of the cloud security problem at hand. For years, the focus of security has been on highlighting What is wrong in environments, but it’s time to help teams actually fix what is wrong. That’s why we built Solvo differently from the start – we knew that today’s threat landscape requires a user-centric approach. For investors and entrepreneurs alike, the transition to more effective cybersecurity begins with the new generation of innovators.
Written by Shira Shamban, CEO and co-founder of Solvo