Q&A: Doug Dooley of Data Theorem Updates on New Cloud Secure Solution and Cloud Data Protection

Data Theorem announced a new solution called Cloud Secure, which is focused on cloud data protection.  To find out more about what the company has been up to, CloudCow reached out to Doug Dooley, Data Theorem’s chief operating officer. 

CloudCow:  It has been about nine months since we’ve last spoken.  What has Data Theorem been up to?

Doug Dooley:  The pandemic has posed a variety of opportunities and challenges. Many of our customers have shifted their budgets, resources and focus on building better applications that bring them closer to their customers. More attention on securing applications and protecting data privacy has happened during the pandemic because it is essential when working from home. As a result, 2020 was Data Theorem’s best year of growth and 2021 is shaping up to be even stronger than last year.

CloudCow:  Tell me about this new solution you are launching to protect and secure Cloud environments.

Dooley:  Cloud Secure is our newest product focused on cloud data protection that complements our other three products: API Secure, Mobile Secure, and Web Secure. We are excited about delivering one of the first app-centric cloud security products to the market. By 2023, more than 500 million apps will be developed and deployed using cloud-native approaches – the same number of apps developed in the last 40 years according to IDC. The app explosion happening in the cloud is real. And security teams are lagging way behind DevOps in using effective tools that support this app explosion in the cloud. We believe Cloud Secure can help a lot of teams dealing with unique app security problems in the cloud.

CloudCow:  What is so different about protecting apps built in cloud environments compared to on-premises data centers? 

Dooley:  The attack surface is substantially different for cloud-native apps vs on-premises apps. In the cloud, APIs and microservices are prolific and change daily. Hackers are taking advantage of the data-in-motion and data-at-rest layers in the cloud. This is very different than what we see in on-premises environments. The compute and network layers of cloud apps are ephemeral by default. These layers spin up and down based on the popularity and usage of applications in the cloud. In many ways, the host operating system and traditional perimeter networks have little bearing on securing cloud-native apps and APIs. In contrast, far too many IT security tools from on-premises data centers are dependent on host OS agents such as EDR and anti-virus, and enterprise firewalls, gateways, and proxies that no longer work well in dynamic cloud networking. The need for Attack Surface Management tools such as analyzers, hacker toolkits, and defensive toolkits to make cloud-native apps more secure is in high demand.

CloudCow:  Aren’t there already solutions out there doing this?

Dooley:  We have not seen any competitors taking on our technical approach of deploying cloud security without any use of an agent or change/adding proxies to the network. Many other cloud security offerings come from a long tradition of network gateways and host-agent protection products. Our expertise is deeply embedded in application security, particularly cloud-native apps. We believe the security industry must go through a reinvention period if we want to take legacy tools from the data center and make them work effectively for cloud-native architectures. Case in point, we see large firewall vendors acquiring many companies in the cloud security space to re-invent themselves. None of these newly acquired companies have a network-appliance style approach that worked in traditional data centers. New cloud architectures drive the need for new security innovation. Hence, the competitive field remains open for better cloud security tools.

CloudCow: How does this add to and enhance your existing AppSec portfolio? 

Dooley:  I would say most of our customers are in two main camps: (1) born-in-the-cloud companies and (2) digital transformation companies who are multi-cloud. Our existing portfolio of Web, Mobile, and API Secure customers benefit tremendously from Cloud Secure because nearly all the applications our customers build and update are connected to cloud services specifically running in AWS, Azure and GCP. Misconfiguration and vulnerable exploits found at the cloud layers of these applications have and will continue to create headline-generating data breaches. We want it to be easier and simpler for our customers to understand and remediate problems in their application stack starting at the client layer down to the infrastructure layers in the cloud. For the first time starting this quarter, all of our products can be purchased in Amazon, Microsoft, and Google’s marketplace to make it simple and easy for any customer to get Cloud Secure for their cloud-native apps.

CloudCow:  What are some of the key benefits organizations can realize with your new Cloud Secure solution?

Dooley:  The three biggest benefits our customers receive are security automation, speed, and data protection. More details on Cloud Secure can be found at https://www.datatheorem.com/products/cloud-secure .

CloudCow: Can you describe a typical customer use case for this new solution?

Dooley:  The first use case we have seen is that customers want to simplify and lower the cost of cloud compliance while cutting the expenses of CSPM (Cloud Security Posture Management) tools. We think the price of CSPM today is far too high for most customers so we will help reduce that expenditure. Our on-demand compliance reports make the cost of auditing significantly easier and faster. Further, Cloud Secure helps with third party and supply chain risk management, data privacy protection, and overall vulnerability management in the cloud.

CloudCow: And I can’t let you go without asking, what can we expect to see from Data Theorem during the rest of 2021?

Dooley:  We hope 2021 will be a year of transformation and re-evaluation. As customers see positive returns on their investments in cloud and app modernization to serve their customers better, we want to be one of their most important partners for modern application security. We plan to automate more of the security tooling than we have ever done before. And DevSecOps will not just be an aspirational goal but becomes the normal daily practice when rolling out cloud-native apps.

CloudCow: It has been great speaking with you. Anything you want to add or leave our readers with before we wrap up?

Dooley:  Doing your own free trial of Data Theorem is probably the best way to get to know us and see if we are a good fit for you. Data Theorem setups on AWS, Azure, or GCP are ready to go by clicking here: https://www.datatheorem.com/trial/

##