A Conversation with Digital Guardian and Golub Capital
Mordecai (Mo) Rosen
Mordecai (Mo) Rosen
Digital Guardian, CEO
Mo has more than 25 years of experience in the technology industry, including four years at CA Technologies (now a Broadcom company), where he served as the General Manager for the Cybersecurity Business Unit, following the acquisition of Xceedium, where he was the Chief Operating Officer. Mo shares his expert insights based on many years of enterprise cybersecurity experience and his deep comprehension of managed security and SaaS.
Mo has more than 25 years of experience in the technology industry, including four years at CA Technologies (now a Broadcom company), where he served as the General Manager for the Cybersecurity Business Unit, following the acquisition of Xceedium, where he was the Chief Operating Officer. Mo shares his expert insights based on many years of enterprise cybersecurity experience and his deep comprehension of managed security and SaaS.
Digital Guardian is the leading provider of data loss protection and one of the first to unify data protection (DLP) and endpoint detection and response (EDR) to safeguard against all potential data threats. In this edition of SaaS Talk, Golub Capital Senior Director Rob Sverbilov spoke with Digital Guardian CEO Mo Rosen to discuss the SaaS model for security protection, and to share thoughts on the future of the industry.
Rob: 
Give us a high-level background of Digital Guardian, what are the core services and products that you focus on?
Mo: 

Digital Guardian is in the business of protecting valuable and sensitive corporate data. Our products are used by companies that understand that data is now your core intellectual property asset.

Digital Guardian provides two ways of protecting the data. First is the cloud-delivered data loss prevention (DLP) service, which prevents sensitive data from leaving an organization, whether it’s from purposeful theft or accidental loss. Second is endpoint detection and response (EDR). EDR monitors the infrastructure the data sits on: your laptop, your server. It detects anything that would suggest that an external adversary has compromised the system, either directly or by masquerading as an insider with stolen credentials.

The unique thing about Digital Guardian is the combination of DLP and EDR in a single agent and platform that protects data across all major operating systems: Windows, Linux and macOS. We offer this via SaaS, and as a fully managed security program. For our Managed Security Program, we actually do the work for the entire management, administration and configuration for those customers who can’t hire enough security talent to do the management themselves.

Rob: 
What emerging technologies have you seen coming up in the security SaaS space?
Mo: 

I would say it’s the shift from the enterprise and appliance-level security that we, as an industry, have been delivering for the last 25 years, to security as a service. This is the direction that Digital Guardian is going, which is data protection as a service.

In terms of other disruptive forces, identity as a service is an example, with the IPO of Okta and the acquisition of Duo by Cisco.

The other is application security as a service. Millions of application services get introduced every year, and it’s about building security into applications from the get-go, and application security testing. The last thing I would say is to pay attention to what the major platform vendors are doing, from Microsoft to AWS to Google to Apple, they’ve woken up to security in a big way. They know that to take the arguments off the table about a shift to cloud, or a shift to SaaS, they have to embed security into everything, and they’re doing it.

Rob: 
You’ve been in the technology business for a long time. What has been your biggest takeaway?
Mo: 

I have three major takeaways. Number one: great tech companies build great products that customers want to buy. No matter how great your technology is, or forward-thinking it is, unless you find that product/market fit, it’s hard to build a great company. Especially in the SaaS world, it’s the products that lead.

My number two: great people and great culture are the most important things when building successful tech companies. You have to invest in people and understand the value of culture, and the rest will follow from there.

My number three: companies today really have to be agile, and you have to build a company that’s built to change. The concept of being built to last – it doesn’t last anymore. An entire company has to be agile from product, to go-to-market, to sales. You have to be able to adjust and run.

Rob: 
What do you think drives a lot of the corporate data breaches we’ve been seeing? What’s been the differentiating factor between companies?
Mo: 

There is a subset of companies where security is considered a checkbox, and those companies are the ones that are the most vulnerable. They don’t patch vulnerabilities. They don’t manage open source code. They don’t test applications. They don’t have a culture of security or governance.

Then there is the other set of companies that really believe security is critical. They embed security as part of the culture, and it gets pushed down from the CEO and the Board. Those are the companies that really understand the extent of security and security protection.

I also think security is now evolving to be looked at as risk management. You’re not going to be able to protect everything, but make sure you protect the important stuff. You start with recognizing it as a risk, and then you adopt a framework, and then put governance and process into place.

It can be hard for Chief Security Officers to communicate with others because they are still tech-talking guys, and security can feel like a different mindset – but risk, that’s a language everyone understands.

Rob: 
From your product standpoint, if I’m a user, can you describe the difference between a user who is just using the platform versus having Digital Guardian providing the platform and doing the monitoring? What are the benefits of each one?
Mo: 

The SaaS platform itself provides all the functionality. Just like a lot of SaaS platforms, there’s a little bit of software you have to install in your endpoints, but all the management is done in the cloud via SaaS.

You have to know what data you want to protect. You have to know where you want to protect it from going and then you write the rules and policies to do that exact thing. The construction and maintaining of those rules require people who know a lot about security, about the organization and about data exfiltration. Some big organizations have that capability in house, and they can leverage our SaaS product and manage. For those folks who don’t have giant security organizations with that level of sophisticated talent, they’d rather consume it as a managed service.

Rob: 
From your standpoint, as you’re trying to protect the core IP within the organization, how does the movement to the cloud platform affect your business and affect security as a whole?
Mo: 

It’s made it more complicated because data and operations live in multiple places now. They used to just live behind the firewall, but there is now a new digital supply chain. So, the problem here is that the data moves everywhere, it doesn’t necessarily have to do with cloud or SaaS, it has to do with governance.

Rob: 
Give us your take on where you think SaaS or specifically security SaaS is going within the next 24 months.
Mo: 

I don’t think we will see significant disruption within the next two years. It will really be about perfecting what we currently have. You’ll see additional capabilities being added through artificial intelligence and machine learning. That’ll increase our ability to identify breaches; it will increase our ability to find sensitive data, to track it, to classify it, to automatically generate rules to protect it, and to determine what baseline behavior is and what anomalous behavior is.

The other big thing that will happen over the next two years, is additional security capabilities being added by the major platform vendors. We at Digital Guardian have to play in that ecosystem, and it makes sense for us because we live in a world of cross-platform, multiple cloud ecosystems.

Golub Capital would like to thank Mo Rosen and Digital Guardian for participating in this edition of SaaS Talk.