The technology landscape has seen tremendous growth in the past few years, and as a result, tech companies cannot be domain experts across the entire landscape.
This entails working with external consultants and different marketing agencies, which means sharing information in multiple ways with multiple parties. This in turn makes companies vulnerable to security breaches.
CSPM Zero founder and CEO Phil Souter, who has worked in cloud security consulting for many years, noticed that his clients were not able to effectively manage their information security.
Last spring, Sutter founded CSPM Zeroa startup that provides context and insights into enterprise cloud security. It hopes to launch its product by the end of this summer.
“The goal of CSPM Zero is to reduce the overall burden of adopting new platforms, by being able to provide effective context for what actually needs to be addressed in order to prevent data breaches, prevent malware attacks, or all the other terrible things that can happen if you don’t adopt effective information security policies and attitudes,” Sauter said.
CSPM stands for “Cloud Security Posture Management,” and the “zero” indicates that the platform is the first place to go when it comes to cloud security.
The Apex-based startup is part of the RIoT Accelerator Program (RAP), a 12-week program for early-stage startups. (We’ve previously written about other participants in this summer’s RAP cohort, including Baby Bumps and Social Cascade.) Sautter said RAP has been an “amazing experience,” allowing him to learn from other founders in his cohort and get feedback on his ideas.
The initial target market is mid-sized businesses, which unlike larger enterprises may not already have access to expensive or robust cloud security tools. CSPM Zero also targets its product toward organizations with a high level of compliance—such as those in the finance or healthcare industries—where data protection is paramount.
Once implemented, CSPM Zero begins scanning customers’ cloud environments for vulnerabilities based on security frameworks such as those defined by Amazon Web Services (AWS), a widely adaptive cloud computing platform. CSPM Zero will initially target companies using AWS. There will be monthly and annual subscription rates at varying levels depending on the level of frequency required for security scanning.
The scans will uncover metadata about a company’s cloud environment and provide recommendations for a more secure approach. Company engineers who receive this information can get real-time updates via email, Slack, or other channels.
“We really try to make things as easy as possible for engineers so they don’t have to deal with the cognitive costs of security issues,” Sauter said. “In general, the easier we make things for people, the more likely they are to do them.”
Failure to secure a company’s data can have devastating consequences for its business success as well as the well-being of its customers, Sauter said. For example, a malware attack could shut down a company until it can restore viable backups or pay off an attacker who may have infected the company’s cloud. In extreme cases, a cloud that serves a hospital or power grid could seriously disrupt customers’ lives.
Besides the general demand for cloud security, Sauter also felt the need to create his company out of frustration with his personal data being leaked.
“The easier it is to manage information security, the better off we are as a society,” he said. “That may sound a bit selfish, but that’s honestly what I’m trying to do here. Let’s gradually improve society by making it easier for everyone to take information security with the seriousness it should be.”
Sautter is looking for potential founders to work with him on his company, as well as potential angel investors and advisors. Anyone interested can reach out to him at Phil@cspmzero.com.
