Art Poghosyan from Britive Talks with AI-TechPark about the changing Information & Data Security Landscape & How Cloud-based Access Management will shape the Future of Hrtech.
1. Tell us about your role at Britive.
I’m the CEO and co-Founder. I have been in the InfoSec industry for over 20 years. Prior to the launch of Britive, I co-founded Advancive, a leading Identity and Access Management (IAM) consulting company that was acquired by Optiv in 2016.
2. Can you tell us about your journey into this market?
Before we launched Britive, my two co-founders and I dedicated several years to identifying and resolving security challenges in the on-prem identity and access space. A few years ago, we realized that the shifting of workloads to the cloud presented the greatest risks to organizations. The driving force behind those risks is the proliferation of identities and permissions cross-cloud that must be secured. That was never a major concern during the on-prem days.
We identified three significant challenges and made a commitment to solve them. The first is the basic need to automate the process of uncovering and managing thousands of permissions across SaaS, IaaS, PaaS and DaaS. A tremendous amount of SecOps, CloudOps, and DevOps teams are relying on old school spreadsheets to accomplish this, which is both time consuming and error prone. Add to that the fact that each cloud service has its own access logic. If you don’t use automation, it must be painstakingly learned before being managed and secured. One of our goals at Britive is to provide cross-cloud visibility and automated controls for cloud permissions.
Second, we identified the proliferation of permanent standing cloud permissions as an open invitation to threat actors to exploit identity based vulnerabilities. The infamous SolarWinds attack is a classic example of cloud account credentials being compromised by malicious actors to gain access to sensitive data. Britive’s vision is to assist companies with enforcing Zero Standing Privileges (ZSP) through Just in Time (JIT) permissioning where permissions are only granted for a set period of time and then revoked at the end of the cloud session. By doing that, we minimize the organization’s attack surface. It is easy to understand why this needs to be a priority when you consider that cloud access threats have now surpassed those caused by malware in recent years.
Third, we identified the demand from DevOps teams to help them build access security into their CI/CD processes without adding additional complexity or management overhead. From our experience, we saw that DevOps teams are often resource constrained and have to maintain singularly focused on the development process. Given the fact that developers – like their cloud admin colleagues – hold elevated privileges, their accounts are considered high-value to threat actors and therefore, in need of the highest level of strong security. By enabling self-service JIT permissioning, you can secure DevOps users with minimal overhead. Additionally, DevOps needs to manage secrets dynamically to more effectively secure non-human identities such as APis and access keys. We enable DevOps to spin up temporary services swiftly by generating JIT secrets on the go.