Security Experts:

Security Startups: In Focus With SkyHigh Networks CEO and Co-Founder Rajiv Gupta

Security Startups Feature

Company: SkyHigh Networks  |  Who:Rajiv Gupta, CEO and Co-Founder

SecurityWeek: How did you start out in the computer field and in particular, security?

Rajiv: My interest in cloud goes back to 1992. In 1990, I got my Phd from Caltech and then joined HP Labs. One of the projects I started there was called client-utility computing. We recognized that clients want storage, applications, and utility but want to get it from the wall. This was a precursor to the cloud services we have today.

In 2002, I left HP and started my first company- Confluent Software- which provided Web services and cloud management. Today Confluent is part of Oracle.

Rajiv Gupta, CEO and Co-Founder of SkyHigh NetworksThen in 2005, I started my other company Securent, which was acquired by Cisco in 2007. I remained at Cisco for 4.5 years where I was VP/ GM, running a business unit. The first product my team developed won Cisco’s pioneer award. I then left to found SkyHigh Networks.

SecurityWeek: What brought you to found SkyHigh Networks?

Rajiv: I didn’t want to just marry the girl I knew - I wanted to date a little bit. My team and I decided to come up with five breakthrough ideas, take a step back and analyze what we can do with each idea. An idea is essentially a mini case-study which examines the trends and the rate of changes. The reason we looked at changes is that startups flourish when there is a lot of churn. We performed the analysis for storage, mobile, services management and a couple of others. Before we selected the “winning” idea, we did some market research where we spoke to 120 companies. It was the fear and the promise of the cloud which came up over and over again. We were then able to identify that the trend of cloud adoption is taking off. There’s massive and fast growth there. The CAGR for cloud adoption is 25% - same as mobile. The growth of SaaS alone is 52% on a $14.5B base. Taking a step back and you can see that cloud is behind the mobile, social networks, and big data. The cloud is an enabler for most of these technologies and I’ve been behind it for 25 years.

I have two co-founders. One is Sekhar Sarukkai who was my co-founder and CTO from the previous two startups. The second is Kaushik Narayan – he was a principal engineer at Cisco and now he’s the chief architect.

Some other core members at Cisco that won the pioneer award are those that are part of my team now. These guys created game-changing things in the past. They have DNA in game-changing and that’s what we’re doing.

SecurityWeek: What does SkyHigh Networks 

Rajiv: We help organizations to use the cloud services by meeting their security, compliance and privacy requirements. We offer a suite of three services. The first is discovery – helping organizations understand what is the cloud exposure. The second is analysis – having to understand the risk of cloud exposure, i.e. the risk of service and risk of use. The third is control – control could be for example access control or data encryption.

SecurityWeek: How does it work?

Rajiv: For the discovery of all cloud services an organization is using, we take the logs from the egress devices. We analyze the logs, and then we tell what are the cloud services the employees are using. We have a registry of more than 2000 cloud services and for each of those services, we have an independent risk assessment of the series. There are thirty parameters used to compute the risk of the service. For example, is the service multi-tenant, does it co-mingle the data, does the service encrypt the data at rest, does it store the keys, does it require a jailbroken device, did it have a breach, does it do a pen-test, does it have SSO, etc. Then there’s also risk of use. To illustrate, let’s say I’m a salesperson so I need access to Salesforce.com for my job. Normally, I only access 5 opportunities a day. But if for the past 3 days, I’ve accessed 100 opportunities each day then that’s anomalous and I would want to know. Or if I suddenly see access to Box from someplace that’s not my usual Chicago or San Francisco, then I want to know about it.

SecurityWeek: What stage are you now?

Rajiv: We just launched the company in February. We had a series A from Greylock in March 2012, $6.75M. Today we already have paying customers. The total number of customers we have are about 15.

In terms of human resources, we have 44 employees.

Update: SkyHigh Networks has recently announced that they raised $20 Million in Series B financing. Our interview was conducted several weeks prior to the publication and so does not reflect these current numbers.

SecurityWeek: What’s your business model?

Rajiv: It is a subscription model. In some sense that is the way of the cloud world. I don’t want to introduce friction in that process. That’s a key differentiator – not only what we’re doing, but how do we do it.

SecurityWeek: What are your markets?

Rajiv: Today we have customers as big as 350K employees, to 600 employees. So, it’s not just financial services, but it’s also manufacturing, healthcare, insurance, retail, etc. I can’t think of any business that doesn’t need innovation and information.

SecurityWeek: Who are your competitors?

Rajiv: The only company that painted a similar vision is Symantec but they don’t do risk or discovery. Much of their vision is focused on Access Control, encryption, DLP - even when they talk about cloud security. And then, their focus is giving you a box to deploy on premise. However, most companies want a service not only for a go-touch but also to prevent the backhaul of re-routing traffic through the enterprise edge (VPN, GWs, etc.).

SecurityWeek: What do you look for when you hire?

Rajiv: First, let me say that we’re hiring massively. We’re headquartered in Cupertino, California and have offices in Bangalore, India.

I look for three things. The first is the most important which is somebody with some form of a start-up experience. This is important at least with my early employees. These are the people that understand the urgency and the importance of each customer. In a start-up you need that direct engagement – and the sense of accountability – with the customers. The second thing I look for is somebody who can take the initiative and doesn’t necessarily need to be told what to do. Later on it’s more organized, but initially you need the can-be-done attitude. Third, I need very sharp people. Every new hire needs to raise the bar at the company.

SecurityWeek: What is your biggest challenge as an entrepreneur?

Rajiv: I pay a lot of attention to hiring since it sets the path to the company. I always worry about calibrating myself to a higher bar and missing good people, or having a bar not high enough and getting people who are not A+. Because a B-level person will hire a B-level person which will bring the company down.

At my prior start-up I also experienced saying no to a customer. That’s really tough. In your early days, every customer is important but you need to say that you will not change the roadmap just to do a specific thing, especially when it comes with a huge check.

SecurityWeek: Other than yours, what is your favorite startup – whether it is in security or not?

Rajiv: Twitter is one of my favorites because they didn’t realize what they had when they started and even so, they quickly made a movement from it. They were essentially an SMS in consumers’ computers. That’s a perfect model of jumping into the waters with a mundane idea, but once they jumped they found the current and swam so well.

Note: I liked that Rajiv recognized his competition. I get to meet a lot of start ups that when asked about their competitors they say that they have none. That stumps me. Even if there does not exist a company that does exactly what the start up offers, or the marketing message of an equivalent company differs – that doesn’t mean it’s not competition. Of course a start up should differentiate itself from other companies – that’s what a start up essentially is. And that includes admitting the competition.

view counter
Noa is a private consultant specializing in building thought leadership teams within tech companies. She is one of SecurityWeek’s first columnists with previous columns focusing on trends in the threat landscape. Her current interest lie on the business-side of security. Noa has worked for Imperva as a Sr. Security Strategist and before that, as a Sr. Security Researcher. She holds a Masters in Computer Science (specializing in information security) from Tel-Aviv University.