The tech landscape has grown exponentially in the past several years, and as a result, tech companies can’t possibly be domain experts across the entire landscape.
This necessitates working with different outside consultants and marketing agencies, which means information is shared in many ways with multiple parties. This in turn makes companies vulnerable to security breaching.
CSPM Zero Founder and CEO Phil Sautter worked in consulting in cloud security for many years, and noticed that his clients were not able to effectively manage their information security.
This past spring, Sautter founded CSPM Zero, a startup that provides context and insights into a company’s cloud security. He hopes to launch his product by the end of this summer.
“The goal for CSPM Zero is to really lower the overall burden for that adoption of new platforms, by being able to effectively provide context on what actually needs to be addressed in order to prevent those data breaches, or prevent malware attacks, or all the other terrible things that can happen if you don’t adopt effective information security policies and postures,” Sautter said.
CSPM is the acronym for “cloud security posture management,” and the “Zero” signifies that the platform is the first place one should go for cloud security.
The Apex-based startup is part of RIoT’s Accelerator Program (RAP), which is a 12-week program for early-stage startups. (We have previously written about other participants in this summer’s RAP cohort, including Baby Bumps and Social Cascade.) Sautter said RAP has been an “amazing experience,” enabling him to learn from other founders in his cohort and receiving feedback on his ideas.
The initial target market consists of mid-size companies, which unlike larger enterprise companies may not already have access to expensive or robust cloud security tools. CSPM Zero also gears its product toward highly compliant organizations—such as those in the finance or healthcare industries—wherein data protection is crucial.
Once implemented, CSPM Zero starts by scanning customers’ cloud environments to identify vulnerabilities based on security frameworks such as those defined by Amazon Web Services (AWS), which is a broadly-adapted cloud computing platform. CSPM Zero will first target companies using AWS. There will be monthly and annual subscription rates with different tiers depending on the level of frequency needed for security scans.
The scans will discover the metadata about a given company’s cloud environment and offer recommendations for a more secure approach. The company’s engineers who will be receiving this information can get real-time updates through email, Slack, or any other channel.
“[We’re] really trying to make things as easy as possible for the engineers so that they don’t have to deal with the cognitive overhead of the security issues,” Sautter said. “And in general, the easier we make things for people, the more likely they are to do it.”
If a company’s data is not secure, Sautter said there can be devastating consequences for the success of their business as well as the well-being of their customers. For example, a malware attack can shut a company down until it is able to restore viable backups or pay the attacker that may have infected the company’s cloud. In extreme cases, a cloud that serves a hospital or electrical grid could severely disrupt customers’ lives.
Beyond the general demand for cloud security, Sautter also felt compelled to start his company because of his own frustrations with his personal data getting leaked.
“The easier it is to manage information security, the better we’ll be as a society,” he said. “And, that may sound a little altruistic, but that is honestly what I’m going after here. Let’s just make society incrementally better by making it easy for everyone to treat information security with the seriousness that it should have.”
Sautter is looking for potential co-founders to work on his company with him, as well as potential angel investors and advisors. Anyone interested is welcome to reach out to him at [email protected].
This post was originally published on the 3rd party site mentioned in the title of this this site