BlueTalon CEO sees sharp need for data-centric security

Enterprise IT veteran Eric Tilenius believes the days of focusing exclusively on endpoint and perimeter controls are gone

With roots in Silicon Valley’s great enterprise software flagship Oracle, experience riding another rocket ship (Intuit, as Quicken became the world’s money management program), having lived inside the web tornado with his startup Netcentives, then managed a rollercoaster in Zynga (of Farmville game fame) and via roles in VC, Eric Tilenius has the sort of CV that appears custom-written for his current gig as CEO of Redwood City, California security software startup BlueTalon.   

The technology sector is an area that provides lots of lessons and some of them are even worth paying attention to. It’s also a place where towering egos can threaten to damage the most solid platforms but Tilenius strikes me as a calm man, not given to hyperbole, when we speak recently by transatlantic phone call. The thread to his career, he says, is making complex things easy and secure, even if he has not worked in a security specialist firm before.

BlueTalon is just three years old but in August this year the company received $16m in VC funding and Tilenius has high hopes of building a huge force in data security by focusing on the data itself rather than the perimeter boundary or the endpoint device, the two well-trodden tracks taken by most in the field. I speak to him just after Russia’s Office of Personnel Management has been breached in what Tilenius calls “one of the biggest heists in history”. He says that the compromise is illustrative of the need for what he calls data-centric security where BlueTalon’s cloud-based or software stands sentry above the database and “nothing gets through unless we approve it”. That approach of inserting a protective layer can sometimes play havoc with performance but Tilenius says BlueTalon’s engineers have been able to reduce the overhead to less than three per cent. Buyers pay a subscription charge and business users have a simple GUI that lets them put rules in place or who gets access to what.


A data-first outlook

Endpoint and perimeter security have their merits, he says, but if you can bypass those then “it’s an all-you-can-eat buffet of data”. By contrast, BlueTalon is predicated on the notion that different data sets have different values and the security you apply to those sets should tally.

“We believe our technology would have stopped any of the big data breaches you’ve been reading about,” Tilenius says boldly. “Overwhelmingly these breaches are from data taken from databases. Data is the lifeblood of business today and you want to give access to people who need access to it - but not too much. It’s about ‘what can they see?’ and ‘what damage can they do?’”

Ultimately, Tilenius says, BlueTalon’s modus operandus is similar to the old joke: “Ask a robber why they rob banks and they’ll tell you because that’s where the money is.” The real value of IT lies in the data and so it’s the data that needs protecting, not just the building or the things the data touches.

The old approaches of companies just tying down infrastructure won’t work in this hybrid IT world, Tilenius argues.

“Fundamentally you’re setting yourself up for disaster,” he says. “It used to be they’d be an Oracle or DB2 shop but now there are new formats, volumes are rising… you have NoSQL, Spark, cloud, Cassandra for time-series analysis, SQL for classic analysis, Hadoop for bulk storage and those policies don’t work anymore.”

BlueTalon’s answer is policy-driven: to secure data across platforms – recent announcements will allow the company to get closer to the metal on DataStax and Cassandra – and to “only show what the rules say can be shown”.


Asteroids and aeroplanes

It’s a formula that has taken BlueTalon to collect customers including “multiple” Fortune 10 clients and Tilenius contrasts his company’s focused approach with that of all-rounders, having a dig at IBM’s “do you want fries with that?” offers whereby its Security Guardium suite is sometimes packaged alongside deals with other software products.

Tilenius makes the comparison between an asteroid and an aeroplane crash – one happens very infrequently but is much more serious than the other so it makes sense to reduce the impact of the breach. I suggest that this is the “crown jewels” tactics by which ultra-high value assets are afforded extraordinary attention. Trumping this by switching metaphors, Tilenius compares the approach to that of a submarine where valuable assets are compartmentalised or submerged.

The high-concept pitch is “what Palo Alto Networks did for network security we’re trying to do for data security” but how big is the pot of gold at the end of the rainbow?

“The need and opportunity is there to build a multibillion dollar leader in data security,” Tilenius says. The market is “kind of like Swiss cheese”, he says, where there are always holes to be filled but “I don’t think there’s anything else out there like us.”

Having seen Zynga win big with Farmville, double-down on Facebook and miss the mobile boat, he is keen to keep his fledgling operation on course.

“We’re still in the early stages of the journey but we’ve proven the technology at scale with some of the toughest people out there and can get it out there to everybody.”

Tilenius says BlueTalon will likely need more funding as it grows its customer base and builds recurring revenues on the SaaS model. The company, he says, is at that stage where clocks are being added to the wall to support a globalising customer roster. Now it’s about BlueTalon getting its claws into more customers.


Also read:

CyberArk CEO defends against insider threats

Inside a security tech IPO

Mimecast CEO is still a bull after going public