Two of the biggest trends in corporate IT today are BYOD—the “bring your own device” preference of employees who want to use their own phones and tablets at work—and software delivered as a service (SaaS). But those two trends are creating a huge security headache for companies. And no one, to date, has been able to cure it.
The crux of the problem: In the old days, when everyone was using company-issued devices and on-premise software, security could be controlled at the network perimeter. No one was sharing files via Box/Dropbox, taking confidential notes in Evernote or accessing enterprise data from their iPhone.
Now, with sensitive corporate data flying around in the cloud accessed by personal smart-phones and tablets, there is no company-controlled security perimeter. The entire framework for corporate security has changed, and most companies are scrambling for solutions.
Many security vendors are trying to solve this problem and they are attacking it from a few different angles. Some are focused on “Shadow IT”, or ferreting out and tracking which cloud services employees are using without IT permission. It is not uncommon for CIOs/CISOs to discover that there are literally dozens (if not hundreds) of unsanctioned cloud services being used by employees. Another group of vendors has built policy-management platforms that provide a layer of control to the ‘known’ cloud services (e.g., you can’t use DropBox, only certain employees can use Salesforce, etc.). A final group is trying to improve security by encrypting data residing on cloud service providers like Salesforce or Workday.
All of these solutions are necessary but not sufficient. At the core, they miss the fundamental issue that playing whack-a-mole with a constantly increasing (and evolving) set of cloud services–coupled with a wide range of unsanctioned end-user devices–is akin to counting the stars in the sky. It is an intractable problem that requires a new paradigm to attack.
That’s why we’ve made a new investment in Veradocs*, a security company tackling data security in a whole new way. Instead of trying to protect the perimeter, the company assumes the perimeter is porous, that files and data will leak, and networks will get hacked. If you operate from that vantage point, what you really care about is securing the data – not the perimeter. And that is what Veradocs has accomplished in a very elegant manner.
Veradocs’ technology is focused on tracking specific pieces of data wherever they go, to and from specific users. And if a file gets into the wrong hands, the technology contains a sort of “kill switch” that enables the data to self-destruct, sort of like an embarrassing Snapchat message (but one with much bigger consequences!).
Imagine this scenario inside a company: Susan, a sales manager, emails her colleague Jay a file containing the company’s latest sales forecast. Jay downloads the file, saves it to his Dropbox folder and then shares it with Kumar in accounting. Kumar is now free to do whatever he wants with the file and data. What protection is there for Susan, and the original sales forecast, using today’s technology? Nothing. That’s the problem Veradocs seeks to address by focusing on security for actual corporate data, and not security perimeters.
I’ve known and respected the team at Veradocs for a long time—I worked with the CEO Ajay Arora more than 15 years ago at a company I co-founded called Corio. Veradocs’ product is still in beta, but is already getting some press attention in well-known publications, like the Wall Street Journal, and some early pickup in industries including finance, media and technology. I look forward to seeing more progress from the team and seeing what they can deliver in this emerging, and very important, market.
*For a full list of all Battery investments and exits, please click here.