Subscribe to the Liminal Newsletter
Stay updated with the latest news, data and insights from Liminal
825 Third Avenue, Suite 1700, New York, NY 10022
Copyright © 2023 Liminal Strategy Partners, LLC. All rights reserved
Despite growing cybersecurity vulnerabilities, the enterprise shift from on-prem to multi-cloud IT infrastructure has been fantastic for scale and flexibility. Valtix co-founder & CEO Vishal Jain joins host Cameron D’Ambrosi to discuss the current cloud security landscape and why a unified platform approach is critical for identifying and mitigating cyber threats.
Cameron D'Ambrosi, Senior Principal at Liminal
Vishal Jain, Co-founder & CEO
Cameron D’Ambrosi [00:00:17] Welcome everyone to State of Identity. I’m your host, Cameron Ambrosi. Joining me this week is Vishal Jain, CEO and co-founder of Valtix. Vishal, thank you so much for joining us.
Vishal Jain [00:00:28] Thank you so much, Cameron, for having me.
Cameron D’Ambrosi [00:00:30] Before we get into what you built at Valtix and your perspectives on the digital identity and cybersecurity market, I’d like to ask about your background and how you got into cybersecurity. Walk us through your journey leading up to co-founding Valtix.
Vishal Jain [00:00:58] My background has been in cloud networking and security for almost 20 years. In my previous startup, I was focused on security, but that was mainly into the center. About five years ago, I saw that none of these enterprises were in the cloud journey and all of them were putting their workloads in the cloud. There was the initial euphoria that the cloud would take care of everything, but over time we started seeing that cloud has some aspects of security covered by the cloud provider, but the sheer security model still prevails. So we saw a big gap in the market. We saw that many enterprises are bringing their on-prem security solutions built for the data center to the cloud. That’s where we formed Valtix. The three co-founders have worked together in the past for 20 years in networking and cloud security.
Cameron D’Ambrosi [00:03:14] Let’s jump into Valtix at a high level. You’ve already articulated the core value proposition of what you built, which is we are no longer in an era where your assets, as any organization can be presumed to be sitting in a neat little box that’s in a cabinet somewhere with a locked door, with a single point of ingress and egress. You’re splitting things over multiple clouds. And the result is a bunch of sprawling APIs and users and permissions and layers of settings. You know, is it safe to say that your mandate is really helping organizations navigate this new world we’re entering where the perimeter, as it were, of your IT assets is effectively not unlimited, but large enough that the existing tools were just not sufficient to give you the coverage that you need?
Vishal Jain [00:04:30] Yes, that’s absolutely the point. Enterprises move to the cloud because developers were on the show and they will choose whatever cloud they feel comfortable with. And you will see enterprises having multiple account sprawl, multiple clouds. But net net is that enterprises still want that dynamism, agility. So the choices they faced were to make everything known like your data center and bring your on-prem solutions to the cloud or to maintain that identity but forgo the security. So that’s where we saw the gap. How can you be agile and secure at the same time? That’s what we call “secure cloud networking,” ensuring that all these workloads sitting across everywhere connect to each other. And then how do you get the right security for that, to get the right security posture? And that’s pretty much what we are Valtix, what we call is combining the networking and security in the multi-cloud world to give enterprises the right tools to move fast, to be agile, but to be secure at the same time.
Cameron D’Ambrosi [00:06:55] Where would you say the intersectionality with identity sits within your stack? You know, from an outsider’s perspective, it seems that in this post-perimeter world, identity is kind of really the only thing you have to fall back on when you’re understanding who is initiating a session, who is connecting to these platforms, who’s trying to exfiltrate data, what users are accessing at, what permissions should they have? How do you think about identity and its intersectionality with what you’ve built and the role that you think identity has to play in this cybersecurity space moving forward?
Vishal Jain [00:07:38] Identity is always important, was important even in the old data center. The main thing was in the old world when things were static, you could use an IP address off of a workload, IP address of a user as an entity, but in the cloud that is not possible. So you need to use the identity of the workload. And that’s what we said: you need to have a right mapping. That’s why what we built as an architecture you built like a giant for. Searching the cloud oversees everything. Think about your enterprise’s account, your workload, your clouds, and then map those identity and context of those applications to the right constructs and the infrastructure. Because in the end, all the enforcement all goes. Visibility happens at the layer of infrastructure which you call network. However, they do map it, do identity of the workloads. Everything in the cloud has to be done in the service of workload and their identity. So identity becomes super important in the cloud.
Cameron D’Ambrosi [00:09:12] And where have we seen the future already manifest in terms of how organizations are thinking about their cloud posture? You know, it seems as if no one is going to be left with a single cloud environment just because of the realities of running the modern business. You know, obviously, I’m asking someone who built a security platform focused on multi-cloud security. So maybe the answer is in the question itself. But, you know, I take it that you think multi-cloud really is where most organizations are headed and they’re going to have that need for something that can sit on top of all these disparate platforms?
Vishal Jain [00:09:57] Definitely. There are a few factors driving multi-cloud. First, organizations have customers running on AWS, Azure, or GCP, so they are multi-cloud by definition. Second, organizations acquire companies that are in different clouds. Third, organizations are going to be hybrid, with workloads in the on-prem. So in that world, you have to secure all the workloads running across. You have an application in cloud one, talking to application cloud to back and forth. So that’s where enterprises are looking at multi-cloud solutions.
Cameron D’Ambrosi [00:13:56] So circling back to identity, how and if necessary does your platform interface with the identities that are within an organization and the resulting permissions that are flowing down from them? Are you guys building that out yourself or are you taking a more developer-centric and integration-centric approach to bring identities from across the enterprise into the stack with regard to how they’re interfacing with the overall security posture?
Vishal Jain [00:17:28] We like all the cloud providers and the developers. The organizations are moving towards that. You define finer-grained policies and say, okay, the prod workload can only talk to like D3. You define the workload entity, you define what we call as the database entity. All those things come in and then you define your security policies and then enforce those based on those. And that helps to define better policies, has defined automation.
Cameron D’Ambrosi [00:19:35] What do you see next for the space, for whether it’s cloud security or whether it’s cybersecurity in general? What’s on the top of your mind?
Vishal Jain [00:21:46] Too many silos, too many products. We need to get together and build some standards around how the enterprises can actually work under a common standard. The other option is that a few large organizations can provide all the services as long as they have the right intentions. So that’s where they can bring all these pieces together and give their customers best-in-class security with a single platform. By single platform, I mean that you need to be able to map identity, your visibility, your cyberthreats, all that into a single place, and then help the organization. We have to come a long way, especially as we are going towards the cloud. We see the cloud investments. We see what happened a lot, which is good. That’s where all the innovation happened. And now things have to come together for the enterprises to put their head around it. Otherwise, they will have just too many siloed products.
Cameron D’Ambrosi [00:21:46] I think that’s a fantastic point and something that I agree with. What’s an elegant way of phrasing this, right? If you had told somebody 15 or 20 years ago, from a development perspective, about all of these amazing plug-and-play and modular tools they’d have access to, they would be ecstatic. The time to market that you can achieve with this modern as-a-service ecosystem that we’ve created is fantastic. But, to your point, it’s very easy to get ahead of yourself and go down a path that leads to building silos. This can make it really difficult to find a path forward that can continue to meet both our business and risk objectives at the same time.
Vishal Jain [00:22:35] Yeah, totally. And that’s where I think we are in this journey. So it’s good that there was no investment in cloud security space, cloud in general, and that led to innovation. Otherwise, there wouldn’t be any innovation. Now, all that innovation has to come together and then businesses and enterprises have to get the benefit of innovation. That’s why you innovate and then you consolidate. I think we are going to see that phase. Given all of the economic conditions we are seeing right now, that is also a big driving factor for organizations to help in consolidation. Especially if you look at multicloud, you don’t want to have three teams for three clouds or three tools for every cloud. That leads to more cost and less security. So, for example, our customers are asking for standardization and a consistent way to have security, policy, and then it around those clouds across those workloads. We did a multicloud survey and 95% of the folks mentioned that they want consistency.
Cameron D’Ambrosi [00:23:51] I love it. Well, to bring it home, an opportunity for what I call the shameless plug for folks who are listening, who are getting excited about Valtrex or maybe on the flip side, not so excited about their multicloud cybersecurity posture. What’s the best place for them to go to learn more about the platform? Or maybe more importantly, if they’re interested in reaching out to you or your team, what is the best conduit for them to do so?
Vishal Jain [00:24:17] The best place is always on our website, Valtix.com. You can see a lot of collateral. The way we have put the content is not just about politics. The idea is for cloud architects and folks to learn about cloud and creative cloud. So, you will find all of the content there. If you want to see how the product works, we have our tool on the website, which is seamlessly being integrated. We also have a free trial, so you can try the product out and get a feel. I would say it should be a good experience. Not just about what you will be familiar with the constructs of the cloud, but if you are working in the cloud security network security space, you will learn something new.
Cameron D’Ambrosi [00:25:35] Fantastic. Thank you so much for your time. This was an illuminating conversation, truly. You know, this is an area in which I know enough to be dangerous, but certainly not enough to go toe to toe with experts such as yourself. So, I greatly appreciate the time. And I’m sure our audience found this illuminating as well.
Vishal Jain [00:25:52] No, thank you, Cameron. It was great chatting with you. And I look forward to another round of competition with you.
Cameron D’Ambrosi [00:26:00] Thanks.
Onfido CEO Mike Tuchen shares his insights on the digital identity space, and the challenges businesses and consumers face. Tuchen discusses the need for a privacy-first approach, the growing demand for reusable digital identities, and the shift towards user control of personal information.
Secfense Chief Technology Officer, Marcin Szary, joins host Cameron D’Ambrosi to explore the current authentication landscape. They discuss why FIDO Alliance has been a truly transformative moment for the death of the password, how Secfense sets itself apart in a crowded and competitive landscape, and Marcin’s predictions for the future.
Measuring the reach of digital advertising and smartphone app performance is a difficult task made more challenging by tightening data privacy regulations. Edik Mitelman, SVP & GM of Privacy Cloud at AppsFlyer joins host Cameron D’Ambrosi to discuss the current state of the consumer data landscape, how platforms must balance first- and third-party data usage, and why the death of cookies is a tremendous opportunity.
John Bambenek, Principal Threat Hunter at Netenrich, joins host Cameron D’Ambrosi for a deep dive into the current trends across the cybersecurity landscape, from ChatGPT and deepfake offensive threats to leveraging data analytics across your XDR, SIEM and SOAR technology stacks for improved defenses.
Vyacheslav Zholudev, Chief Technology Officer of Sumsub, discusses the current state of the identity verification market with podcast host Cameron D’Ambrosi. They explore the factors driving platforms to move beyond basic identity verification and into other aspects of the digital identity lifecycle. They also discuss the challenges of implementing artificial intelligence in regulated use cases such as anti-money laundering (AML) transaction monitoring.
Host Cameron D’Ambrosi is joined by guest Marcus Bartram, General Partner and founding team member at Telstra Ventures, to dive into his company’s digital identity investment thesis, its transition from corporate VC to an independent fund, Strata Identity’s right to win, and the expanding role of identity in the cybersecurity landscape.
Stay updated with the latest news, data and insights from Liminal