“In a world where data is everywhere and accessed from anywhere, the value of legacy security controls have eroded, and identity has emerged as the primary control point for cybersecurity.”
Hi, Lior. Welcome to our Interview Series. Please tell us a little bit about your journey in the IT security industry and what inspired you to co-start Grip Security in such a competitive space?
After serving in the Israeli military Unit 8200, which is the equivalent of the NSA in the US, I became a venture capitalist and evaluated hundreds of startup ideas and business plans. I concluded that one of the most fundamental risks in cybersecurity was not being addressed, and that insight led me to start Grip Security with my cofounders.
The last two years have accelerated digital transformation for businesses of all sizes and stature. Security risks have multiplied at an equally ruthless pace. What has been the biggest lesson for you when you look at the cybersecurity and threat detection domains today? Would you like to share your pandemic experience on how you managed to continue your business development work during these uncertain times?
One of the most impactful outcomes is the productivity gains of digital transformation from the adoption of SaaS, and today, every employee can essentially be their own CIO. If I need an application, I go to a website and sign up for a free trial or just buy it with a credit card. The days of requesting the application from IT and waiting for them to approve the request, set up the servers, and install it on in my laptop are gone. This has a tremendous impact on cybersecurity and requires companies to rethink how they govern applications and data. I do not think the industry has caught up to this reality and is still relying on an outdated framework when it comes to SaaS security.
Grip Security was started during the pandemic, and I worked hard to hire not only good people but those that would fit into the culture I wanted to build. By hiring the right people, the company was able to grow and thrive through the pandemic and achieve all its targets for both the product and business objectives.
Ransomware-as-a-service is a big threat to data companies with large-scale IT networks spanning remote locations. How do these threat actors actually operate?
Ransomware companies have become SaaS companies with subscriptions, support, and payment options. They operate in the same manner as any other SaaS company, and some even run the ransomware campaigns for you. It’s incredible how easy it is these days to be a cybercriminal.
What approach should CIOs and CISOs take to prevent data breaches and ransomware events in their organization?
Cybersecurity’s traditional approach has been to set and to enforce policies centrally. This worked fine when IT/security controlled everything. Modern enterprise IT is largely run on SaaS, and CIOSs and CISOs no longer have the control they used to have. They need to change their approach to one where policies are created centrally with decentralized enforcement. This does have architectural implications to how they discover, prioritize, secure, and orchestrate their security across the organization. The forward-looking CIOs and CISOs are starting to do this already. I believe it will become more prevalent soon.
How does a company like Grip Security fit into a modern CIO’s risk management/ disaster prevention technology stack?
Grip Security has a complete view of every SaaS application that is being used in a company and is able to gain control to secure the account if needed. When a SaaS breach occurs, it can impact hundreds, or a larger company, thousands of employees and accounts. Without Grip Security, it is nearly impossible for companies to recover from it in a timely manner.
What problems are you solving for a digitally savvy and data-driven CIO?
Workers across the board are more productive today than ever before, and much of that has to do with their ability to use SaaS. No company has the foresight and staff to find, vet, and govern every application their employees want to use. Are you going to assign someone to evaluate an application that somebody wants to use for a couple of hours? Probably not. Grip solves this problem for CIOs with a SaaS discovery and governance solution that allows companies to let their employees choose the right application for their job. Employees are happy because they don’t feel like they are being blocked unnecessarily. The CIO team is happy because they are working on more interesting projects. The company is happy because the employees are productive and driving results.
How would you define “adaptive security” management from a modern context? What do CIOs get when they include adaptive security measures in their policies?
Adaptive security is great in concept, but I think it has a long way to go before it becomes a reality. The most important input to adapting a response to a potential threat is context, and the closed loop process of collecting, analyzing, and making decisions based on a series of events has not been productized for enough use cases yet. I think the industry is closer to adaptive risk management, which is an assessment of risk based on changing inputs, but the security action taken would still be done by people.
Please tell us a little bit about your core offerings from Grip Security? Which set of customers / business titles are you targeting to expand the reach of your products?
In a world where data is everywhere and accessed from anywhere, the value of legacy security controls have eroded, and identity has emerged as the primary control point for cybersecurity. With Grip, companies can combine centralized IAM controls and policies with decentralized, context-aware enforcement. Grip Security targets CISOs or heads of GRC because SaaS governance is a strategic issue that impacts the entire company.
Could you tell us about your recent infusion from TSG and how you plan to enhance your product offerings?
TSG is an amazing investor, and we’re really honored to be a part of their portfolio. The investment was driven more by our desire to accelerate our go to market initiatives, and TSG has an excellent track record of helping startup companies build and scale their channel programs. Our product is ideal for the channel because it installs quickly, and the platform can be used to build a professional services practice around it for even more revenue.
Your take on the new buzzwords in AI-driven application development and coding workflows for security management: how do you see these trends impacting enterprise security governance and data protection?
It’s an interesting time for AI in general, and it feels like we are on the cusp of an industry breakthrough. Coding as a discipline seems to be getting less important with all the tools and no-code solutions on the market. This trend will help companies improve their security programs by creating better defenses and responding to incidents faster.
What is the future of IT risk monitoring with automation solutions? How CIO’s decision would help in upgrading the next generation of digitized intelligent automation tools?
The future of IT risk monitoring with automation looks very bright. CIOs need to ensure that they are listening to their business partners though to ensure that automated risk monitoring aligns and enables the business objectives. If these are misaligned, then automation can actually decrease productivity by causing exceptions and manual workarounds.
Thank you, Lior ! That was fun and we hope to see you back on cioinfluence.com soon.
[To participate in our interview series, please write to us at email@example.com]
Lior Yaari is the CEO and Co-Founder of Grip Security. Lior has significant experience in the cybersecurity domain as the former CTO of YL Ventures, a leading cybersecurity VC, and as the former Chief of Cyber Training in an elite intelligence unit of the Israel Defense Forces. Among his previous positions Lior was a Vulnerability Researcher and Project Lead at Cymotive, an automotive cybersecurity company, and co-founded Imperium Security, an embedded devices Secure Development Life Cycle (eSDLC) company.
Grip helps companies modernize their security architecture and adapt to how SaaS is acquired today. Our SaaS Security Control Plane solution helps companies discover, prioritize, secure and orchestrate compliance and risk management for all SaaS regardless of the device. Grip unifies control points, telemetry, analytics and operations so companies can embrace a business-led IT strategy safely and securely. Our purpose-built platform leverages existing infrastructure and is designed to simplify SaaS security operations with built-in, out-of-the-box automation that makes this possible.