Despite growing cybersecurity vulnerabilities, the enterprise shift from on-prem to multi-cloud IT infrastructure has been fantastic for scale and flexibility. Valtix co-founder & CEO Vishal Jain joins host Cameron D’Ambrosi to discuss the current cloud security landscape and why a unified platform approach is critical for identifying and mitigating cyber threats.
Cameron D'Ambrosi, Senior Principal at Liminal
Vishal Jain, Co-founder & CEO
Cameron D’Ambrosi [00:00:17] Welcome everyone to State of Identity. I’m your host, Cameron Ambrosi. Joining me this week is Vishal Jain, CEO and co-founder of Valtix. Vishal, thank you so much for joining us.
Vishal Jain [00:00:28] Thank you so much, Cameron, for having me.
Cameron D’Ambrosi [00:00:30] Before we get into what you built at Valtix and your perspectives on the digital identity and cybersecurity market, I’d like to ask about your background and how you got into cybersecurity. Walk us through your journey leading up to co-founding Valtix.
Vishal Jain [00:00:58] My background has been in cloud networking and security for almost 20 years. In my previous startup, I was focused on security, but that was mainly into the center. About five years ago, I saw that none of these enterprises were in the cloud journey and all of them were putting their workloads in the cloud. There was the initial euphoria that the cloud would take care of everything, but over time we started seeing that cloud has some aspects of security covered by the cloud provider, but the sheer security model still prevails. So we saw a big gap in the market. We saw that many enterprises are bringing their on-prem security solutions built for the data center to the cloud. That’s where we formed Valtix. The three co-founders have worked together in the past for 20 years in networking and cloud security.
Cameron D’Ambrosi [00:03:14] Let’s jump into Valtix at a high level. You’ve already articulated the core value proposition of what you built, which is we are no longer in an era where your assets, as any organization can be presumed to be sitting in a neat little box that’s in a cabinet somewhere with a locked door, with a single point of ingress and egress. You’re splitting things over multiple clouds. And the result is a bunch of sprawling APIs and users and permissions and layers of settings. You know, is it safe to say that your mandate is really helping organizations navigate this new world we’re entering where the perimeter, as it were, of your IT assets is effectively not unlimited, but large enough that the existing tools were just not sufficient to give you the coverage that you need?
Vishal Jain [00:04:30] Yes, that’s absolutely the point. Enterprises move to the cloud because developers were on the show and they will choose whatever cloud they feel comfortable with. And you will see enterprises having multiple account sprawl, multiple clouds. But net net is that enterprises still want that dynamism, agility. So the choices they faced were to make everything known like your data center and bring your on-prem solutions to the cloud or to maintain that identity but forgo the security. So that’s where we saw the gap. How can you be agile and secure at the same time? That’s what we call “secure cloud networking,” ensuring that all these workloads sitting across everywhere connect to each other. And then how do you get the right security for that, to get the right security posture? And that’s pretty much what we are Valtix, what we call is combining the networking and security in the multi-cloud world to give enterprises the right tools to move fast, to be agile, but to be secure at the same time.
Cameron D’Ambrosi [00:06:55] Where would you say the intersectionality with identity sits within your stack? You know, from an outsider’s perspective, it seems that in this post-perimeter world, identity is kind of really the only thing you have to fall back on when you’re understanding who is initiating a session, who is connecting to these platforms, who’s trying to exfiltrate data, what users are accessing at, what permissions should they have? How do you think about identity and its intersectionality with what you’ve built and the role that you think identity has to play in this cybersecurity space moving forward?
Vishal Jain [00:07:38] Identity is always important, was important even in the old data center. The main thing was in the old world when things were static, you could use an IP address off of a workload, IP address of a user as an entity, but in the cloud that is not possible. So you need to use the identity of the workload. And that’s what we said: you need to have a right mapping. That’s why what we built as an architecture you built like a giant for. Searching the cloud oversees everything. Think about your enterprise’s account, your workload, your clouds, and then map those identity and context of those applications to the right constructs and the infrastructure. Because in the end, all the enforcement all goes. Visibility happens at the layer of infrastructure which you call network. However, they do map it, do identity of the workloads. Everything in the cloud has to be done in the service of workload and their identity. So identity becomes super important in the cloud.
Cameron D’Ambrosi [00:09:12] And where have we seen the future already manifest in terms of how organizations are thinking about their cloud posture? You know, it seems as if no one is going to be left with a single cloud environment just because of the realities of running the modern business. You know, obviously, I’m asking someone who built a security platform focused on multi-cloud security. So maybe the answer is in the question itself. But, you know, I take it that you think multi-cloud really is where most organizations are headed and they’re going to have that need for something that can sit on top of all these disparate platforms?
Vishal Jain [00:09:57] Definitely. There are a few factors driving multi-cloud. First, organizations have customers running on AWS, Azure, or GCP, so they are multi-cloud by definition. Second, organizations acquire companies that are in different clouds. Third, organizations are going to be hybrid, with workloads in the on-prem. So in that world, you have to secure all the workloads running across. You have an application in cloud one, talking to application cloud to back and forth. So that’s where enterprises are looking at multi-cloud solutions.
Cameron D’Ambrosi [00:13:56] So circling back to identity, how and if necessary does your platform interface with the identities that are within an organization and the resulting permissions that are flowing down from them? Are you guys building that out yourself or are you taking a more developer-centric and integration-centric approach to bring identities from across the enterprise into the stack with regard to how they’re interfacing with the overall security posture?
Vishal Jain [00:17:28] We like all the cloud providers and the developers. The organizations are moving towards that. You define finer-grained policies and say, okay, the prod workload can only talk to like D3. You define the workload entity, you define what we call as the database entity. All those things come in and then you define your security policies and then enforce those based on those. And that helps to define better policies, has defined automation.
Cameron D’Ambrosi [00:19:35] What do you see next for the space, for whether it’s cloud security or whether it’s cybersecurity in general? What’s on the top of your mind?
Vishal Jain [00:21:46] Too many silos, too many products. We need to get together and build some standards around how the enterprises can actually work under a common standard. The other option is that a few large organizations can provide all the services as long as they have the right intentions. So that’s where they can bring all these pieces together and give their customers best-in-class security with a single platform. By single platform, I mean that you need to be able to map identity, your visibility, your cyberthreats, all that into a single place, and then help the organization. We have to come a long way, especially as we are going towards the cloud. We see the cloud investments. We see what happened a lot, which is good. That’s where all the innovation happened. And now things have to come together for the enterprises to put their head around it. Otherwise, they will have just too many siloed products.
Cameron D’Ambrosi [00:21:46] I think that’s a fantastic point and something that I agree with. What’s an elegant way of phrasing this, right? If you had told somebody 15 or 20 years ago, from a development perspective, about all of these amazing plug-and-play and modular tools they’d have access to, they would be ecstatic. The time to market that you can achieve with this modern as-a-service ecosystem that we’ve created is fantastic. But, to your point, it’s very easy to get ahead of yourself and go down a path that leads to building silos. This can make it really difficult to find a path forward that can continue to meet both our business and risk objectives at the same time.
Vishal Jain [00:22:35] Yeah, totally. And that’s where I think we are in this journey. So it’s good that there was no investment in cloud security space, cloud in general, and that led to innovation. Otherwise, there wouldn’t be any innovation. Now, all that innovation has to come together and then businesses and enterprises have to get the benefit of innovation. That’s why you innovate and then you consolidate. I think we are going to see that phase. Given all of the economic conditions we are seeing right now, that is also a big driving factor for organizations to help in consolidation. Especially if you look at multicloud, you don’t want to have three teams for three clouds or three tools for every cloud. That leads to more cost and less security. So, for example, our customers are asking for standardization and a consistent way to have security, policy, and then it around those clouds across those workloads. We did a multicloud survey and 95% of the folks mentioned that they want consistency.
Cameron D’Ambrosi [00:23:51] I love it. Well, to bring it home, an opportunity for what I call the shameless plug for folks who are listening, who are getting excited about Valtrex or maybe on the flip side, not so excited about their multicloud cybersecurity posture. What’s the best place for them to go to learn more about the platform? Or maybe more importantly, if they’re interested in reaching out to you or your team, what is the best conduit for them to do so?
Vishal Jain [00:24:17] The best place is always on our website, Valtix.com. You can see a lot of collateral. The way we have put the content is not just about politics. The idea is for cloud architects and folks to learn about cloud and creative cloud. So, you will find all of the content there. If you want to see how the product works, we have our tool on the website, which is seamlessly being integrated. We also have a free trial, so you can try the product out and get a feel. I would say it should be a good experience. Not just about what you will be familiar with the constructs of the cloud, but if you are working in the cloud security network security space, you will learn something new.
Cameron D’Ambrosi [00:25:35] Fantastic. Thank you so much for your time. This was an illuminating conversation, truly. You know, this is an area in which I know enough to be dangerous, but certainly not enough to go toe to toe with experts such as yourself. So, I greatly appreciate the time. And I’m sure our audience found this illuminating as well.
Vishal Jain [00:25:52] No, thank you, Cameron. It was great chatting with you. And I look forward to another round of competition with you.
Cameron D’Ambrosi [00:26:00] Thanks.
In the latest State of Identity podcast, hosted by Cameron D’Ambrosi, we’re joined by Laura Spiekerman, co-founder and president of Alloy, a global identity risk solution for financial services and a Liminal 2023 Company to Watch. We’ll discuss its pioneering role in the orchestration-centric approach to Digital Identity in Fintech. Spiekerman delves into the challenges Alloy addresses in the fintech space, where compliance and fraud often hinder innovation. Join us to explore the evolving landscape of digital identity in Fintech, trends in fraud prevention, and the critical intersection of customer experience and security.
In the latest episode of the State of Identity podcast series, we delve into the ever-evolving world of customer identity and access management (CIAM). Join host Cameron D’Ambrosi from Liminal as he sits down with Brian Pontarelli, the founder and CEO of FusionAuth, to explore the exciting developments and challenges in the realm of passwordless authentication, user data management, and the quest for seamless transitions in the digital landscape. Bryan shares his expertise and unique perspective, shedding light on the fascinating journey of FusionAuth and its pivotal role in this dynamic landscape. Tune in for a thought-provoking discussion that promises to expand your understanding of CIAM and its critical role in the modern enterprise.
Tune in to the latest episode of the State of Identity podcast series, where Data Security expert Shane Curran, Founder and CEO of Evervault, dives deep with host Cameron D’Ambrosi into the intricacies of data security. Discover why basic encryption methods aren’t enough, understand innovative data security strategies that ensure functionality, learn how encryption safeguards AI model training without compromising customer data, and grasp the significance of prioritizing current cybersecurity threats over quantum computing concerns.
In the latest episode of the State of Identity podcast, host Cameron D’Ambrosi is joined by Gadalia Montoya Weinberg O’Bryan, an ex-NSA crypto mathematician and the Founder and CEO of Dapple Security. Learn about Gadalia’s remarkable journey from the National Security Agency to the forefront of identity-focused cybersecurity. Learn about the limitations of current passwordless approaches, particularly in scenarios involving lost or stolen devices, and delve into the crucial distinction between authenticating the user behind the device rather than the device itself. Gadalia introduces Dapple Security’s unique solution, which involves generating an on-demand passkey using a user’s fingerprint—emphasizing the company’s commitment to user privacy by avoiding the storage of biometrics on the device or in the cloud—and how this approach is a key element in enhancing overall security posture.
In this episode of the State of Identity podcast, host Cameron D’Ambrosi talks with Eric Olden, the co-founder and CEO of Strata Identity. Join us as they discuss the challenges faced by today’s multi-vendor/multi-cloud enterprise technology landscape and how forward-looking executives view identity as an opportunity, not a cost center. They also delve into the importance of moving towards passwordless authentication and the role of identity orchestration in addressing these challenges.
In this episode of the State of Identity podcast, Liminal host Cameron D’Ambrosi and Justin McCarthy, the co-founder and CTO of StrongDM explore the dynamic landscape of digital identity and access management, addressing the challenges and trends that shape the industry. They talk about what it means to move towards a “credential-less” world and discuss the complexities of authentication, authorization, and the role of proxies in bridging old and new technologies. McCarthy highlights the imperative for convergence among various tools, including the essential role of AI, providing a unified approach to access control, governance, and policy enforcement.