Digital Guardian is in the business of protecting valuable and sensitive corporate data. Our products are used by companies that understand that data is now your core intellectual property asset.
Digital Guardian provides two ways of protecting the data. First is the cloud-delivered data loss prevention (DLP) service, which prevents sensitive data from leaving an organization, whether it’s from purposeful theft or accidental loss. Second is endpoint detection and response (EDR). EDR monitors the infrastructure the data sits on: your laptop, your server. It detects anything that would suggest that an external adversary has compromised the system, either directly or by masquerading as an insider with stolen credentials.
The unique thing about Digital Guardian is the combination of DLP and EDR in a single agent and platform that protects data across all major operating systems: Windows, Linux and macOS. We offer this via SaaS, and as a fully managed security program. For our Managed Security Program, we actually do the work for the entire management, administration and configuration for those customers who can’t hire enough security talent to do the management themselves.
I would say it’s the shift from the enterprise and appliance-level security that we, as an industry, have been delivering for the last 25 years, to security as a service. This is the direction that Digital Guardian is going, which is data protection as a service.
In terms of other disruptive forces, identity as a service is an example, with the IPO of Okta and the acquisition of Duo by Cisco.
The other is application security as a service. Millions of application services get introduced every year, and it’s about building security into applications from the get-go, and application security testing. The last thing I would say is to pay attention to what the major platform vendors are doing, from Microsoft to AWS to Google to Apple, they’ve woken up to security in a big way. They know that to take the arguments off the table about a shift to cloud, or a shift to SaaS, they have to embed security into everything, and they’re doing it.
I have three major takeaways. Number one: great tech companies build great products that customers want to buy. No matter how great your technology is, or forward-thinking it is, unless you find that product/market fit, it’s hard to build a great company. Especially in the SaaS world, it’s the products that lead.
My number two: great people and great culture are the most important things when building successful tech companies. You have to invest in people and understand the value of culture, and the rest will follow from there.
My number three: companies today really have to be agile, and you have to build a company that’s built to change. The concept of being built to last – it doesn’t last anymore. An entire company has to be agile from product, to go-to-market, to sales. You have to be able to adjust and run.
There is a subset of companies where security is considered a checkbox, and those companies are the ones that are the most vulnerable. They don’t patch vulnerabilities. They don’t manage open source code. They don’t test applications. They don’t have a culture of security or governance.
Then there is the other set of companies that really believe security is critical. They embed security as part of the culture, and it gets pushed down from the CEO and the Board. Those are the companies that really understand the extent of security and security protection.
I also think security is now evolving to be looked at as risk management. You’re not going to be able to protect everything, but make sure you protect the important stuff. You start with recognizing it as a risk, and then you adopt a framework, and then put governance and process into place.
It can be hard for Chief Security Officers to communicate with others because they are still tech-talking guys, and security can feel like a different mindset – but risk, that’s a language everyone understands.
The SaaS platform itself provides all the functionality. Just like a lot of SaaS platforms, there’s a little bit of software you have to install in your endpoints, but all the management is done in the cloud via SaaS.
You have to know what data you want to protect. You have to know where you want to protect it from going and then you write the rules and policies to do that exact thing. The construction and maintaining of those rules require people who know a lot about security, about the organization and about data exfiltration. Some big organizations have that capability in house, and they can leverage our SaaS product and manage. For those folks who don’t have giant security organizations with that level of sophisticated talent, they’d rather consume it as a managed service.
It’s made it more complicated because data and operations live in multiple places now. They used to just live behind the firewall, but there is now a new digital supply chain. So, the problem here is that the data moves everywhere, it doesn’t necessarily have to do with cloud or SaaS, it has to do with governance.
I don’t think we will see significant disruption within the next two years. It will really be about perfecting what we currently have. You’ll see additional capabilities being added through artificial intelligence and machine learning. That’ll increase our ability to identify breaches; it will increase our ability to find sensitive data, to track it, to classify it, to automatically generate rules to protect it, and to determine what baseline behavior is and what anomalous behavior is.
The other big thing that will happen over the next two years, is additional security capabilities being added by the major platform vendors. We at Digital Guardian have to play in that ecosystem, and it makes sense for us because we live in a world of cross-platform, multiple cloud ecosystems.