Bringing security and management to the SaaS sprawl

How BetterCloud aims to make your cloud applications more secure and better managed.
Written by Colin Barker, Contributor

BetterCloud aims to help companies manage and secure their software-as-a-service (SaaS) infrastructure. Customers include Justworks, BuzzFeed, Design Within Reach, and others. ZDNet spoke to CEO and founder David Politis.

ZDNet: Can you give me some background to the company, the aims and how you got here?

Politis: In 2011 we started BetterCloud with the idea that we were going to be that place where you can manage your SaaS applications. We were going to build something that was purpose-built for SaaS. We were going to take legacy technologies and, let's say, shoehorn them into the SaaS paradigm.

Now we are about seven years into the business with about 250 people and we've got about 2,500 companies around the world that use us to manage and secure their SaaS applications. And today we support 10 SaaS applications natively with connectors in our platform for everything from G Suite to Salesforce to Office 365, Box, Dropbox and so on.


Politis: "We have chosen to leverage the APIs available from the applications we integrate"

Photo: BetterCloud

And it's been a really interesting ride to see how the market had evolved, the problems that companies are dealing with have evolved, especially as we go from the early adopters to really crossing the chasm in the companies that are really adopting SaaS.

Now we are seeing large organisations make the move. The more they start moving, the more users they have, the more activity they have and the more risk that is brought to the table. We have raised approximately $110m to date. The most recent round of financing was earlier this year and raised $60m and was led by Bain.

Identity is really the first problem that needed to be solved. The second problem was authorisation -- how do you control settings, configuration, entitlement? That's really where we come in. And it feels like we are just at the beginning of our curve now, because now that SaaS is more mainstream people are starting to see these problems in a way that they never have before.

What do you see as your key advantage over the competition?

I would say that there are two big advantages. Our product has truly been built based on the requests and the needs of our customers in the truest possible sense.

What I mean by that is that we did not build a product and a company to fit in some magic quadrant. What we did was speak to our customers at a very early stage. We relied on our customers who were dealing with these very early problems.

We wanted to understand the problem and build a solution that was based on solving those problems and do it in the correct way. That is really an important piece of our story -- that we have chosen to leverage the APIs available from the applications we integrate with and we manage and secure.

The fact that we have chosen to use their APIs to deliver our service is really important because it gives deep visibility and deep control over these environments.

That's versus a lot of the technologies that have come out that have been in a device or have been sitting in network traffic. Those are things that do not give you the type of control of the data and the type and the settings that are happening in a SaaS environment. The device control doesn't tell you what is happening there and neither does the network.

Frankly, a lot of people thought we were crazy when we started because this was just not something people were talking about. And there is a realisation that there is a need for this type of solution. We have spent a lot of money and a lot of time on our platform and now we have a lot of customers and a track record.

Can you give us one or two areas that you see as a way into a company you want to sell software too?

The number one thing that is getting people's attention today is that we can identify blind spots in their environment and then we can help them to resolve the issue, introduce new policies and then we can help them introduce new measures to enforce those policies around those blind spots.

What that means is that we can go into an environment and be able to tell them if people are forwarding corporate emails to personal email accounts. We can tell them if a file that has credit card information is being shared inappropriately. We can tell them if a contractor that left the company months ago still has access to the corporate systems. When someone leaves the company, we can help them to re-assign all that person's emails to the correct owners.

We sit in the middle of these applications and can give visibility and control of the applications.

We can identify major areas of risk in their environment and we help them remediate that.The real issue is that remediating it once is good but by helping them automate that process of putting policies in place it becomes much better. That's because there are so many SaaS applications, there are so many applications to log into when you work in IT, so many that most people just ignore it. By automating that work for them, that can make a really big difference.

The blind spot piece today is where we are seeing a huge amount of value that leads to automated policies.

You're saying that people are mostly using their own APIs. What about performance issues that may come from that?

We use the APIs of the SaaS platform itself -- so the Dropbox API, Box, Slack and so forth. Part of our IP is figuring out how to work with those APIs, because everyone's is different.

We understand what their throughputs are, what their threshold is and so on. We understand all of that and that is really a skill that took us a long time to build up because they're not all the same patterns. That's really part of our secret sauce. In most cases we are the number one consumer of those APIs from those platforms.

Can you give me a real world example of how your software has helped a company?

I'll describe one, a real estate company with thousands of employees. I will give you examples of what we found. One of the first things was that they had an email distribution list called payroll@[company name].com. And that email list was available to external people, not just employees. External people who could join that distribution list if they knew the URL.

It was sending the receipts of their payroll -- that happened every two weeks -- to this email address and people could join it.

Now, we found that, and we could then change the settings and the configuration of that distribution list. We then created a policy so that anytime an email list was created using that method we could kill that action and then send a Slack message to the security group to tell them what had happened.

SEE: Special report: The future of Everything as a Service (free PDF)

We then found that they had 300 former employees that had gone from the company for more than six months and those 300 people had not been off-boarded at all. They were fully active in several SaaS applications including Dropbox, Slack and G Suite.

Now we could see that and once we did, we could run them through a 60-step, off-boarding process to get rid of them and then we could automate the process so that the company would never have to go through it again.

The next problem is one of the most under-estimated problems. We went in and in that company of 3,000 employees they had 26 super-administrators on each SaaS application. To put that in context, we have companies of 60,000-plus employees that have three.

Of the 26, six didn't work at the company anymore. They still had full admin rights. We identified that and took their 26 admins to 3 admins. We then added granular roles to admins who needed that.

The last thing was that we found 200 people who were forwarding corporate emails to their personal email accounts. We dealt with that, too.

Now, I've told one story about these issues, but I have hundreds.


MongoDB wants to get the database out of your way

Open source company MongoDB wants to make sure that the type of database you chose doesn't get in they way of building the applications you need.

Like it or not, Adobe Creative Cloud has a monopoly on our muscle memory

Here's why maintaining a consistent interface is so vitally important to retaining dedicated, skilled users as customers year after year.

Survey: so far, so good with serverless computing

More bad news for server-huggers: there's no stopping the momentum toward adopting serverless computing -- in which server management and capacity planning tasks are handled by a cloud provider.

5 ways cloud computing will change in the next year (TechRepublic)

Increased enterprise cloud spending, containers, and SaaS-based apps are in the future of cloud computing, according to Forrester.

Editorial standards