Protecting Collaboration Channels for Remote Work

As COVID-19 unfolded in the first half of 2020, many of us set out to explore its long-term ramifications and imagine what the ‘new normal’ could look like. We also wanted to understand the second- or third-order effects of remote working and accelerated digitalization. Cybersecurity became one of the key areas of focus. As many in the enterprise began to look at upgrading their applications and architectures, the security of those applications would have to follow close behind. This opportunity was validated by hackers themselves; in the first few months of COVID-19, phishing attacks increased by more than 600% in under a month.

New Communication and Collaboration Tools Need New Solutions

The reign of email as the sole communication and collaboration tool for the enterprise is long over. Even before COVID-19 hit, the average enterprise organization used more than six different enterprise communication and collaboration (EC&C) applications. The prevalence of these applications has since exploded further, and usage has expanded from internal collaboration to include customers, partners and subcontractors. From the hacker’s perspective, EC&C apps are a dream come true for three reasons:

Cybersecurity Live - Boston
  • They are used for sharing content (for example, text, files and URLs)
  • They are perceived as being safe by the users (unlike email)
  • Usually, they have little to no built-in or third-party security

As a result, these EC&C platforms, such as Dropbox, are the perfect distribution channels for malicious files or URLs, since any uploaded content is instantly propagated to all members of a shared folder.

The ‘API-ification’ of Software

Shifts in technology paradigms often disrupt existing, mature industries and produce higher quality products and services at cheaper prices. When that disruption fuses with an opportunity, like the one we see now, to serve entirely new markets, it becomes particularly interesting.

My team and I believe the next generation of significant software companies will be created through the ‘API-ification’ of software, where application programming interfaces (APIs) are used for integrating one piece (or pieces) of software to another (or others). APIs have existed for decades, but we believe their impact on the broader economy is still in the early days, as Markus Suomi investigates in his recent article here.

API-ification impacts both the development and consumption of software. On the development side, APIs allow software to be built modularly by stitching together both internally and externally built components. This leverages the comparative advantage of each company – why build a global telecommunications infrastructure yourself when you can integrate with, say, Twilio? On the consumption side, API-based SaaS companies create value by abstracting a business capability, such as document data extraction, and provisioning it over an API rather than providing a UI for a human to interface with.

API-based approaches have not yet been widely adopted in cybersecurity – it is an industry that is dominated by incumbents with broad end-to-end platforms. In email security, for instance, secure email gateways, provided by the likes of Proofpoint and Cisco, have been the gold standard. The issue is that these platforms are based on an old architecture – they struggle with detecting advanced attacks, they operate at the perimeter without any visibility into internal traffic, and typically, they can only protect email.

Sophisticated attackers know how to use social engineering or other means to circumvent these incumbent security solutions. If you do security correctly, the defense can handle the changing threat landscape. If you fixate on taking the fight to the adversary, they will gain the upper hand. We need to focus on ‘getting the code right’ by adding security tests into the DevOps process and embedding them into the applications via scalable and adaptable APIs.

In the new normal, API-based, cloud-native SaaS solutions secure any communication and collaboration channel against any type of attack, including phishing, malware or business email compromise. That approach provides users with several key advantages.

Using Q, our AI software, we have identified 15 companies with high potential that are poised to grow in this space:

 

NameDescriptionLocationStageFunding $
ErmeticIdentity and data protection solutionN/A, IsraelSeries A$ 27.3 M
RezilionCloud workload security solutions providerYeroham, IsraelSeries A$ 8.0 M
GitGuardianSoftware to monitor GitHub activityParis, FranceSeries B$ 12.2 M
Abnormal SecurityCloud-based email security solutionCalifornia, United StatesSeries B$ 74.5 M
StrongDMCloud-based database security and management solutionCalifornia, United StatesSeries A$ 23.0 M
IriusRiskPlatform for threat modeling & risk assessmentLondon, United KingdomSeries A$ 6.7 M
AccuricsProvider of cloud infrastructure security and configuration solutionsCalifornia, United StatesSeries A$ 20.0 M
Salt SecurityAPI threat protection solution providerCalifornia, United StatesSeries B$ 60.1 M
SymSolutions for the creation of security workflowsMassachusetts, United StatesSeries A$ 15.0 M
TwingateCloud-based network remote access solutions providerCalifornia, United StatesSeries A$ 17.0 M
SilverfortMulti-factor authentication solutions providerTel Aviv-Yafo, IsraelSeries B$ 41.5 M
UptycsCloud-based security analytics solution for anomaly detection and incident responseMassachusetts, United StatesSeries B$ 46.0 M
Perimeter 81SASE solution providerTel Aviv-Yafo, IsraelSeries B$ 59.5 M
Perception PointEmail and messaging threat response & mitigation solutionTel Aviv-Yafo, IsraelSeries B$ 38.0 M
SECURITIAI-based data loss prevention solutionCalifornia, United StatesSeries B$ 81.0 M
Featured eBook
The Dangers of Open Source Software and Best Practices for Securing Code

The Dangers of Open Source Software and Best Practices for Securing Code

More and more organizations are incorporating open source software into their development pipelines. After all, embracing open source products such as operating systems, code libraries, software and applications can reduce costs, introduce additional flexibility and help to accelerate delivery. Yet, open source software can introduce additional concerns into the development process—namely, security. Unlike commercial, or ... Read More
Security Boulevard

Ossi Tiainen

Ossi joined the NGP Capital Helsinki office in 2016. Ossi focuses on investment opportunities around enterprise software, security, and smart logistics. Past investments include Shippeo, Scandit, Hysolate, and Deliveroo. Previously, Ossi worked in strategy consulting advising large companies and private equity investors on topics including portfolio strategy, business planning, supply chain optimization, and commercial due diligence. Ossi holds a M.Sc. with distinction from Aalto University in Helsinki, where he studied industrial engineering, economics, and software engineering as well as held several assistant teacher positions.

ossi-tiainen has 1 posts and counting.See all posts by ossi-tiainen