Sramana Mitra: Are you selling directly to enterprise CIO’s or are you an OEM into a Cisco, for instance? How do you go to market?
Ethan Schmertzler: We, almost always, go directly to CIO’s and CTO’s of large institutions because they’re trying to make users’ lives easier and more efficient, but they confront the security concerns of these open networks. We often get integrated directly with the institution.
Our network team does the work to create a cohesive and simple way to get into the network. In some markets, we’re expanding overseas. For example, we’re starting to take on customers in Japan, Korea, and South Africa. We’re looking at France and England next.
In those markets where we may not be able to have a full-time staff and offer the level of support that we’d want, we’ve been partnering with local system integrators that have the experience and the relationships that we’d want to leverage.
Sramana Mitra: Double-click down a little bit on the architecture of your system. When you go into a network, where exactly are you going in? How do you integrate with existing equipment?
Ethan Schmertzler: We need to have software technology or hardware that bridges the DMZ. We need to wrap the DMZ in some way and have components in the interior to be able to network into the local IP space.
For example, we are a utility and I have a third-party that I want to be able to grant access to my industrial control system inside of my facility. Traditionally, I would have to grant them VPN access to this network. What we do is create a hardware link that creates an uplink into the public internet.
The entry point to that is what’s constantly changing. That’s what we’ve been networking to our software-defined wide area network, which is deployed across seven major public cloud providers.
Sramana Mitra: Who are your key customers? What are you learning in those customer use cases?
Ethan Schmertzler: Our primary customers are utilities or anyone with large industrial systems or highly sensitive datasets inside their environment.
Our customers are in finance, utilities, and government. What we’re learning is, there’s always a duality between the OT teams and the IT teams where OT needs to have constant uptime and be able to have an operator make a connection and access a water plant at two in the morning.
The IT team also has a more traditional security concern about granting access. How do you do third-party risk assessments? Bridging those two parties is something that we’re spending a lot of time. Because
not only do we want to make sure that everyone is comfortable with adopting new technologies but you also improve the security risk profile.