Tel Aviv, Israel-based Canonic Security has emerged from stealth with $6 million seed funding from investors including First Round Capital, Elron Ventures, SV Angel and Operator Partners. The company provides a third-party app governance platform powered by an app sandbox.
Industry is increasingly adopting SaaS solutions, and users increasingly connect their own choice of apps to the existing IT-approved business applications. It’s a user-driven aspect of the composability principle advocated by Gartner’s 2021 survey of 2,000 CIOs.
“Over half of high-composability respondents said they promote a high-trust culture that encourages employees to independently make decisions – double the percentage of moderate- and six-times more than low-composability enterprises,” says Gartner. Enterprises, it says, must embrace composability to thrive through disruption in 2022 and beyond.
User-introduced third-party apps that aid the users’ own tasks is an example of ‘composability’. It can improve performance, but places a severe strain on the security team charged with securing operations. “Highly composable environments integrate business application components from third parties and citizen developers without ever requiring standardized vendor controls, ultimately expanding the attack surface,” warns Canonic.
Composability encourages users to introduce additional apps effectively without approval; but the security team needs to understand any possible negative effect, and is overburdened by app vetting and approval processes. “This has opened up a whole new frontier of security challenges,” comments Josh Kopelman, founder and partner of investor First Round.
The Canonic solution is to sandbox the third-party apps before they connect to the customers’ approved IT applications. Its app governance platform has sandboxed tens of thousands of apps across industries including healthcare, defense and software organizations. The Canonic platform seeks to eliminate the inherent contradiction between composability and cybersecurity.
The platform streamlines third-party app reviews. Is the app over-privileged, demanding permissions it doesn’t require? Is it really what it says it is? Has it been compromised? What does it connect to or from, and how?
The result provides visibility over first-, second- and third-party apps and API integrations; it uncovers rogue and vulnerable apps; and it can quarantine suspicious apps, reduce inappropriate privileges and if necessary, revoke and block access.
Canonic Security was founded in November 2020 by Boris Gorin (CEO, formerly senior director of information products at Proofpoint) and Niv Steingarten (CTO, formerly co-founder and VP of engineering at OverOps). The investment will accelerate the product’s go-to-market and development initiatives, which are already used in over twenty deployments worldwide.