Manage Learn to apply best practices and optimize your operations.

Ten years on, SaaS provider's aim is improving cybersecurity

Waltham, Mass., tech company Sonian offers a cloud-based email archiving and analytics platform to companies and government agencies. The 10-year-old startup was acquired earlier this month by computer security vendor Barracuda Networks (which private equity company Thoma Bravo agreed to buy for $1.6 billion).

Greg Arnette, Sonian’s co-founder and CTO and now director of data protection platform strategy at Barracuda, spoke to SearchCIO before the acquisition. A wide-ranging discussion about the role of the CISO and improving cybersecurity also included topics such as the company’s founding, in 2007; its years of growth alongside cloud giants Amazon Web Services (AWS), Microsoft Azure, Google Cloud Platform and IBM SoftLayer; and the utility of IT security frameworks published by the Payment Card Industry Security Council and the National Institute of Standards and Technology (NIST).

Over the years, as cloud computing gained in popularity, the company gained business – with more than 29,000 customers today. Improving cybersecurity became a guiding principle, Arnette said, including in its own offerings, which now include tools that can determine whether data from emails is leaking out of an organization.

“We’re looking to provide evidence-based results that can help businesses make better decisions,” Arnette said.

Following are excerpts of that conversation.

You started Sonian a decade ago. What led to its founding?

Greg Arnette: The original idea that sparked Sonian was around this notion that the combination of the rise of public cloud would be a game changer in IT. Ten years ago that was an early thought that I think has been proven out with where we are today with the rapid rise of AWS and Azure and Google and SoftLayer.

Greg Arnette

Greg Arnette

So [Sonian’s emergence reflects] the rise of public cloud, the need for modern, newly architected information management services to be offered as software as a service (so it can be consumed by businesses, monthly, pay as you go) — and the need to solve a problem with enterprise scale but by using consumer-design-like web UIs, so it’s easy, intuitive.

Tell me a little about your services.

Arnette: What Sonian provides is a web service powered by public clouds that helps a business retain, search and analyze their employee-generated content like emails, files, docs and discussions and do it in a cloud-like way. So it’s subscriptions and about making it simple — nothing to install, up and running within 15 minutes. Over our 10 years, we’re now servicing 29,000 customers around the world.

And we have about 60 go-to-market partners. Our partners typically bundle what they get from us as a white label alongside other things they’re selling to their customers. Examples of partners include companies like IBM, which services the very large enterprises of the world; GoDaddy, which services millions of small businesses around the globe; and Rackspace and Intermedia, which are serving the midmarket.

How are you improving cybersecurity for your customers?

Through our tens of thousands of customers and our go-to-market relationships we’re amassing a huge amount of data that’s rich in content, and that drives into the next wave of features that we’re making available to our partners, which are around security insights.

[The feature set is] along the lines of, preserve the data, in case you get sued or you need to do discovery on it or want to put it on legal hold — you want to preserve it for search and recovery. And now analyze the data, looking for trends that can help the IT department understand how these collaboration systems are being used in terms of information leaking out of the organization, or could employees be potentially violating the acceptable use policy that governs how they should be using the e-mail system internally? We’re looking to provide evidence-based results that can help businesses make better decisions.

So your product is cloud. How about your IT and business operations? Are they all cloud?

Arnette: Yeah, we’re 99.9% cloud. The finance team has a very small on-site file server for some file sharing — sensitive content and so forth. Our internal company email’s all cloud-based. We’re using Salesforce; we’re using ZenDesk, It’s a typical back office system you see these days that is becoming popular — a cloud-first approach everything.

Where we host our software, that is, the feature set that we sell to customers, that is also multi-cloud-capable. We’re on Amazon, and we’re on IBM SoftLayer and other public clouds that we host our software on, because some of our partners prefer us to be on a certain environment over another one.

What role do IT security frameworks like the PCI Data Security Standard and NIST Special Publication 800-53 play in maintaining and improving cybersecurity?

Arnette: Those are very important. They become benchmark reference standards for how we position what we offer to our customers and also how we evaluate new technologies that we want to use. The NIST 800-53 framework has I think over 400 different controls that describe how technology should be operated securely.

And it goes very wide — it gets into, How do you respond to a security breach? How do you do change management? How do you notify customers of new updates? So it’s just not technology; it’s process, too. [NIST guidelines] are the frameworks that government researchers put out to public domain, and then the public can use them because we can all point to them and say, This is how we know we’re all secure in a transparent way.

A SearchCIO two-part interview with Sonian co-founder Greg Arnette focuses on the CISO role at the cloud provider and how it’s improving cybersecurity and the skills and experience needed to be a CISO today.