Transcript:
Hi my name is Mike Lyborg, CISO here at Swimlane.
Swimlane is an automation and orchestration AI company where we really focus on hyper automation and making analysts’ lives better.
Question 1: Why are you prioritizing SaaS Security?
Yeah, I think the reason why we prioritize SaaS security in general is we needed to have a unified platform where we could aggregate and kind of correlate all of our different SaaS technologies, mainly for posture management, risk reduction, and then following best practices.
So as we're receiving compliance configuration recommendations, that was really the big piece of it.
In addition to that, also observability into our human and non-human identities.
So we have a lot of service accounts, as you can imagine, as we integrate and orchestrate with all of our tech and tooling.
And as we continue to add more and more SaaS tools like CRM, ERP, I mean, you name it, all of our IdP, so different providers, we needed that depth of coverage, and that's what Valence provided for us.
Question 2: What kind of impact has Valence had?
So some of the biggest pieces that we've seen improvements on is if you go back a couple of years, it was really like our sales ops, our rev ops, our IT and our security teams, and then our product and engineering teams working a little bit in silos, right?
Through this partnership with Valence, we've now been able to keep everybody informed and recommend configuration changes for better practices in accordance with the different standards and frameworks that we map towards.
A good example is, you know, we use Salesforce as our CRM, and I am no Salesforce ninja, but we definitely have people that are really well versed in Salesforce and configuring it.
And, you know, there's always blind spots if someone then promotes someone temporarily, like think shadow IT.
But in SaaS land, we can now get signals from that and then inform the Salesforce admins of those violations or threats or risks that they may introduce into the organization.
Question 3: What was missing from other SaaS security tools?
The reason why we swapped from a previous SSPM was there appeared to be a bit of a lack of innovation.
And there was little to no automation, which was fine for us, right?
That's what we do for a living.
But when you deal with hyper automation, pretty much every tech and tool in our security and technology stack has a level of artificial intelligence, and we call it micro automations of flows.
So even if it's MDR, you can take actions on EDR immediately on the edge, kind of correlate and aggregate everything up, and the same way that Valence is taking the flows and doing most of the work.
Now, we just have to unify and orchestrate those automation signals, right?
So the automated remediation was primary, plus the larger footprint for enterprise SaaS applications and platforms.
And then really the partnership was probably the biggest of all.
It's how do we get from where we're at today to where we want to get tomorrow?
So paint that picture, provide us with a roadmap, and also advise and assist in saying, hey, here's what other customers are doing.
Have you considered prioritizing this in the next sprint?
And then really just maturity, the automated reporting, RBAC, advanced RBAC, and ease of integration.
All of those were key components to why we decided to partner with Valence.
