By Raghuram Madabushi, Director, Incubation at National Grid Partners.
The first time I listened to a talk by Phil Porras was at an SRI seminar on cyber-security. Two things stood out: Phil’s breadth/depth of knowledge and experience was just stunning — he and his team had some serious history fighting the bad guys (see here, here, and here). And Phil talks faster than a Shinkansen bullet train — the ideas just flow out of him in such rapid succession that you have to take notes in shorthand. It’s clear he wants to get someplace, and fast.
The first time I met Nat Natraj was at an ATEA/TiE conference, where both of us were volunteering to help out local Bay Area entrepreneurs. (Nat brought his founder cred, and I – well, I was just there to listen mostly, but I was being asked to share my investor perspective.) What really stood out was Nat’s deep awareness of the cyber-security market, the core needs that just were not being met, and how much he wanted to think five years out to address those problems.
It didn’t take much to put one-and-one together and see how these two stalwarts could complement each other. First, providing a technical core that would be generationally differentiating. Second, bringing together an execution team and years of experience to crystalize a product stack – and a set of key partners that can bring these technologies to market.
Deep tech startups are inherently difficult to build, especially at the early stages, unless the core team is joined at the hip. It was inevitable that magic would happen when Nat and Phil met and shared their visions.
Macro trends, and the problem they create
Over the last few years, cloud computing infrastructure has evolved from Platform-as-a-Service to virtual machines, containers, and a serverless Function-as-a Service infrastructure. The flexibility that has driven this evolution is now driving adoption: Enterprises each week are running billions of containers to enable software to run reliably across different computing environments, and this growth is not slowing down. Gartner estimates that 75 percent of organizations will run containers in production by 2025 (up from 20% today). Over that same time, Grand View Research predicts, container market value will top $8 billion.
Yet the consequences of this (r)evolution have been dramatic from a cyber-security point of view. It used to be that the firewall shielded the perimeter of our networks from outside intrusion. With cloud computing, mobile devices, the Internet of Things (IoT) and the like, much of our information is stored and accessed far away from the original network perimeter. Protecting that endpoint data, not the perimeter, became cyber-security’s battle cry.
Now, in a world where the boundaries of an enterprise have all but vanished with remote work, BYOD, and other related changes, identity has become the new perimeter. What is needed is a “software defined” perimeter or a dynamic firewall that creates a security moat around an asset, based on policies that change dynamically according to operating environment.
Current perimeter-based solutions don’t adequately address security at the container workload level. This has resulted in an increasing number of container security incidents: 60 percent of organizations have experienced them, according to a survey by Tripwire. And the average cost of a data breach, per IBM, is now just shy of $4 million.
A key part of our investment thesis involves cyber-security for enterprise infrastructure shifts. This becomes all the more pressing for critical infrastructure, where requirements for security are much higher. AccuKnox sits at the intersection of these key developments.
AccuKnox is a zero-trust container security enforcement platform that leverages the identity driven perimeter model.
That may seem like a mouthful, but when the perimeter itself is hard to define, a trust-less security environment is essential. It’s also difficult.
Layering a publicly open policy framework on top of the infrastructure lets enterprises seamlessly manage conformance to security standards like PCI DSS (for credit card information), HIPAA (for health care records) and other alphabet-soup examples.
It’s also imperative that both private and public clouds (such as Google Cloud Platform, Microsoft’s Azure, and Amazon Web Services) are covered.
AccuKnox does all this using seminal work from SRI around data provenance and machine learning. The container security building blocks are built on core open platforms that are proven, field-tested, and widely used by large enterprises.
Check their project (KubeArmor) here on Git.
The benefits of the AccuKnox platform are multi-fold:
- Protecting the container from external exploitation;
- Providing inter-container protection;
- Protecting the host from its containers;
- Managing optimal container and application configuration to detect vulnerabilities;
- Digital forensics, detection, and dynamic management (runtime security management)
You’ll hear more about AccuKnox’s vision over the next few months. We can’t wait to see it drive the industry forward.
Raghu is a Director at National Grid Partners investing in early stage companies in the broad enterprise software vertical. He has 20+ years of experience with technology, capital markets, and IP/innovation. He previously invested in deep tech and industrial infrastructure at SRI Ventures and GE Ventures; managed a large portfolio of open-source technology projects at the Linux Foundation; and headed early stage startup investing at Intellectual Ventures. Raghu also has held buy-side and sell-side roles at Wall Street firms and brings extensive experience in hardware and software design (Texas Instruments, Intel, Cadence Design Systems).He received an MBA in Finance and Investments from Southern Methodist University and an MS in Computer Engineering from Iowa State University, and currently serves as a Kauffman Fellow.