Security professionals find themselves inundated with alerts about misconfigurations, administration permissions and S3 buckets open to the Internet, among the barrage of non-stop notifications. And there is likely no end in sight as an organization’s cloud footprint is ever-expanding. Today, the Cloud Security Alliance estimates that 67% of organizations host sensitive data or workloads in the public cloud. Imagine what that will look like in the years to come.
As a security researcher, I felt the pain of cybersecurity in the wake of cloud transformation, caught between the advantage it brought to businesses, the headaches it created for security teams already tapped for resources, and the numbness that was born out of the constant onslaught on alerts. I recently met with a good friend of mine who serves as a CISO of a fintech company. As he shared his concerns, it was yet another confirmation that security leaders could not possibly – and were not – keeping pace with all these alerts and demands.
More than 20 percent of alerts result in false positives. This realization helped me figure out the missing piece of the cloud security puzzle that today serves as the foundation for Solvo’s cloud solutions. As an industry, we were shortsighted - looking at static configurations of cloud accounts, searching for the same patterns - which led to the spark of inspiration for Solvo - to create an application layer analysis in order to improve infrastructure security.
A New Path for Cloud Security
The biggest challenge we observed was the management of data resources that security teams needed to protect. Our latest innovation, Data Posture Manager, which tracks computer and data resources to show which ones are vulnerable and their exact business impact, was developed to empower public cloud users to ensure the security of their organizations’ cloud data and applications.
With the speed of development pipelines and the ongoing talent shortage in cybersecurity, misconfigurations and mismanaged identity and access policies are unfortunately more common than any organization would like. In fact, our internal data shows that there are 85% of excessive permissions on the average cloud account. It was clear that we needed to peel back the layer of risky cloud entitlements so we could show which entities have access to sensitive data at any given time and the damage it could ultimately cause.
A recent study conducted by 451 Research revealed that 45% of businesses had experienced a cloud-based data breach in the preceding 12 months. It should not come as a surprise that this numerical data matches the anecdotal stories we hear day in and day out. From the most recent Okta and Uber breaches, there is no shortage of examples confirming the cloud security challenges the industry faces. The legacy combination of people, process, and tooling we’ve relied on for the last 40-50 years of cyber defence has not aged well. It is time to get it right for the cloud generation of computing that is upon us.
Fostering a Company Beyond Technology
Beyond the creation of a unique approach to cloud infrastructure security, our intent in launching Solvo was to create a diverse environment and a safe space for ideas. As an entrepreneur, you have to fight the tendency to hire people who think and act just as you do. A company without a diverse DNA will not maximize its growth or its potential. This started with our people - one of our first hires wasn’t a technologist or business leader, it was an organizational psychologist. To build a security company that breaks the mold, we had to start by checking any hiring biases at the door - we didn’t take the well-beaten path to create our company culture.
While building this company, I’ve learned that it’s critical to remain close to your customers and listen intently to their needs, frustrations and expectations. Build a product for them – not for your business. As someone who has spent their entire career in R&D and cloud computing, I know what clients must do to secure their data. However, I am still learning how we can make this increasingly easier. Sometimes they push back, explaining how something might not work in their environment – it’s important not to dismiss these conversations as they can be the most educational. To truly listen to the needs of the user, check your ego at the door and assume an inherent sense of modesty. It does not matter how brilliant a product may be if it’s too hard to use.
Advice for Fellow Entrepreneurs
There are a handful of lessons that have shaped Solvo, but three, in particular, have been lifelines while nurturing this startup. First, surround yourself with people who encourage you but also hold you accountable to the ultimate mission. There is a difference between negativity and accountability. As entrepreneurs with voices streaming in from all sides, it’s important to know how to differentiate, especially when building a unique software product in an ultra-saturated market.
Second, don’t be shy to ask for advice from other peers, technologists and business leaders who have been through this process before. They are a source of invaluable advice about what has worked and did not. With this in mind, remember that each entrepreneurial journey is different and there isn’t a single road to success.
Third, spend time intentionally choosing the right partners who believe in the shared mission with as much fervour and as much of a unique perspective – think about the yin and yang of founders and the importance of illuminating blind spots. This may be the single most important decision you will make.
The Road Forward
There were several crucial moments and realizations that led to the formation of Solvo – the exponentially growing cloud security problem, the reality that the most impactful products were the most usable, that a good team eschews homogeneity, and that the voice of the user might be the most important voice in the product development process. I knew that the challenges we’d face in building a business would be complex, but little did I anticipate that the dedicated investments in creating a diversity of thought, a sense of purpose, and a sense of shared urgency would come together in such a dynamic way.
We cannot overlook the magnitude of the cloud security problem at hand. For years, the focus of security has been on highlighting what is wrong in environments, but it’s time to help teams actually fix what’s wrong. This is why we built Solvo differently from the start – we knew today’s threat landscape needed an approach that is user-led. For investors and entrepreneurs alike, the shift to more effective cybersecurity starts with the new breed of innovators.
Written by Shira Shamban, CEO & Co-Founder of Solvo