Sramana Mitra: How does your system access all of the data that apps are capturing? What is doable in terms of scanning what the apps are doing on these devices that are being plugged into the enterprise?
Anne Bonaparte: We can pull the app inventory from EMM systems. In the cloud, we are doing this analysis that is both static as well as running them in a virtual sandbox. We have millions of apps in our database, so we can easily understand, “Could this app grab calendars?” If you’ve got a flashlight app that is pulling content in the calendar, that’s an indication that you might want to take a second look, because there’s no real reason for that except for malicious or very poor programming practices.
Sramana Mitra: When you look at the ecosystem, one of the questions that I’m trying to get my arms around is that cyber security is one of the most active areas of entrepreneurship and innovation in our industry. There’s always a security company getting funded all throughout the ecosystem.
If you are the Chief Information Officer and you have to figure out how to bring all these different technologies into your organization, how do you frame it? For example, Appthority does one piece of the equation. Can you put on a CISO’s hat on and explain to me how a CISO would think about bringing all these technologies in and how do they bring you in?
Anne Bonaparte: The way I frame it is, I’d be listening to the CISO talk about his overall security architecture and posture. Most likely, it’s going to be cloud-based. We’ll talk about how he’s approaching the management of risk across all these typical hardware and systems that he has in place.
Often, he will share that they have a blindspot with mobile because mobile often involves decisions that are driven by employees and are not necessarily completely controlled by the enterprise. There’s a gap in visibility for that CISO. He’d think about the cloud and where all the data is. What is accessing the cloud? Sometimes, it’s a desktop computer but more and more, it’s a mobile device which is a computer with a lot of surveillance attached to it. The first step in assessing and managing risk is ensuring you have visibility.
Right now, there’s a gap in visibility. I’ve been in the industry for a long time, we used to talk about perimeters. But here, employees with their phones form the perimeter. There’s not a true perimeter.
Sramana Mitra: Exactly.
Anne Bonaparte: If we can get him to be thinking about, “I don’t have complete control of that.”, the first step is visibility. Where we differentiate is we’re able to provide detection depth and we’re able to do it in an easy agent less way. More and more folks do not want to deploy a lot of agents. That definitely is a trend. We recognize that the CISO has established security and compliance policy frameworks.
We’ve designed our system to be easily integrated into those structures rather than starting over. We also have our own portal, of course, but with very flexible and customizable frameworks. He can see how it can snap into his broader vision because mobile can no longer be considered a silo, which I think it was in the early days. You really can’t think of it separately. I don’t think CISO’s are thinking about that. They’re thinking how to integrate mobile into the broader framework.
Sramana Mitra: What about vendor management? Are you directly working with enterprises or do you have to partner with larger vendors to get into the enterprise buying cycle these days? I know the CISO’s are overwhelmed by the number of vendors they have to deal with.
Anne Bonaparte: Yes and yes. We primarily sell direct but we do also sell through a channel network. We’re deeply integrated and partnered with the EMM’s. That’s the ecosystem we play in, but we do still have to fight the good fight and win customers one at a time or through our partner relationships.