I’ve been in “cyber” a long time. Aside from being a hacker, consultant, pen tester, and working for two security startups, I had the honor of leading security at Dropbox, Salesforce, Kaiser Permanente, and McKesson. I’m now on the investment side, working to synthesize what I’ve learned to make smart venture investments. The industry and role career diversity within security has given me a perspective into both the uniqueness and commonality of security challenges across companies and industries.
The Evolution of Enterprise Security
Cybersecurity has evolved from its early days of well-bounded infrastructure issues. The first stage was in the 90’s. The focus of information security was defined primarily by servers, networks, and the configuration and access management of some key applications. It was all about scanning, patching, and access management.
The second stage started in the early 2000’s. As companies started developing for the web, the demands on security teams expanded to include wide-ranging and much trickier application security challenges. CISOs responded by building out new AppSec teams and adapting the mix of technical skills in their organizations by including much more development talent. Of course this was additive to the first stage.
Globally accelerating privacy and data protection regulations are now driving us into the third stage of the evolution of enterprise security – data. The current challenge is to manage data risk across legacy and hybrid multi-cloud infrastructures at massive scale and at a time when data is critical to the transformation of virtually every industry.
Many security officers see this as a chaotic and scary mess because they are historically ill-equipped with tools and skills in their organizations to tackle this challenge. A lack of basic visibility into the breadth of their company’s data combined with deeper accountability to protect it leads to anxiety. GDPR, CCPA, CPRA, and an ever-expanding alphabet soup of regulations that hold companies responsible for data privacy and security – and reinforce that responsibility with massive fines – have left CISOs wondering where to start.
Just like in the second stage in the evolution of security, CISOs need to step back to plan and adapt the composition of their organizations with the right tools and skills in order to take on this challenge.
ClearSky Discovers Okera
We first learned about Okera in early 2019 and were impressed by how easily the company’s technology enables security leaders to shift from protecting data without knowledge and reacting when an unexpected challenge suddenly emerges to building security into their data infrastructure from the ground up. Okera eliminates surprises and brings order to the chaos of enterprise data.
At ClearSky, we look for investment opportunities with companies that have transformative security technologies which solve difficult and material security challenges across industries. This is exactly why we were attracted to Okera and chose to lead their $15 million Series B funding earlier this year.
Okera empowers CISOs, data stewards, data owners, and data users across the enterprise with visibility into all of their data across all environments to easily ensure data security and privacy across every data asset.
Okera: A New “Data Firewall”
I like to think of Okera as creating a kind of “data firewall” between data consumers and data repositories. Okera is inline or virtually-inline with all transactions. From my perspective, this is valuable “real estate” that enables monitoring, threat detection, unified access enforcement, de-identification, and more.
I believe Okera is an essential tool for CISOs in this third data-centric evolution of the security role. The old tools just don’t work or are insufficient by themselves to meet the new data security and compliance challenges. Okera equips CISOs with the visibility and control to manage data risks at scale without slowing down digital transformations.
Being in the middle of a data flow raises legitimate concerns about scale, availability, and integrity. We were happy to find that Okera has met these challenges. The product is implemented in production at Fortune 500 customers with petabytes of data in their data lakes and processes over two trillion rows of data per day without fail. Okera has enhanced its architecture in such a way that the policy enforcement can be handed off to the analytical engine depending on its capability set and the policy’s complexity. This ensures the most performant execution suitable for large F500 companies.
We’ve been impressed with the Okera team and culture and look forward to continuing to work hand-in-hand with them as the company expands and evolves.