Community//

“Making data-based decisions ”, With Jason Remilard and Balaji Parimi of CloudKnox

Making data-based decisions — rather than decisions rooted in assumption, or trial and error — can be the most important thing to do following a breach. Diving into data allows enterprises to empower themselves to protect their reputation, assets and customers. As a part of my series about “5 Things You Need To Know To Optimize Your Company’s Approach […]

The Thrive Global Community welcomes voices from many spheres on our open platform. We publish pieces as written by outside contributors with a wide range of opinions, which don’t necessarily reflect our own. Community stories are not commissioned by our editorial team and must meet our guidelines prior to being published.

Making data-based decisions — rather than decisions rooted in assumption, or trial and error — can be the most important thing to do following a breach. Diving into data allows enterprises to empower themselves to protect their reputation, assets and customers.


As a part of my series about “5 Things You Need To Know To Optimize Your Company’s Approach to Data Privacy and Cybersecurity”, I had the pleasure of interviewing Balaji Parimi.

Balaji is the Founder and CEO of CloudKnox Security, the only Cloud Security Platform built from the ground up to support the management of identity privileges across multi-cloud environments using an Activity-based Authorization model.

In October 2018, Balaji secured 10.8 million dollars in funding for CloudKnox led by Jay Leek, Managing Director at ClearSky Security and former Blackstone CISO, which coincided with the launch of the CloudKnox Cloud Security Platform. Since then, Balaji has helped CloudKnox become a Top Ten Finalist in the RSA Innovation Sandbox Contest and presented at RSA on behalf of the company. Prior to this, Balaji was Vice President of Engineering and Operations at CloudPhysics, Staff Engineer at VMware, Architect and Technical Lead at 8X8, and Senior Software Engineer at Quality Call Solutions.


Thank you so much for joining us in this interview series! Before we dig in, our readers would like to get to know you. Can you tell us a bit about how you grew up?

I originally came from a small town in India and focused on engineering because it was the only way out. I worked very hard to get where I am today, a drive that was instilled from my Mom at a very young age. To this day, the CloudKnox culture is based on the life lessons that my Mom taught to me.

Is there a particular story that inspired you to pursue a career in cybersecurity? We’d love to hear it.

I’ve always been driven to innovate and improve cybersecurity practices, particularly in the cloud space. Prior to founding CloudKnox, I witnessed real operational challenges when I worked at IT organizations. I noticed there was no way to ascertain which users were using which resources. This motivated me to research and identify solutions for a clear gap I saw in the market. I saw enterprises lacking visibility and control of cloud infrastructure — leaving them wide open to privilege misuse, whether accidental or intentional — and have been driven toward solutions since then.

Can you share the most interesting story that happened to you since you began this fascinating career?

I have to say the most interesting — or perhaps, surprising — aspect of my story involves how many people in the tech space have been willing to help me along the way. Over time, I have received valuable feedback and priceless advice from C-suite and thought leadership experts. While they didn’t know me or owe me any favors, they were receptive after I took the chance to reach out via channels like LinkedIn. I encourage professionals getting their start in the industry to do the same — the results may surprise you.

None of us are able to achieve success without some help along the way. Is there a particular person to whom you are grateful who helped get you to where you are? Can you share a story about that?

My Mom, she gave me everything. Throughout my high school days she gave me the discipline to hone in on my English and grammar classes. She encouraged and pushed me to go all in or nothing. In addition, she taught me how important it was to treat other people with respect and kindness — a value which I still live by to this day. I have tried to foster both respect and kindness among the teams I’ve worked with in my adult life, and that extends to the team I now lead at CloudKnox Security. My leadership philosophy today is a direct result of the way my mom raised me.

Are you working on any exciting new projects now? How do you think that will help people?

At CloudKnox, we’re always excited to work with existing customers and prospects to take them through our risk assessment process and build that into a roadmap. Each organization brings a different perspective, set of needs, challenges and opportunities to the table when it comes to establishing a cloud permissions management platform.

Additionally, we are developing our auto-pilot feature which shows promise in reducing the amount of time customers will need to spend on issues. This, like many other CloudKnox product developments, resulted from user feedback which we will continue to solicit.

What advice would you give to your colleagues to help them to thrive and not “burn out”?

A healthy work/life balance is key, and that means giving the flexibility for people to explore their passions. My philosophy is: don’t neglect other hobbies and think you can go back to them later because there is no later. There are other facets to people beyond solely their careers and these shouldn’t be put off or ignored.

For example, one of our founding employees is very involved in Galgo dog rescue. When she had a trip to Spain planned to rescue a group of dogs, it wasn’t even a question whether we would support her in going. I know CloudKnox is also her passion, but it’s so important that we celebrate opportunities that our employees have to embrace their dreams. In addition to fostering a healthy work/life balance, this allows our team to pull in new business perspectives and ideas that may have gone unexplored otherwise. Work will always be there, but time spent doing what you love can sometimes be limited.

The Cybersecurity industry, as it is today, is such an exciting arena. What are the 3 things that most excite you about the Cybersecurity industry? Can you explain?

These days, leadership teams are not just looking at compliance with data privacy law as a box they must check, lest they face legal recourse for the enterprise. Instead, they are looking to introduce these new measures — at both the international and domestic level — cyber security regulations as opportunities and guidelines to bolster their organization’s security posture. What used to be viewed as a chore done out of necessity is now viewed as a set of best practices that act as a “business enabler.”

For this reason, I am excited by not just three, but myriad solutions these new regulations — such as the EU’s GDPR and California’s CCPA — provide so businesses are incentivized to balance three factors — security, optimization, and innovation — in the midst of digital transformation.

What are the main cybersecurity tools that you use on a frequent basis? For the benefit of our readers can you briefly explain what they do?

As cloud infrastructure is evolving we are seeing new types of risks. With this in mind we know we have to hone in on minimizing risk, with an additional layer of protection. To bring this into perspective, we’ve utilized the cloud infrastructure cyber kill chain that we deploy as a framework to best understand how cloud infrastructure can be breached. First-generation attacks occurred primarily at the recon phase, where an attacker could discover publicly exposed storage and services. Second-generation attack techniques have matured into a full cyber kill chain. This extra layer is important as managing your cloud infrastructure security posture has matured beyond just managing your perimeter.

How does someone who doesn’t have a large team deal with this? How would you articulate when a company can suffice with “over the counter”software, and when they need to move to a contract with a cybersecurity agency, or hire their own Chief Information Security Officer?

I don’t believe in building everything when it comes to optimizing resources. Rather, I’d consider myself more of a “buy guy,” and would encourage those in leadership positions at other companies to look into this as an option. Even if your organization doesn’t have a team, you can still find the tools to help you do the work in an efficient way. This is something we still carry over in our interactions with customers at CloudKnox today. When we help them to identify solutions, we ask questions like: How can we mitigate the time you need to spend on this? Often, buying a solution is the key to streamlining operational or security needs.

As you know, breaches or hacks can occur even for those who are best prepared, and no one will be aware of it for a while. Are there 3 or 4 signs that a lay person can see or look for that might indicate that something might be “amiss”?

Having the visibility to take a data driven approach will give that big picture all around. Once you have that visibility, you know where you are and where your gaps are. When you take actions on those gaps, the metrics will help indicate if you are taking action in a positive direction or regressing and it gives you an idea of what to do to make progress. In a continuous phase where you are monitoring, you have something that tells you exactly. Anomaly detections are also key indicators, as it helps identify what a person is doing out of their normal behavior. For instance, if John Doe normally operates from one area and is doing something from a geo-different location in the infrastructure, this could potentially be an indicator. So, combining environments with normal activity is a good indication and activity itself can even be one.

After a company is made aware of a data or security breach, what are the most important things they should do to protect themselves further, as well as protect their customers?

Making data-based decisions — rather than decisions rooted in assumption, or trial and error — can be the most important thing to do following a breach. Diving into data allows enterprises to empower themselves to protect their reputation, assets and customers.

How have recent privacy measures like The California Consumer Privacy Act (CCPA), CPRA GDPR and other related laws affected your business? How do you think they might affect business in general?

We regularly work with our customers to adapt to privacy measures such as CCPA, CPRA and GDPR, as they work and operate in different jurisdictions with different regulations around the globe. Say, for instance, I would only like my data to stay in China. The CloudKnox platform would allow me to keep my data in this jurisdiction, and to remain compliant with the regulations that apply. We provide a prevention-first approach to help you reach the appropriate level of compliance wherever your data resides. Industry wide, the regulations mean that businesses need to spend more upfront in order to ensure compliance. However, this prevention-first approach to spending can also prevent catastrophic costs that would have resulted from breaches over time.

What are the most common data security and cybersecurity mistakes you have seen companies make?

An “assumptions-based” approach has been the mistake most companies have made when identifying threats. When I first started, the market was missing a “prevention-first” solution. I saw this as a vacuum in the industry to fill. Through CloudKnox, I began building and operating a hybrid cloud environment that is secure, safe and effective is impossible without a foundational, “prevention-first” approach to cloud security, one that is too often overlooked in favor of lower-cost or speedier solutions. Today, more than 90% of malicious incidents in the cloud stem from preventable misconfigurations — but by the time these incidents are identified, organizations must work in hindsight and the damage is done.

The great majority of these preventable incidents stem from three factors — 1) accidents, 2) knowledge gaps, or 3) malicious intent. A “prevention-first” foundational approach — where only select, properly trained personnel are allowed to make key configuration changes and proper permissions are established throughout the organization — can go a long way towards mitigating the first two factors. Beyond these initial steps, security teams that maintain a “prevention-first” strategy are consistent in monitoring new and existing identities — whether they are human or machine — and taking action to continuously secure the cloud.

Since the COVID19 Pandemic began and companies have become more dispersed, have you seen an uptick in cybersecurity or privacy errors? Can you explain?

We are seeing more customers investing in the cloud in order to get ahead of cybersecurity or privacy errors similar to large breaches we’ve seen recently from corporations including Shopify and Garminr. This is in part due to the pandemic’s challenges which necessitate remote work, as cloud infrastructure is most compatible for networks that need to operate on the go.

You are a person of enormous influence. If you could inspire a movement that would bring the most amount of good to the most amount of people, what would that be? You never know what your idea can trigger. (Think, simple, fast, effective and something everyone can do!)

As CEO and founder of CloudKnox Security, the provider of the only Cloud Permissions Management platform for hybrid and multi-cloud environments, I feel an obligation to use my influence to innovate and move the cloud infrastructure security space forward. Within the cloud, I want to first underscore that infrastructure is the foundation of everything — from efficient operations to critical security protections. Creating a sound foundation is key in order to ensure security as organizations — and their cloud infrastructure — scale up effectively with time.

In order to inspire a movement towards stronger foundations in cloud infrastructure, it’s critical that enterprises understand foundational choices must be based on data — not assumptions — to avoid cracks in the foundation that become more serious with time. So, the cloud must be built based on data that shows what users are doing with what resources, rather than guessing in this area. A data-driven approach, rather than one based on subjective observations, is far more likely to scale efficiently as businesses grow.

How can our readers further follow your work online?

The CloudKnox blog is a resource for decision makers including CISOs, CIOs, VPs of Cloud Security, VPs of Cloud Infrastructure, and Cloud Security Architects. The blog touches on topics including, but not limited to, to identity and access, cloud security, CISO suite, security awareness, threats and breaches, threat intelligence, and vulnerabilities. This can be found at www.cloudknox.io.

This was very inspiring and informative. Thank you so much for the time you spent with this interview!


    Share your comments below. Please read our commenting guidelines before posting. If you have a concern about a comment, report it here.

    You might also like...

    Community//

    “5 Things You Need To Know To Optimize Your Company” With Jason Remillard & Michael Wilson

    by Jason Remillard
    Community//

    Ways to Keep SaaS Data Safe

    by Dave Devloper
    Community//

    How Cybersecurity Firm ThreatModeler Empowers Teams to Build Consistent, Repeatable, Accurate Threat Models to Scale Across an Enterprise

    by Chris Green
    We use cookies on our site to give you the best experience possible. By continuing to browse the site, you agree to this use. For more information on how we use cookies, see our Privacy Policy.