Manifesto

We are Veza

Maohua Lu, CTO; Rob Whitcher, Chief Architect, Tarun Thakur, CEO; Rich Dandliker, Chief Strategist

Our mission is to help organizations trust confidently so they can unlock the value of their data.


We believe:

  • Data is the most valuable asset of an organization. Think about all the assets of your tech stack: infrastructure, compute, apps, and the network are increasingly commoditized, bought as on-demand services, and have value because they move, transform, and store data. Data is at the top of the value pyramid of any organization that leverages technology.

  • Data architectures have changed forever. In earlier stages of digital transformation, the areas of infrastructure, identity, apps, and compute went through massive change. Now, data is moving to the cloud and the transformation of data systems is underway.

  • Data is everywhere, not just “data systems.” Data has broken free of databases; it lives and travels through multiple cloud-based systems. For example, mission-critical company data is flowing through compute services like AWS EC2, created in apps such as Github, accessed through secrets managers such as Hashicorp Vault, and visualized in apps such as Tableau. To tackle data security, you need to go beyond just protecting what are traditionally considered data systems.

  • Service accounts are the new “identity.” People matter, but machine identities are growing more quickly and legacy approaches don’t give good visibility or insight “beyond the service account” and what is happening to data after the service account is getting access. People have traditionally been siloed in IAM systems, and service accounts have been siloed in PAM systems. A modern approach to data security has to connect both to people identities and machine identities, which connect via service accounts.

  • Compliance should actually improve security. Audit and compliance are a “necessary but not sufficient” business process. The vast majority of ransomware victims passed all their security audits! Since you need to do compliance anyway, you should make it reduce your security risk in a meaningful way- vs. relying on “security theater.”

  • “Authorization truth” is the foundation of data security. Understanding and managing authorization is central part of customer requirements for Identity Governance and Administration (IGA), Privileged Access Management (PAM), Data Access Governance (DAG), Identity and Access Management (IAM), Cloud Infrastructure Entitlements Management (CIEM) and other emerging markets. None of these solutions answer “who can and should take what action on what data” comprehensively, and we believe that doing this well will converge the stack of Data Security. Once you truly understand authorization, then (and only then) can you tackle the problem of how to construct a single control layer for authorization.

  • Trust must be earned. Both from a company perspective and a product perspective, you must demonstrate knowledge and accuracy before you can expect customers to give you the ability to affect change in mission-critical environments. Before you will be allowed to “fix,” you must show that you “know.”

  • Great products must be practical and rooted in customer needs. Customers know their problems, and you must be guided by them. Your solution must not just look good on a datasheet, but must also be deployable and usable, and not force a rebuild or re-architecture. For example, cloud may be driving change, but hybrid on-prem is often still the reality for many.

  • New solutions should not introduce new potential points of failure into the customer infrastructure. Designing solutions that add new dependencies and risk into delivering data to its destination (e.g. in-line, proxy architectures) are doomed to be only adopted for side projects. Solving one problem by introducing a new and bigger one isn’t helpful.

  • AI and ML technologies will be the centerpiece of the next generation of great companies. Intelligently collecting, using, and combining data to solve specific problems creates a strategic moat for companies: training data for AI and ML. These will be the most transformative technologies over the next decade, and the winning companies in any technology space will be heavily weighted toward those that can leverage this technology most effectively.

  • Open Extensibility > Closed Ecosystem. Although we love Apple products, we believe that for organizations, extensibility wins over a walled garden. Connecting to many things and allowing others to do so as well ultimately creates more value for our customers.

We are determined optimists. When faced with an unsolved problem, we start with the belief that we can solve it, rather than assuming it is too hard. When inevitably faced with adversity along the way, we welcome the challenge that will make us stronger and dissuade others from following behind.

See how Veza accelerates your data security initiatives

Watch our Core Authorization platform demo