Skyhigh Security is technically a new company. But it is also, in some respects, far from it.
The company’s DNA dates back to 2013 with the launch of Skyhigh Networks, a cloud access security broker which aimed to secure business connections to the growing number of applications and services in the cloud. McAfee acquired Skyhigh in late 2017 in an effort to bolster its cloud security presence.
In early 2021, the private equity firm Symphony Technology Group (STG) acquired the McAfee enterprise business for $4 billion. McAfee Enterprise Products was split into two companies. high security, formed in march, was created as a continuation of McAfee’s enterprise cloud security products. The other, Trellixis an extended detection and response vendor that combined parts of McAfee with STG’s sister acquisition, FireEye.
From a product standpoint, Skyhigh contains parts of the McAfee Enterprise Security Service Edge portfolio, including its cloud firewall, cloud-native application protection platform, cloud access security agent, web gateway secure, zero-trust network access, cloud data loss prevention, and remote control. browser isolation technology offers.
Gee Rittenhouse, CEO of Skyhigh, and Thyaga Vasudevan, vice president of product management, recently discussed the company’s evolution and why their approach to merging cloud security with network data protection will be a better fit than merging it with the McAfee’s endpoint security business. rittenhouse previously directed Cisco’s cybersecurity business, while Vasudevan previously worked at McAfee and Skyhigh Networks.
To begin with, Gee, how did you become CEO of Skyhigh Security?
Gee Rittenhouse: Let me back up for a second because I think it will connect the dots. McAfee, being primarily endpoint protection, wanted to start protecting data. And of course they realized that the data was going to the cloud. They started doing the acquisitions with Skyhigh Networks and others to bring all of that together, thinking that from an endpoint perspective and a data protection perspective, we could connect the two. It turns out that the market sees those two very differently. So that was what ended up dividing the two companies.
When I looked at data protection, I was looking at it from Cisco, which took a different perspective and thought about data protection from a network perspective. This means looking at the packets, inspecting them, and trying to route the packets in the most secure way. That’s getting harder and harder because those packets are encrypted, the network is going down, TLS 1.3, all of these things are happening. This meant that if you approach it from a network perspective, that problem becomes increasingly difficult to solve. So, this realization was going on for several years.
I’ve known about the McAfee Enterprise cloud for a long time and I’ve known [former McAfee senior vice president of cloud Rajiv Gupta] for a long time. But prior to the Symphony acquisition, there was reluctance to split the two companies. And if, from Cisco’s perspective, it was going to consider acquiring it, it had to acquire everything. And I didn’t want that endpoint side, it was just the cloud side. After I announced I was leaving Cisco in the fall, that’s when Rajiv and STG approached me and said, ‘Wow, we’d like you to take over this business and lead it into this space.’ I joined STG as an operating partner in December to facilitate the separation of Trellix. We did it in the middle of January and I stayed with McAfee Enterprise until Skyhigh launched in March. I wasn’t hired to be a professional CEO, because when you do it’s usually from an exit event or from a financial perspective. I was hired to lead the company because of my experience in networking, cloud and data security, and this is the direction Symphony Technology wants to take the business.
Skyhigh Security is an interesting case, because it is in some ways a new company and in some ways an old company: McAfee products and the Skyhigh name. What are the challenges of being this type of hybrid old business-new business?
Rittenhouse: I think there are three: The first challenge is just to define the company, the brand, what the company stands for and what it does, because there has been a partnership with McAfee, which is in a very different space than the space that we participate in.
There is also work No. 2, around [figuring out] where we are going and where we fit in the market. Our technology is based on deep technical expertise that takes years to develop, but we are also new. As a new company entering the market, where do we fit among the peers? Because the market is changing forever.
And then the third part of this is kind of leading the market into this new space, because we’re really combining traditional edge security of proxies and things like that with data security, and the industry still likes to segment things . ‘Oh, are you a proxy company?’ Or ‘Oh, are you a data company?’ We’re breaking that down and saying, no, actually, the future is cloud and the future is data. That’s where we are. That is where our history led us.
There seems to be a lot of benefit to using the Skyhigh name because Skyhigh is not McAfee in the first place. It is also an established cloud security name. It seems that the name fits almost all of these three challenges.
Rittenhouse: Yes, well, it was deliberate! But what’s interesting is that if you follow the story of Skyhigh, there’s a subtle difference. They are not networks, it is security. So there is a difference between Skyhigh Networks, the former company, and the current Skyhigh Security company. We’re taking on that larger mission, that larger ambition. But we have embraced this broader mandate to help defend the world’s data.
What has the culture been like since the company officially parted ways three months ago? Is it business as usual, with the same offices and similar people apart from short shifts? Or is it like a new startup culture?
Gee RittenhouseCEO, Skyhigh
Rittenhouse: I don’t know what it was before I got there, but I can tell you what we’re focused on. We focus on embracing learning; the market is changing and we have to learn and adapt very quickly. We focus on diversity; we bring all kinds of different people and different perspectives. We focus on simplicity and making it really easy. And so we are transparent in our language. We are clear in the way we explain things because we want to educate, and then we are transparent. We interact; we work as one team, we pose problems as a team, we solve problems as a team. There is a level of transparency. Those are the kind of four key elements of our culture that we’re pushing today.
Thyaga Vasudevan: I love that. And just to add to what he said, I’ve seen this culture evolve in the last five years. I just took a trip to our dev center in India and had this really amazing time interacting with the developers. Everyone feels so energized because at the end of the day, everyone comes to work to get the job done. But if you just do the work, the magic will never happen. You must personally believe that you are doing something good for the organization and for the customers who take advantage of the product. Everyone fundamentally believes in the mission of protecting the world’s data.
I guess there was a bit of established business energy working in the office day to day at McAfee. Being a new company, does Skyhigh still have that entrepreneurial energy? Or would you say there is more than one new start energy?
Vasudevan: I definitely feel more of a startup vibe than I did before. I think part of it is that we’ve become aware of the name. sky high it brings a lot of positive energy and positive emotions, of being a leader, an innovator, a disruptor and a fast mover. And while there may be people who believe in belonging to the old McAfee business legacy, they themselves are forced to change because they see change happening so fast. And I definitely see that there are still areas in the company where we need to move faster, but every company has areas for improvement, and that’s what we’re trying to focus on.
How has the transition been from former McAfee customers to Skyhigh customers?
Rittenhouse: From a terms and conditions perspective and an acquisition perspective, nothing has changed. We still have the same contractual terms and conditions, the same back office and the same acquisition. However, what has changed is on the front end of being able to talk to them about the cloud and take them on their journey. They are also in this transition and we are aligning ourselves to bring them into that transition. But the way they interact with us, it’s really the same infrastructure that we had before. We make it as easy as possible, because you don’t want to form a new company and then have to renegotiate every deal or renegotiate these things. We’ve kept that constant to make dealing with Skyhigh as easy as possible.
Vasudevan: The product is also the same. The product has been marked as sky highso they log into the console and see sky highNo mcafee. It’s been a very, very smooth transition for all of our clients.
What’s next for Skyhigh Security from a product standpoint?
Vasudevan: The first thing that I really liked about what Gee did for the company was to define the company’s mission and values statement: to be able to protect your data. Everything we do within the product today is very data-aware. And on the platform, what we have today is our secure web gateway solution, we have our cloud access security broker solution, we have our zero trust network solution Private Access and we have our cloud security solution public. All of these have now come together as a unified platform, and this was the most important thing that we’ve been talking about at RSA with different clients, because it’s a difficult problem to solve.
If you only focus on network access, you can’t solve data protection across the board. Consider a situation where a user is going to upload some sensitive data to a shadow IT application like Dropbox. If you’re doing it through the network layer, you can catch that, right? Now think if it was uploaded to OneDrive. Now what happens in the cloud [is that] nothing can be detected through the network layer. You need an API based layer to be able to detect that. Unless all of this is brought together on a unified platform, you will not be able to deliver the value proposition to the customer.
Now for the next big thing, I think the first thing we’re trying to do is make sure there’s consistency in our data protection policies across the platform. Unification is going to be key in a lot of what you see of us.
Publisher’s note: This interview was edited for clarity and length.
Alexander Culafi is a Boston-based writer, journalist, and podcaster.