Trust is a crucial element of building a successful business. Innovation thrives in collaborative environments, and an organization cannot sustain itself as an island. External vendors, third-party integrations, employee independence and democratization demand a measure of trust to be placed outside of the organization. At the same time, trust makes us vulnerable. It can quickly breed reliance, then complacency and ultimately may affect our business and security postures. Third parties, while beneficial, require access to critical organizational assets and data, and must be managed. The growing dependency on cloud-based solutions and automation led enterprise environments to build an evolving network of application-to-application interconnectivity which is a technological blind spot and creates an emerging risk surface.
Today, we are extremely excited to share that we have raised a $7M seed round from YL Ventures and prominent security professionals to launch Valence, the first Collaborative SaaS Security Remediation platform company.
If the Solarwinds attacks taught us anything, it’s that trust and dependence on third-party vendors without oversight and management can have severe ramifications. It proved to us that we are only as strong as our weakest link, and that existing third-party risk management solutions such as vendor questionnaires, are not as robust as we need them to be. When Shlomi and I began our ideation process for Valence, we wanted to find a way for enterprises to increase business efficiency and innovation, while maintaining trust between organizations, vendors and third parties, without jeopardizing security.
During our conversations with dozens of potential customers and seasoned security professionals, we noticed a recurring narrative. Hyperconnected organizations operate dozens, if not hundreds, of best of breed SaaS and self hosted business applications. Application ownership is distributed in business units and departments across the organization, accelerating innovation and efficiency. However, security teams are scrambling in the dark in their efforts to map out the numerous vendors, connections and data flows between them. While this expansive network provides value and agility previously unattainable for businesses, this interconnectivity is indiscriminate, carried out on an app-by-app and owner-by-owner basis through SaaS marketplaces, direct API connections and complex hyperautomation workflows that results in shadow connectivity, over-provisioned privileges and unmanaged third-party access.
The markers came out, and as we began to sketch our understanding of this web of interconnectivity, we discovered the formation of a new network - a Business Application Mesh - with its own unique risks and rules. The Business Application Mesh is constantly growing and evolving, and with it the blindspots for organizations relying on this web of connections for productivity and automation, without knowledge or transparency as to the risks they are susceptible to. These are uncharted waters for security, and as we dove deeper into understanding it, we realized that by applying zero-trust principals, we can significantly reduce the risk surface for digital enterprises. Valence’s platform shines a light on all of the critical API connections and hyperautomation workflows in the Business Application Mesh, monitoring their usage and defining and enforcing access policies across them. Our platform allows organizations to utilize the significant benefits of the Business Application Mesh without constraints, ensures that their security posture is sound and continuously protects their assets.
Positive market reception of our platform, gained through early customer feedback, compounded these concerns. Cybersecurity experts and potential customers were surprised by the number of third-party connections exposed by our platform for the first time. The actionable risk reduction was immediate. Through these conversations with industry professionals it was clear that the Business Application Mesh can no longer be ignored or mitigated using antiquated risk management solutions. Maintaining the status quo harms enterprise security and jeopardizes stored data. Recent third-party breaches brought third-party risk management front and center in boardrooms, becoming a top concern for security teams and managers alike. Our vision was validated by CISOs’ need for full visibility into application-to-application connectivity, and for a full assessment of the supply chain risk surface. This is how Valence was born.
Valence defines a new category in the cybersecurity landscape. A critical problem space, necessary market education and potential access to the largest network of cybersecurity advisors cemented our decision to partner with YL Ventures, a leading early-stage cybersecurity VC, to fulfill the unique market opportunity we identified. Consistent industry feedback on our solution increased our determination to illuminate the Business Application Mesh and make it safe, accessible and continuously monitored. Our stellar core team at Valence, armed with a phenomenal group of advisors including successful entrepreneurs and CISOs from global enterprises, and with the support of YL Ventures and their large network of cybersecurity heavyweights, is up for this challenge and ready to become the industry standard for securing the Business Application Mesh.
We can’t wait to share our insights with the industry, and invite you to learn more about securing your Business Application Mesh at www.valencesecurity.com.