Sign up for my newsletter to see more interviews with the biggest names in cybersecurity.
You raised your Series A for Aprigo, which later became CloudLock, all the way back in 2008. Nowadays the need for cloud security companies seems obvious, but was it so obvious back then? Are enterprises thinking differently about the cloud now than they did when you started the company?
Back in 2008 the cloud wasn’t obvious, therefore cloud security wasn’t either…that was our main friction in the market – we found ourselves having to convince customers in the validity of the public cloud model. With the pivot to CloudLock, we focused on those customers that have embraced the cloud and we were no longer required to deal with that objection…At present, public cloud is a strategic direction of the majority of the organizations out there, thus cloud security becomes a ‘mainstream requirement.’
Many breach victims such as Target, received notifications of the breach before the damage was done, however those notifications got lost among the noise from all the other less severe security notifications. At Cloudlock, how do you separate the noise from what’s really important on your security dashboard?
Our first line of defense is the employees themselves. We believe that ‘people centric’ security, i.e engaging the end users, increasing their awareness to risks they’re creating by certain behavior, is the most scalable way to increase the security posture and reduce risk. For example, if a user uploads a file containing SSNs to a cloud app and shares it outside the organization, sending a notification to the user, making them aware to the risk their action created, and giving them the option to remediate that risk from their email client with a click of a button, by either encrypting the file or changing permissions, is much more effective that raising yet another alert in the organizations security SOC..
A lot of companies have woken up to the trend and are now are trying to provide cloud security in one form or another. How do you differentiate yourselves at CloudLock?
CloudLock differentiates in two ways: First, we’re a cloud security platform, vs the other solutions that are cloud security products. Being a platform, means customers and extend CloudLock security services to connect to ANY home-grown cloud app in their environment. The platform approach is enabled by our API-only technology. We require no agents / gateways to be deployed, making no changes to customers networks or employee workflows.
One of my previous guests claimed that he thought the hybrid public/private cloud model will be the predominant model for the next 5-10 years. Do you agree with this idea? Have you considered expanding beyond security for public cloud applications?
I agree for the interim period. Along with that I see the move of data and applications to the public cloud in a similar light to the move from mainframe to open systems in the 90s. Yes, mainframes are still around, but that’s a static niche market. So will be the future of on-premise computing. Niche market that only the most sensitive industries / organizations will be forced to use…
You attended Tel Aviv University and now CloudLock is growing its Israeli business. Do you think that the security landscape in Israel is significantly different than it is in the U.S.? If you do, how so?
Israel, dubbed by many as ‘start up nation’ has an amazingly high concentration of security companies. The market is small and intense and we find the customer base constantly engaging cutting edge start-ups as a strategy to ‘stay ahead of the curve.
- The IPO values them at 3.6x their LTM revenue of $447mm and 15.8x their $101mm in EBITDA.
- The enterprise is trending towards BYOD as a way to reduce corporate device and data costs and maintain productivity. Enterprises are realizing that MDM’s aren’t enough to keep corporate data secure.
- “It’s easier to predict what might happen in the future; it’s harder to predict when the future is going to happen.”
- The company has now raised $49mm in total from Menlo Ventures, Flybridge, Comcast Ventures (new to this round) and others.
- I interviewed BitSight’s Cofounder/CTO Stephen Boyer several months ago.
- Great profile of the hacker turned CISO and the work he has done since starting at Yahoo.
- Kind of funny that Stamos announced he was leaving Yahoo for Facebook 10 days after this profile came out.
- Opinion piece on why to avoid FireEye’s stock despite the strong cyber market. Provides an interesting overview of FireEye’s products and revenue streams.
- The move will allow company to keep better track of its customers and to hopefully convert some of the pirates to paid users in the future.
- I had Malwarebytes founder Marcin Kleczynski on the newsletter a few weeks ago (Thanks Marcin!).
- The company, which previously offered real time visibility into the security status of endpoints across your network, will now be able to provide more detail into the status of those endpoints across time.