Virtualization Technology News and Information
VMblog's Expert Interviews: ScaleFT Talks Better Security Through UX

interview scaleft ux 

In July 2017 I first met with ScaleFT, the startup aiming to bolster security using the "zero trust" approach modeled after Google's BeyondCorp framework.  The company had just closed a $2 million funding round and launched a new product based on the core principles of BeyondCorp for securing access to internal company web apps.

I recently caught up with the ScaleFT CTO and co-founder Paul Querna to get an update on how customers are responding to new security paradigm built on the premise the perimeter defenses are increasingly obsolete.  Querna had some insights into how the user experience is critical to effective security.

VMblog:  What's broken in security today?

Paul Querna:  We need to make security easier to adopt and use. Organizations face two challenges. For too long, companies have invested a lot of money in a wide range of different products that offer varying levels of security. But few products solve for a security outcome. They fix one issue, not the architecture problems. The other challenge is that too many products make users miserable. They can't get their work done efficiently. Both problems discourage adoption so no one is adequately protected. When you have the user on your side, when you're helping them be more successful at their job, it makes security more effective. 

VMblog:  What makes a good user experience that is still secure?

Querna:  In many ways, it's all about better security through UX. The core part of our world at ScaleFT is about combining a user and their current device at a point in time to build a session profile that can be effectively authenticated and authorized. If everything adheres to the access policies, you just navigate to web apps or login to servers just as you normally would. You might have 2-factor in place, which you do in the morning, and then you're set for the day. That's the user experience we strive for whenever possible, because that's what you want to do. You never want to log in 14 times during the day.

VMblog:  How does Zero Trust look from the CISO perspective?

Querna:  CISOs spend a lot of money on a lot of different products. We can help them not just on security, but also managing the proliferation of security products to setup and manage. We eliminate or replace the spend on things like VPNs and endpoint protection. Because of how the product and this architecture integrates with everything, you have a real-time view into everything that's going on. You have audit logs continuously coming in of every page view and every action someone takes on a server. You have a very information-rich environment.

We also recognize the importance of helping customers embrace this new paradigm for security. How can we make it easier to adopt? Our objective is to take these core ideas and make them more consumable, more incrementally adoptable. Even within Google, it did take them 6 or 7 years to do the full transition, but they said they tried to do the 80 percent of easy apps first. And that's our same perspective with our own customers: Let's migrate the easy stuff first. We're not going to get rid of your mainframe tomorrow, but let's move some of your easy web apps that are already in the cloud.


Published Thursday, November 16, 2017 8:04 AM by David Marshall
Filed under: ,
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
<November 2017>