Veza | July 20, 2022
Veza, the data security platform built on the power of authorization, announces today that the company has entered a partnership with Google Cloud, including product integration that enables Google Cloud customers to harness the capabilities of Veza’s data security platform across their multi-cloud ecosystem.
Veza, which recently launched in April 2022 after two years of building in stealth, makes it easy to understand, manage, and control who can and should take what action on what data. With this new integration, Google Cloud customers can now directly access the capabilities of Veza’s authorization-based data security platform integrated with Google Cloud Policy Analyzer to identify, manage, and control external identities and service accounts to Google Cloud services (Looker, BigQuery, and more). This partnership furthers the relationship between Google and Veza, which began in 2021 when GV led the Series B investment in Veza and GV Partner Karim Faris joined Veza Board of Directors.
“The cloud is quickly becoming the primary footprint for organizations. By prioritizing and investing in security, Google Cloud has earned a differentiated position in the market,” said Tarun Thakur, Co-founder and CEO, Veza. “The initial product integration between Veza and Google Cloud, publicly demonstrated at the Google Cloud Security Summit in May this year, is a powerful example of how intelligence from Veza’s Authorization Graph can bolster the data security of Google Cloud customers. It shows how identity-to-data relationship insights from the Veza platform can be pulled directly into the Google Cloud Policy Analyzer, allowing customers to secure both Google Cloud data (Looker, BigQuery, Google Storage Buckets, etc.) to which multi-cloud identities (AD, Azure AD, Okta, etc.) have permissions and multi-cloud data (AWS, Snowflake, etc.) that is being accessed by Google Cloud identities.”
“Securing cloud environments and data from cybercrime and threats is a key priority of organizations across the globe. “With Veza’s platform now available alongside Google Cloud’s secure and global infrastructure, customers will be able to quickly deploy the solutions they need to better understand, control, and securely take action on their data across their multi-cloud environments.”
Sunil Potti, General Manager and Vice President, Cloud Security, Google Cloud
Veza’s data security platform aggregates identity information from humans, service accounts, and cloud IAM entities, and authorization data from apps and data systems, giving organizations a centralized, SaaS-based control plane to visualize, manage, and control data access controls through Veza’s Authorization Graph. Veza integrates with cloud identity providers, SaaS and custom apps, and data systems, and translates system-specific entitlements and permissions into a common, human-understandable business language, visualized in the platform as effective permissions. The platform brings a novel approach to data security by enabling organizations to address key data security use cases across access reviews and certifications for SaaS apps and data systems, privileged access management to data and apps, data lake security and governance, management of cloud entitlements, and much more. It delivers prioritized insights, provides access workflows, and actionable recommendations for remediation of over-privileged accounts, enabling security and IT teams to correct anomalies and right-size their organization’s permissions to protect against ransomware and other data breaches.
As organizations continue to adapt to the evolving demands of hybrid remote and in-office work, multi-cloud and hybrid-cloud environments — those with multiple providers of disparate data, app, compute, and infrastructure systems — are becoming the norm. According to the Flexera 2022 State of the Cloud Report, 89% of companies surveyed are multi-cloud, with only 2% operating in single private clouds and 9% in single public clouds. This trend is leading to a distributed web of data, relationships, and access points that are changing and difficult to track and secure.
Veza and Google Cloud already have a number of joint customers deployed across the industries of SaaS software, marketing technology, and media, including Vox Media.
“To support Vox Media’s growth and increasing M&A activity without compromising security, we need to ensure that across all of our brands, the right users have access only to the data they need access to, and that we have full visibility over what they can do with that data,” says Ateeb Ahmad, Senior Director, IT Infrastructure, Vox Media. With Veza and Google Cloud working together, we’ve been able to seamlessly manage access controls over our data for our largest merger to date, and tightly scope identity-to-data permissions even as our footprint with Google Cloud and other technologies grows.”
“The greatest gifts of the multi-cloud and the generational architectural shift of the modern data systems are also its greatest risks: securing data, scalability, flexibility, and seamless collaboration,” says Thakur. “When organizations enable workers to reach from one cloud to another to leverage data across their entire multi-cloud ecosystem, they foster growth, enable more intelligence, and promote agility. However, such apps and data systems are also more porous and are at increased risk of cybercrime and ransomware. We purpose-built Veza’s Core Authorization Platform for the multi-cloud so that organizations can implement strong access governance policies - Veza continuously evaluates these policies and enables both automated workflows for access reviews, automated access removal for toxic and stale combinations, and facilitates access grant and request for any app, data, and service.”
Veza is the data security platform built on the power of authorization. Our platform is purpose-built for hybrid multi-cloud environments to help you use and share your data safely. Veza makes it easy to understand, manage, and control who can and should take what action on what data. We organize authorization metadata across identity providers, data systems, cloud service providers, and SaaS applications — all to address the toughest data security challenges of the modern era. Founded in 2020, the company is funded by top-tier investors including Accel, Bain Capital, Ballistic Ventures, Blackstone, GV, Norwest Venture Partners, and True Ventures
DATA SECURITY,PLATFORM SECURITY,SOFTWARE SECURITY
Archive360 | August 29, 2022
Archive360™, the archiving and information management leader trusted by enterprises and government agencies worldwide, today announced its Archive360 Extend developer program, giving customers and partners access to the company’s unique APIs (application programming interfaces) so they can leverage the market-leading information governance capabilities of the Archive360 Open Archiving Platform, extending capabilities of customer in-house developed applications as well as third party applications. As the only true Platform-as-a-Service (PaaS) solution provider, Archive360 enables organizations to migrate and onboard massive volumes of data to the cloud, with full control over data security, privacy, access, and compliance. With Archive360 Extend, users can now benefit from one search to directly access, manage and extract relevant data from the Archive360 archive in the comfort and familiarity of their preferred applications, while professionals in the legal, IT and compliance units are assured that all data is being appropriately managed.
“Companies offering vital services such as eDiscovery, internal and external audits and core business applications are not in the business of archiving and managing information - that’s our specialty,” said Robert DeSteno, co-founder and CEO of Archive360. “In today’s operating environment, skilled professionals prioritize working from the applications they access daily. Archive360 now makes it possible for these users to access and leverage data in Archive360’s repository from those apps with one search - in most cases, they won’t even know where the data is, only that their access is fully authorized and secure. More than a dozen partners have already joined this program, and over the next few weeks we’ll be announcing key partnerships with specific companies. Archive360 Extend represents a new advance in archiving and information management, and we’re just getting started.”
The new program enables a seamless, secure and compliant connection between two complementary forces: the Archive360 information management platform’s ability to onboard, manage and store massive volumes of business data - including files, videos, audio, CRM, ERP, emails/electronic communication, social media and more - and companies specializing in complex disciplines such as eDiscovery and data analytics, serving business users who need immediate, authorized, and secure access to all relevant data resources without having to switch between applications.
Archive360 enables participating companies to promote their offerings to a much broader market, including large and heavily regulated enterprises with massive amounts of data that need to be retained and managed securely in compliance with internal and external mandates.
One Search User Access
Archive360 APIs enable end users, with one search, to quickly, easily, and cost-effectively access, review and act on data from any system across their organization. And while the company leads the market with a unified platform - massive data volumes offering enhanced flexibility for easy and secure access - its APIs also come with major advantages.
The collective benefits include:
One Search: Greater visibility into any data source connected to the Archive360 archive, and greater control over that data: how it’s processed, stored, protected and managed, with performance tailored to meet specific business needs
Scalability: Process and manage petabytes of data, rapidly, cost-effectively and dynamically scale horizontally and vertically to meet any workload
Security: True Zero Trust data security with unparalleled PII protection - even system administrators can’t access the data without explicit approval
Defensible Compliance: Ensuring data accuracy, compliance and reliability through immutable storage, data localization, and an audit trail to capture the complete chain of custody. Separate micro-APIs run in the right place across on-premises, in-country or overseas cloud infrastructures ensuring compliance with data localization requirements
Risk Management: eliminating redundant, obsolete and trivial (ROT) information; replacing legacy systems; and optimizing storage
Comprehensive Functionality: There’s one front-end API for ingestion, operations, monitoring, admin, records, discovery, machine learning and analytics, along with micro-APIs
Open Framework: The APIs are extensible - for example, Archive360’s archive functionality can be seamlessly embedded into independent software vendors’ applications and customer portals
Archive360 APIs are managed with a Zero-Trust framework that encompasses data threat surfaces, lifecycles, governance and more - a critical advantage in today’s operating environment. The company also adheres to an API-first philosophy: The APIs are consistent and reusable across the Archive360 platform and applications or portals accessing the data.
Customers and partners can learn more about the Archive360 Extend developer program by speaking with their account representative or registering to become an Archive360 partner.
Archive360 is the enterprise information archiving company that businesses and government agencies worldwide trust to securely migrate their digital data to the cloud, and responsibly manage it for today’s regulatory, legal and business intelligence obligations. This is accomplished by applying context around the search, classification, security, retention, disposition and indexing of data including files, videos, and emails—all while allowing organizations to maintain full control over privacy, access, and compliance. Archive360 is a global organization that delivers its solutions both directly and through a worldwide network of partners. Archive360 is a Microsoft Cloud Solution Provider, and the Archive2AzureTM solution is Microsoft Azure Certified.
DATA SECURITY,SOFTWARE SECURITY,WEB SECURITY TOOLS
At-Bay, Inc. | September 17, 2022
At-Bay, the insurance provider for the digital age, and Guidewire today announced that At-Bay has chosen Guidewire’s cyber risk modeling and analytics product, Cyence, to further bolster its view, and management of, aggregation risk, within its growing cyber insurance portfolio.
“Cyber risk aggregation is an important area of risk that every insurer should be actively monitoring and managing within their cyber portfolio. Investing in the right data capabilities, tools, and mechanisms for monitoring and sizing aggregation risk exposure is critical to managing cyber insurance risk in today’s fast changing threat landscape,” said Roman Itskovich, At-Bay’s Chief Risk Officer and Co-Founder.
“With At-Bay’s steadfast focus on proactive risk management, Guidewire’s solution will help us to expand our data capabilities and toolkit for proactive risk management, so that we can continue to deliver great loss results,” Itskovich added.
By combining world-class technology with industry-leading insurance expertise, At-Bay aims to provide the clarity and confidence that businesses need to address digital risk head on. Founded in 2016, At-Bay protects tens of thousands of business customers from today’s ever growing cyber threat landscape. With its in-house data collection capabilities aimed at addressing attritional risk in the selection, pricing, and active risk management of its portfolio, At-Bay will now expand its focus to aggregated risk exposures.
“We selected Guidewire because it has a strong reputation for being one of the top cyber risk vendors, especially for transparency, in-house data collection, and market validation. “By applying Cyence’s advanced risk models and detailed aggregated risk scenarios to our own active risk monitoring capabilities and claims experience, we believe that we will be able to further enhance our underwriting and portfolio risk management decisions, and maintain a strong loss performance as our book grows.”
Yoshifumi Yamamoto, Director of Cyber Risk Modeling, At-Bay
Commenting on the news, Charles Clarke, Group Vice President, Analytics Sales & Advisory, Guidewire, said, “We admire At-Bay’s use of Cyence to expand its modeling capabilities to account for aggregated risk. We are pleased by their vote of confidence in our cyber capabilities and look forward to infusing data analytics to help At-Bay’s clients meet digital risk head-on.”
About At-Bay, Inc.
At-Bay is the insurance provider for the digital age. By combining world-class technology with industry-leading insurance expertise, At-Bay was designed from the ground up to empower businesses to thrive in the digital world. At-Bay is backed by Acrew Capital, Glilot Capital, the HSB fund of Munich Re Ventures, Icon Ventures, ION Crossover Partners, Khosla Ventures, Lightspeed Venture Partners, M12, entrepreneur Shlomo Kramer, and Qumra Capital. www.at-bay.com
About Guidewire Software
Guidewire is the platform P&C insurers trust to engage, innovate, and grow efficiently. We combine digital, core, analytics, and AI to deliver our platform as a cloud service. Approximately 520 insurers in 38 countries, from new ventures to the largest and most complex in the world, run on Guidewire.