Like many of you, I didn't see that movie called Sex Tape, the one with Cameron Diaz in it from a few months ago. It was apparently a terrible movie, but its plot is relevant to what I'm about to talk about, so bear with me for a moment.
It revolves around a couple who make the titular tape, then accidentally upload it to the cloud, where apparently everyone of their friends and family can see it. Yeah, it makes no sense, but it does hit somewhere near a problem that actually does exist in the real world: cloud security, and and the ability to both secure, and manage, both cloud applications and the data that is uploaded onto the,
That is especially true for enterprise companies, which have to trust multiple people to have access to files that are both sensitive and important, and need to be protected.
Enter FireLayers, which is attempting to redefine the way companies secure and manage their cloud applications. The company, which came out of stealth mode in February, offers a unified security platform protects companies' cloud assets and ensures security and compliance across all cloud applications.
"When companies adopt cloud applications, they basically have limited control over the usage of the apps," Yair Grindlinger, CEO and a co-founder of FireLayers, explained to me in an interview. "Once you have a login, you can basically do anything you want from any device, anywhere in the world. And this exposes an app to significant risks."
For example, anyone who logs into Salesforce with a stolen session login can start changing things inside the app, including deleting accounts and contacts, before the organization will ever even know it happened.
While the first line of defense has been adopted, he said, meaning single sign-on to make sure that the company knows the identification of any employee that has logged in, FireLayers is the "second step," helping those companies "manage and know who is supposed to log in and where."
What the service essentially does is give its clients extra control over what can be accessed, and by who. That means that the company can give certain people permission to delete files, to download or change any files.
"It goes beyond basic login management. This is granule control over the application," Grindlinger said.
There are multiple reasons why a company would need this type of control, he told me, and that he looks at problem from three different levels:
First, he said, people simply make mistakes sometimes.
"The more people you have, and the more cloud apps they use, the more mistakes they can make, and they can be devastating."
A mistake can mean unconsciously deleting 1,000 files by accidentally clicking on the wrong thing. And even if the didn’t do it to harm the organization, it can still be extremely harmful, and with a log, no one will know it happened until, let's say three months later when someone will need file.
Another mistake might be that an employee used someone else's device or computer, downloaded Google drive to the local device and then forgot to log out, giving someone else access to delete the entire drive.
Second, there are hackers trying to get to access to sensitive information.
"There is shared responsibility between the app provider, which brings the app securely to the corporation, and the corporation itself. They need effective access controls, and we give them the tools," Grindlinger said.
Lastly, the issue of control has to do with compliance,
"A cloud app contains information that might be protected, and so the organization needs to have strong compliance," he told me.
If a public company has Salesforce, their entire pipeline, including financial information, credit card information, healthcare information, and other data would be on their cloud application, all of which needs to be protected to comply with regulations, such as HIPAA.
With FireLayers, organizations can combat these scenarios by creating a rule that anyone altering or deleting more than five files need two-factor identification, just to make sure that someone doesn't remove anything, either by accident or on purpose. The organization can also set it so that files can only be deleted if the person is using a corporate device.
Every login goes through FireLayers, and requires two-factor identification every time any person tries to access the app. The organization can even say they want access to be to corporation's network only, so even hackers get access to usernames and passwords they still wont be able to log in. FireLayers also does a full audit log of what everyone does in every application.
What FireLayers really is, Grindlinger said, is a go-between for apps and their users.
"A power company brings electricity, but they don’t wire the home and they don't stop kids from sticking their finger into the socket," he said. "Cloud apps provide the apps, but there needs to a layer between users and apps."
That used to be provided by an on premises IT department, but now its going off-site with the move to the cloud, which allows more control over every command in every application.
This is the "biggest change in IT since introduction of the Internet," Grindlinger told me.
"We are going to be the platform that organizations can use to define each app. What are the things, from their perspective, that they need to deploy?" he said. "We want to be the platform that manages that. We want to be the new firewall, the new security gateway, that allows organization to assume responsibility."
Founded in 2013, the Redwood City-based FireLayers right now has 10 customers, with seven of them fully deployed. In February, the company received an undisclosed amount of seed funding from YL Ventures.