As an Identity Security expert, why did I join vArmour to head marketing?
As the new head of marketing for vArmour I wanted to use this blog to lay out my thought process for why I chose vArmour and why I believe it has become a significant player in the cyber security market.
First let me give you a little background: I am a security industry veteran having managed, marketed and sold security, SaaS, and IT middleware for the past 25 years. Most recently, I led Identity Security marketing for CyberArk (CYBR), was VP of Marketing for Idaptive – an Identity as a Service (IDaaS) company spun out of Centrify and later acquired by CyberArk – and was a product and marketing executive for Centrify, helping grow revenue and customer adoption by over 1000% before being acquired by Thoma Bravo.
From this background I am convinced that Identity Security provides a critical set of capabilities and controls to help achieve a Zero Trust approach to securing modern hybrid and cloud-native companies. The problem with Zero Trust is that you can’t trust what you can’t see. Zero Trust only works if every user, app, device and workload participate — which is fine if you are able to whitelist every user, app, device, and workload — but that is not the real world. The complexity of hybrid and cloud-native environments, plus the fragmentation introduced by modern architectures, leads to fragility and leaves blind spots for attackers to exploit.
Don’t get me wrong, ZT is part of the answer. But only if you have complete visibility into every relationship between users, apps, devices, and workloads — that is always and dynamically up to date. Only then can you then have the confidence in your ability to deliver resiliency and keep your environment safe.
Taking part in shaping the definition and creation of the Zero Trust approach and the Identity Security market was one of the greatest achievements of my career. But at the same time, I was ready for a new challenge.
After 15 successful years in the Identity Security market, I started considering what type of company I wanted to work with next. I knew that I wanted to work with a team of smart and experienced veterans that were disrupting how difficult problems were solved in a big market. I was privileged to be able to have fascinating discussions with dozens of companies in the Security, FinTech, and Cloud markets and ultimately chose to join vArmour. There are several trends and factors that led to this decision:
First, vArmour is addressing several gigantic waves crashing through the markets right now:
- There is a clear acceleration of moving to the cloud. The complexity, innovation, and expertise needed to run a datacenter is better left to the experts. That’s why we are witnessing cloud spending budget increasing an order of magnitude faster than general IT spending.
- IT modernization and the adoption of modern architectures such as microservices and Kubernetes both of which is leading to unprecedented complexity and interdependency of components. DevOps practices and CI/CD pipes have automated much of the complexity from a management point of view, but visibility, resiliency, and security are still major concerns.
- After the last two pandemic years, we have also become keenly aware that if you are not a digital first company, you probably haven’t fared very well. The resiliency and security of the digital business has become an existential imperative for every organization.
Second, I wanted to join a company that was disrupting how difficult problems were solved. This is where vArmour shines.
vArmour has pioneered the use of relationships to ensure resiliency and security in hybrid enterprises. What do I mean by a “relationship”? A relationship is a real-world connection between applications, users, workloads, devices, and data flows. For example, a microservice makes API calls to another microservice, an admin logs into a server, or a file is transferred from one system to another. All of these transactions indicate that a relationship exists between the entities.
Why does this matter? Let me preface this answer by observing that we already know the tremendous network effect that understanding and managing relationships has had on social and work networks (Facebook and LinkedIn), on human knowledge (hypertext links and the internet), even in IT application performance management (Dynatrace, New Relic, DataDog).
As the complexity introduced by modern architecture and hybrid applications has grown the number of relationships by many orders of magnitude, understanding these relationships has become essential in the context of resiliency and security.
The facts are that most IT and security organizations have poor or limited visibility into their enterprise’s true interconnectedness— the relationships and dependencies between and among users, applications, networks, and infrastructure; as well as how and where these applications are being accessed and utilized. These blind spots adversely affect understanding of policy intent and consistency across environments; and whether applications exist that are not being protected or accessed as they should.
Even answering the question of “what is the blast radius of a cyber-attack or system outage?” has become very difficult to answer with complete confidence.
This is where vArmour comes in to play. They have spent the better part of a decade developing, honing, and proving the power of relationship management to ensure resiliency and security. They deliver this solution from the vArmour Relationship Cloud platform. vArmour provides complete Discovery of relationships resulting in a powerful relationship graph, enables the Observability of relationships as they morph and change over time, and facilitates relationship Control through the use of intrinsic security controls and policies already in place.
This is best demonstrated through a simple customer example:
A large retailer, undergoing a split of their two major retail brands into separate companies, lacked the visibility and understanding of the over six million relationships that existed among their 500+ applications and 84,000+ workloads. vArmour helped them evaluate, migrate and duplicate 100s of apps while avoiding any downtime for their critical systems and applications.
During this process, this same customer became aware of the CVE related to the log4j vulnerability. Their approach relied on a popular vulnerability scanning and management tool to ensure that all of the affected systems were up to date. vArmour was able to quickly identify affected workloads that the vulnerability scanners were simply not aware. Additionally, vArmour was able completely to describe the blast radius of a potential attack on those workloads including all of the connections into and out of the affected systems.
Their CISO commented to vArmour “Now I am seeing the value of vArmour and how we can use this across the business. It’s more than brand separation; we can use vArmour to help enforce what our teams have said they’ve implemented”. vArmour is giving this retailer the confidence that they have complete visibility and control across their hybrid landscape.
I am convinced that the team at vArmour has the vision, expertise, and technology to transform how we ensure security and resiliency for every organization. This is probably why they are experiencing phenomenal growth both in terms of customer adoption and revenue — they have the right solution, providing the right value, at just the right time.
I simply knew it was an opportunity I had to be a part of.
I am excited for you to learn more about vArmour Relationship Cloud and how we can help you achieve Application Relationship Management. Please reach out to our team or take a look at www.varmour.com.