April 3, 2019 | Investment Themes

Securing Cloud Suites with AppOmni

John Cowgill

Written by

John Cowgill

Image for post
Define security rules for data access with AppOmni & apply role-based access control (RBAC) policies consistently across clouds, business units, environments, & applications.

Product market fit is a common point of discussion in early stage investing. And for good reason — finding an important problem in a big market and building the right solution to that problem is undoubtedly essential to success.

But equally important to us at Costanoa is founder — market fit. We often ask, particularly in nascent markets — does this founding team have the right set of skills, experience, and network to succeed?

We’re thrilled to be announcing our investment today in AppOmni, which we think is a particularly strong case of founder-market fit. Founded by former Salesforce CISO and ServiceNow CTO Brendan O’Connor and Director of Product Security at Salesforce and Taulia Brian Soby, AppOmni solves the fundamental challenge Brendan and Brian witnessed firsthand at Salesforce and ServiceNow — protecting against cloud data leaks and empowering customers to securely manage and monitor the data inside mission-critical SaaS applications.

Securing SaaS?

For a long time, security leaders spent most of their time securing siloed, proprietary IT applications hosted in on-premise systems. But modern enterprises run their business in the cloud, and the enterprise IT landscape has shifted to match this reality.

IT functions like CRM, Payroll and Hiring, Service Management, and Storage have all moved into powerful cloud-based SaaS suite like Salesforce, Workday, ServiceNow, G-Suite, and Box. These platforms now the host critical business and user data that used to live in on-premise systems.

Unfortunately, the security tooling available to the CISO and CIO to monitor and secure the suites themselves has not kept up.

After leaving ServiceNow and Taulia, Brendan and Brian began working with major F500 organizations as expert consultants on SaaS security and quickly found that the average business routinely leaves private data — such as social security numbers, financial transactions, passport scans, and invoices — accidentally exposed to the public internet without authorization because they don’t realize their cloud application configuration exposes data. Furthermore, their clients were consistently amazed to learn all the sensitive data that lived in their SaaS platforms and all of the users that had access to it.

As this problem presented itself again and again across clients, Brendan and Brian resolved to build a platform to solve the underlying challenges of securing cloud suites.

Cloud suites present a new set of challenges for security leaders.

Cloud platforms create the following unique security challenges:

  • Increased access means sensitive data is much more available to users, creating a need to tightly manage who has access to what data across each system. Salespeople need access to pipeline and contract data, but they don’t need access to payroll or company financial data. Unfortunately, this data often all lives in the same system, with a single credential and broad access rights granted to all users.
  • Role-based access controls need to be created across platforms. Managing these controls across multiple cloud suites is extremely challenging. Each platform has its own data taxonomy and limited tooling to implement fine-grained access rights. As a result, most enterprises simply don’t monitor who has access to what or control access to what is necessary. Permission creep in SaaS platforms is the norm, exacerbating the risks of data leakage and compromised credentials.
  • Misconfigured cloud suites expose data: Cloud suites may be secure by default, but companies inevitably require configuration and integration unique to their needs. Inadvertent or improper configuration can open up new security holes.

Introducing the AppOmni Cloud Suite Platform, built by the experts

AppOmni addresses these challenges with a single control plane for security and IT leaders. Their platform identifies configuration issues out of the box, and then enables IT leaders to implement consistent access policies by role across cloud platforms. Once these policies are in place, AppOmni provides security and IT teams with real time alerts for data exposures, policy violations, and unauthorized access attempts.

The SaaS suites that dominate the modern IT landscape are notoriously complex, and building a platform to secure them requires deep understanding of how they work. Brendan and Brian have lived the challenges of SaaS security firsthand for over a decade inside some of the largest SaaS platforms in the market, and as a result they know the answers to the questions most enterprises are only starting to ask.

We’re excited to be working with AppOmni to build the first security company laser focused on solving the emergent challenges of securing cloud suites.


Our Perspectives