Short answer: I am worried about security and I care about innovation.
Boris and I got together in late 2014 because we saw the same problems that no one was addressing and we had an idea on how to do that.
Both Boris and I had been involved in rapidly growing, innovative software companies. Early in our careers, we saw the tension between developers who built the products and the ops and IT people who operated those products. For example, while I was at Blue Coat, my team strove to put innovative and useful features into our products only to see them sit unused by our IT customers. They knew all too well that enabling those features would be risky and that our team at Blue Coat wouldn’t be in a position to help them solve the inevitable problems that came up. IT people knew to push back on change because the way they had gotten software was inherently risky and they were right. That conflict between security and innovation was one that would go unresolved, and would ultimately be the catalyst for Boris and me to create tCell.
Things have changed drastically in the last few years. The early signs of friction I saw at Blue Coat was becoming the norm in every company trying to stay competitive and on a much larger scale. SaaS products have replaced on-prem packaged software. Cloud platforms have replaced datacenters. Most importantly, the disconnect between builders and operators of software had completely broken down. I saw this drastic shift while at Okta and benefited from being a part of this changing landscape. While Boris was at Splunk, he helped build some of the key tools that actually enabled this change. No industry change has had anything close to the positive impact on how I think about building products nor the amount of value I can provide to my customers and users. But the disconnect between builders and operators was left to the old ways. We were dancing around the bigger issue, hoping someone would present a solution instead of another workaround.
So why tCell? Because this transformation toward teams focusing completely on the unique value that they provide to their customers and leaving the underlying machinery to others is not complete. Security, particularly software security, is the glaring hole that needs to be filled.
Every team I’ve been on and every team I’ve worked with has spent more and more time trying to make their software more secure but struggled to maintain speed or effectiveness. Checking the box for compliance is no longer good enough. Relying on the network guys to protect things with a firewall is just silly given the migration to the cloud and the explosion in software services. So what’s to be done? We’ve seen some companies try to hire big appsec overlay teams which are expensive and resources are limited. Others try to push the burden on to all of the developers, but the growing number of frameworks make it impossible for developers to be really efficient at coding all of them. Some push for process enhancements, slowing releases that go against the trends that ops and dev teams are following. Others try to band-aid the problem with a proxy.
As software development and ops accelerate, application security is getting more important and harder to do. Boris and I knew we needed to rethink the problem and absorb the new technologies and philosophies that have revolutionized dev and ops. We need to operationalize and automate security.
tCell is software and cloud first in both where we are and what we secure.
Using tCell makes it easier to ship applications because we’ve lowered the risk of doing so.
We’re committed to solving real security problems, instead of just going through the motions.
Once we had decided on these principles, everything else became obvious. Applications should have a system to protect themselves (T-Cells). The lightweight agent + cloud analytics architecture, the lifecycle of discovery, detection and blocking, and the feature set covering OWASP top 10 issues, and misuse and abuse that’s as native to the application as your own immune system.
Building this product with our amazing engineering team and wonderful customers that we’re privileged to work with has been challenging and rewarding. We’ve seen a huge shift in attention to appsec even within the last few months. We know the time is ripe for an in-app security solution. I’m amazed that the early ideas that we talked about have materialized into the company that we have. I can’t wait to see where it goes.