Where’s Your Shadow Data? Data Security Posture Management (DSPM) with Polar Security
Blog Series | Part 6 | Value Creation Founders’ Series
You’ve probably heard the term Shadow IT or the software and applications that are being deployed by departments other than the central IT department itself. However, shadow IT is not the only thing hiding in the darkness of your organization. Insert Shadow Data, in other words all the sensitive data that is created by developers or as a by-product of your cloud workload apps without a place to call home. If left unsecured, shadow data can pose serious problems for a business.
Why? Shadow Data encompasses both existing data and all the sensitive data stored in cloud workloads (AWS, Aziure, GCP) such as Personal Identifiable Information, credit cards, medical information and more. If not properly managed, both security and compliance issues can arise. Which is why we invested in Polar Security, a cloud native security and compliance platform. Polar is an agentless and automatic approach to discover and protect sensitive data stores and data flows across an organization’s entire cloud infrastructure.
“The move to the cloud is already obvious. With it, a handful of great cloud security tools have emerged.” said Kobi Samboursky, Founding and Managing Partner at Glilot Capital Partners. “Such tools provide a wide range of security services protecting your various software components on the cloud, however, most existing tools miss the one piece that is truly important – the data. Protecting your software and your cloud infrastructure is very important, but what about the data itself? Polar puts data in the center. Allowing first to learn where your data is (if you thought this is trivial, think again..), and specifically where the sensitive data is. Second, it maps where data can go and who can and does access them. Third, it allows you to protect the data. The great thing about Polar is the ability to do all that with zero hassle to the engineering team to provide immediate, effortless benefit.”
Guy Shanny, Co-Founder at Polar Security shared how Polar helps Security and Compliance teams restore visibility and control over their cloud data. We talked about his entrepreneurial background, starting at just age 14, to how he fine-tuned Polar’s product offering based on feedback from CISOs from Glilot’s network of advisors.
Let’s jump in!
How are organizations managing their data today?
Data creation has become chaotic. Data is no longer centralized in a single database or storage, but scattered throughout the cloud infrastructure (AWS, Azure and GCP), regions, VPCs and services. Data stores are constantly created by developers or as a by-product of their cloud workload apps. This includes managed, unmanaged, and unknown “shadow data” that no one knows or monitors.
Currently, organizations manage the data manually. Security, compliance and data governance teams are constantly interviewing developers to map where their data stores are located, what sensitive data is inside and where the data can go, etc.They are in charge of ensuring that data is secured and is in compliance with the regulations. Now the question is, how can you secure the data and at the same time make sure it doesn’t violate any compliance regulations? If you aren’t aware of the data’s existence, where the sensitive data sits, how to access it and where it is going, how can you enforce any security or compliance boundaries for the data?
You saw a gap in data security, where does Polar come in and how are you solving this problem?
We automate data security and compliance. Our Data Security Posture Management (DSPM) platform is taking four steps : Discovery, Classification, Data Flows Mapping and Prevention of data vulnerabilities and compliance violations. The platform scans the customer’s workload, fingerprints all data stores – managed, unmanaged and shadow, and classifies the data inside to understand its type (PIIs, PCI, HIPAA etc.). Discovery and classification are not enough – data is constantly moved between cloud accounts, regions, VPCs, workload apps etc. So even if you know where your data is today, you may not tomorrow. Our platform solves this by mapping the potential and actual data flows of each data store. With that complete visibility, our platform prevents data vulnerabilities that could lead to data leaks or ransomwares and compliance violations.
Let’s take a step back, tell me a little bit about yourself and Polar’s founding story.
Absolutely. My journey started at age 14 when I founded my first company in the web vulnerability and web hosting space. I had over 50 paying customers and went on to sell it about 4 years later. After that I was recruited to the Cyber Division of the Israeli Prime Minister’s Office where I held various R&D positions: vulnerability researcher, team leader and led the org’s strategic researches. It was at the PM’s office where I met my co-founder Roey Yaacovi. We both decided to leave our jobs, Roey at Checkpoint and me at the PM’s office, and start what’s now Polar Security..
We began interviewing CISOs to understand their biggest pain points and after over 60 conversations, we decided to focus on the data security space. We understood from those conversations what “kept them up at night,” built our proof of concept and hit the ground running.
Tell me about your experience working with Glilot’s Value Creation Team to Accelerate Product-Market Fit.
The process has been super helpful and from our conversations with Glilot’s Advisory Board we’ve adjusted our offering and fine tuned our entire idea and messaging. From day one, we’ve built exploration questions with the Value Creation team and together we’ve selected relevant CISOs that have helped us build a product that is best fit for the market.
Initially, we were focused just on the Active Data Protection space and we built the platform to focus on sophisticated attacks. But in our conversations with Glilot’s Advisory Board, we quickly understood that most CISOs are not even aware of where his/her data is located. So before we could help protect against those sophisticated attacks, we needed to show where the data is (visibility) and where the data is going (mapping). It was from these calls that we understood how companies are managing their data stores and that helped us understand the main pitfalls and problems encountered. The outcome? An offering tailored to the end-users to solve problems they encounter on a daily basis.
What is some feedback you are getting from CISOs?
Many of the CISOs love the inventory phase because after installing Polar, we’ve been able to help them find legacy data stores that were floating in their environment that they weren’t aware of – so building a continuous data inventory is really a game changer. Having a one-stop shop where they can see where the data can potentially flow to and where it is actually flowing, who accesses it and enforces it and what security and compliance boundaries remain are many of the main benefits that our customers are feedbacking to us.
You’ve officially launched, congrats! What’s next?
We are looking forward to making 2022 the year of growth for Polar Security. We have great customers with us and are looking forward to scaling our go-to-market efforts. Moreover, we will continue to optimize our technology capabilities, so that our customers can benefit from more types of data stores, more cloud vendors, and autonomous data vulnerabilities mitigation.
Thank you to Guy for the insights on Data Security Posture Management and the ins and outs of Shadow Data. We are looking forward to seeing Polar’s continued growth. It has been awesome to be a part of their product-market fit acceleration journey and we look forward to continuing to support them in their go-to-market, successful scale, and beyond. Protecting data across organizations’ entire cloud infrastructure has never been more important or more possible with Polar!