Cloud AWS re:Invent Coverage | Tarun Thakur, Veza

Clips
News
More from Cloud AWS re:Invent Coverage

Tarun Thakur

Co-Founder & CEO

Veza

Cloud complexity reshapes identity security strategies for enterprises

Identity security plays a pivotal role in today’s interconnected digital landscape, reshaping enterprise strategies by shifting from traditional perim...

play_circle_outline Enhancing Cybersecurity with Identity as the Key and Shifting from Network to Permissions Security

play_circle_outline Importance of visibility and discovery in access permissions

play_circle_outline Importance of non-human machine identities

play_circle_outline Leveraging AI for automation and natural language search

play_circle_outline Focus on enterprise market

Info
Transcript

Tarun Thakur, Veza

Tarun Thakur

Co-Founder & CEO Veza

The discussion at the AWS re:Invent conference focused on the importance of identity in the cloud, specifically non-human machine identities. Veza's success is tied to identity management in organizations, the move to the cloud, and generative AI. Challenges in managing permissions in a cloud environment were highlighted, along with the need for a unified identity management approach. Veza's Access Graph data model and AI capabilities play a key role in providing visibility and control over access permissions. Their latest product, Access Request, simplifies ... Read more

explore Keep Exploring

What has been the evolution of cyber security over the last two decades, and what is currently seen as the biggest attack vector in the industry? add

What are the primary drivers behind the growth in the industry currently? add

What are the challenges surrounding managing non-human identities in the cloud environment? add

What are some of the features of the product called Access AI mentioned in the conversation? add

What are organizations looking for in terms of security and strategic planning for the next four years, especially when it comes to identity platforms? add

bolt Powered by CUBE AI

Tarun Thakur, Veza

search

>> Hello, welcome to theCUBE's coverage of the cloud players all battling it out for the supremacy in generative AI. Of course, this is the AWS coverage of their annual conference re:Invent. I'm John Furrier, host of theCUBE. We're on the ground here in Palo Alto, as well as in Las Vegas and Tarun Thakur is here the co-founder and CEO of Veza. Tarun, great to see you here-

Tarun Thakur

>> John, always a pleasure.

>> A lot of big news. Congratulations on all your success. The foundation of security has changed a lot. Permissions, the perimeter has changed. We've been talking about the perimeter being dead for a long time, but now identity is the key and hackers are having success every year, right?

Tarun Thakur

>> Absolutely.

>> Companies fail to tackle the most critical part of this attack surface, which is permissions. That's what you guys are doing, that's the tailwind. Give us the quick update.

Tarun Thakur

>> John, thank you, thank you so much for the opportunity being here. Always a pleasure. It's a big week for us with big announcements. Just to build off where you kicked off, look, if you look at the last two decades of cyber, we went from securing the network, securing the endpoints, virus and anti-virus, to securing the front door and what pretty much the rest of the industry, and everybody's realizing since our founding to where we are is permissions and entitlements, as you rightly noted. Identity is the biggest attack vector, identity is the perimeter, and if you look at what is the purest form of identity is permissions and entitlements, not necessarily your users names and groups names. And I think the industry has woken up to that point of view and that provocative point of view. And if you look at the tailwinds that are driving and you look at, like you just said, AWS and generative AI and the theme of the week and the month and really disruptive force for the decades ahead.

>> What's been the big tailwind drivers? Is it next-gen cloud? Has it been the AI wave? Is it the agentic? What is the drivers right now that you're seeing as powering your growth?

Tarun Thakur

>> Yeah, no, thank you, John. We came out of a very, very, very strong Q3. All three quarters year-to-date, execution. And if you step back and look at what are the big, big tailwinds and big forces behind our growth, I think number one is just like we said, identity is one of the top three priorities for organizations. Number two, if you look at the move to the cloud, the move to SaaS has been accelerating for the last few years. And the whole motion of the gen AI, the AI apps, the agentic AI, it's essentially every AI is a non-human and machine identity, something that we were discussing in the morning. And I think that generative is actually only adding more fuel to the fire. So, massive tailwind. But I would say also lots and lots of our winds are increased and increasing regulatory pressures when it comes to really fundamentally securing access to data. Data is the most important real estate. And so I think that regulatory pressure coming on organizations to really do whatever it takes to secure that asset is all adding fuel to the fire.

>> One of the things we love about this AI wave is it's changing all aspects of the stack from the infrastructure, the model layer, and then the app layer, which is essentially agentic. It's just another application in generative AI. So you're seeing the human in the loop being a very big conversation. And sure from a productivity standpoint, you're seeing massive surge, but one area that's growing significantly fast, that's I call it the pre-agentic wave, is the non-human identity, machines to machines. Tarun, you and I have talked about this in the past, the cloud was built on APIs, but now you're seeing a connected ecosystem where-

Tarun Thakur

>> Correct....

>> data, intelligent data is being passed through APIs. So this is programmatic and also human-prompted. So you have this new layer emerging, the rise of the non-human machine to machine agentic connected.

Tarun Thakur

>> Absolutely.

>> This is a big part because the data's involved. It is sensitive data. In some cases, most cases, it's not public data. I mean, JP Morgan Chase, they're on stage talking about this at re:Invent, they have more data than OpenAI does. They've got petabytes at JP Morgan Chase. They're not going to just do that. They have to really think through their sensitive data and with that, permissions. It's not thinking about it after the fact. So, take us through this. This is a huge market.

Tarun Thakur

>> No, I think John, you're using the same dictionary and the same vernacular, which is again, we lived in that world where organizations like JP Morgan, the largest financial institution in the world, when things are in your control and in the four walls of your data center, you can pretty much manage access permissions. But as you rightly said, something that we say very passionately and we get very positive feedback from our customers is like, look, every identity in the cloud is a machine identity actually. Every identity in the cloud is privileged. If you're running Snowflake in the cloud, you're running Databricks in the cloud and you're running apps on top of, it it's nothing but a service account. It's nothing but a service principle. And where it gets very challenging is there is no central repository, there is no active directory for non-human identities. So, where can I go look? And that's where again, adding to where we see a lot of reception with our customers that we're working with is just that plain discovery, just the visualization, that power of showing them the access permissions. Here are your non-human identities and what these identities can perform as actions. Permissions are nothing but actions to data that is spread across. So, it's very powerful movement and we believe, I think we called 2024 as the year of identity, and 2025 is going to be the year of non-human machine identity.

>> Last time we talked, Tarun, we talked about permissions and entitlement. That was a key part of the permission layer, as you talked about. In the cloud-native world, you start to see the word delegation where you're delegating authority. That's a trust equation. And the best thing about cloud we've seen over the years, on gen one cloud I call it, is abstractions. And sometimes those abstractions aren't efficient. So you guys have technology under the hood. Can you share why you guys are succeeding? What are some of the things around how you surface the permissions? Is it Graph? How are you guys doing it technically? What are some of the key things that you do to enable this next wave of, I call it the harmonization layer of data where the systems have to talk to each other, but it's not the old school abstraction?

Tarun Thakur

>> That's exactly right. Love that question, John. Thank you. I'll just start with a little bit sort of context and then I'll answer your question. Look, one of our very strong point of views is identity cannot be siloed. They cannot be an IAM team and a PAM team and an IGA team and an app team. Identity has to be, as you get harmonized and democratized, an app team needs to be able to understand permissions, right? It cannot be siloed. So with that point of view, what we did with our core differentiation of what we built is a data model. And the data model, we call it, the Veza Access Graph, where what we have done or very hard work over the last four and a half years, five years in now, which is can we help organizations in matter of minutes, if a matter of seconds? Who in your organization, whether it's human or a machine or a non-human or a third party identity, think of all organizations use third party services and what actions can they perform in an effective truth to systems and data spread all over the enterprise? That visualization layer, that intelligent layer is very powerful. Some of our customers say it's like turning on light in a dark room, is essentially the way our customers explain that to us. And they're like, "Look, we never had this visibility and we need it." And I remember one of the customers said, the following, "Tarun, this foundation layer that you're calling is really how we get ahead of thinking about how do we get ahead of these breaches." So, that's the core foundation. I would say the number two, John, that is working very harmonizing, I love that word. It's only as good as applicability to your enterprise breadth, not only your SAS systems, not only your cloud systems, but mind you organizations like the one you mentioned, JP Morgan has probably thousands and thousands of custom systems. The brown field, not only the blue field. And I think we are also announcing a wide breadth of integrations today, which is we now have close to 300 integrations, not only your SAS, but also things like Oracle databases, things like PeopleSoft. And that brings us another level of moat, level of applicability to .

>> One of the things you guys are doing that I think is nice on this next gen cloud is if you look at gen one, cloud solved the over-provisioning problem of hardware. And we saw that with, buy by the drink, S3, EC2, all good and higher level services and cloud, great, check. Now with permissions, you can move away from over-provisioning permissions because you kind of overdrive that. You guys are coming down to the granularity where it's agile on the permission side, but also targeted. You mentioned some of those systems. So talk about the news you're announcing because I think this is a big conversation around what resources am I going to be managing effectively, whether it's cost driver or access control, let's get to the hard news. What are you guys announcing at re:Invent and take us through the specifics.

Tarun Thakur

>> My favorite part of the session, John. Very over the last, again, some context over the last four and a half years, we have built and launched about five products, search intelligence monitoring, access reviews, workflows and lifecycle management, fundamentally the Joiner, Mover, Leaver. What we're announcing today, probably the boldest product is what we call Access Request. The whole notion, as you said, self-service access, right? Business teams, app teams, dev teams, AI teams, cloud engineering teams, they all need access to something. It may be a cloud resource, it may be an app, it may be a system, it may be getting access to Slack. And so what we started with is like, look, access is very varying, right? It changes very often. There are days when you join an organization, you're over permission by 20000%, and there are days when you expect to get access to something and you don't. That's just the fundamentals problem. And so essentially what we learned as we spoke with customers is like, look, access request is still a largely unsolved problem. Either I'm getting over permission, as you said, or I don't have access to the systems I need and now I'm sitting idle for four weeks and my productivity hurts. So we are announcing today a brand new product, Access Request, early access today. We want to design partner that with some very, very large iconic customers. The theme behind the Access Request is productivity, ease of end user experience, a click button, one click button. And number three, which is probably the most closest to our souls is access, which is least privileged from day one. Minimal access, minimum set of permissions, minimum set of roles that you need to get your job done. That's what gets me fired up. Yes, please.

>> Couple questions for you on that. One, this is the future. You need to have this identity nailed down for humans in the loop and machines, got that, check. That's a nice tailwind as you mentioned, but can you share what you cover with these identities? Which systems? How do they understand the permissions and identities? And then two, how do you get it at enterprise scale? Because that, again, enterprise is complicated. You can't just throw AI at the problem. It's a lot of knobs and buttons are pushed in the enterprise when it comes to identity. It's been one of the key governance areas of concern.

Tarun Thakur

>> Thank you, John.

>> So which identities, which systems, how do you know the identities? Take us through that.

Tarun Thakur

>> Thank you, John. The way our system works, simple, four steps. We want to connect read-only, know agents, API method only to your identity systems, to your cloud systems, to your SAS systems. And that's a simple API pull. We're pulling in your user name, your group name, your roles, your permissions, your entitlements, and it's at the heart, our system is a distributed, large-scale distributed systems. And so essentially we pull in this metadata. Think of a large number of small objects, right? So the object model is structured around that. We organize that data in our graph architecture as you rightly noted. And from there on, we built very highly purposeful algorithms, graph traversal algorithms that allow us to perform query and search and workflows and monitoring. Those are all apps on our platform that we have built. But to answer your question, in terms of identities, we support all the three clouds, Amazon, Azure, GCP. We discover pretty much a large variety of non-human identities, like the service account, service principle, whether it's an AD or Azure AD or GCP or AWS, which is we call the left side of the graph. And when it comes to systems that we can connect to, about close to 300, pretty much very long tail, John, if I can use that word. Our most critical systems, Salesforce, Workday, AWS, ServiceNow. But the most recent new systems that we're announcing today, support for Oracle EBS, E-Business Suite. Support for things like CyberArk. If you think of a system like CyberArk, where the most privileged identities are stored, how critical that enterprise system is. I would say on-prem systems, cloud systems, Veza for Zscaler, Veza for HashiCorp, Veza for Slack, Veza for Oracle EBS, Veza for . These are the new, brand new set of we are announcing, which is all again to cover the enterprise.

>> You covered all your bases on the enterprise side, so check. So what about AI? Can you share your vision and some of the things you're doing with how you're leveraging the AI for automation? How does that factor in what-

Tarun Thakur

>> I love it, John....

>> value is that bringing?

Tarun Thakur

>> I love, you're turning on the heat. Look, we launched, John, we met at Black Hat. We launched our product called Access AI. We were the first ones to launch this data model called Access Graph about four and a half years ago. And the industry has, industry is waking up to that. So we feel we have a great position. And the second big announcement we made is Access AI. So you can imagine with the power of LLMs, the power of generative AI, it's accelerated. And so essentially the first product that we launched for Access AI is in natural language-based search. Essentially if we were run Veza in theCUBE in SiliconANGLE, what does Andrew Fick has access to? You can ask that question in plain English language.

>> Andrew, our producer, has access to everything. He's always in the system. He's going to have a bot soon. So, nice shout out for Andrew. Way to go.

Tarun Thakur

>> And so I mean, these are things we've not been able to answer. So that's our first number. Second area we are advancing our AI product is we give you findings, right? In spirit of time to value, TTV, we give you risky findings that you must act on within as immediate as possible. But now imagine you can search for those risky findings using natural language. For example, Kale has MFA disabled and his global admin in HashiCorp Vault. That's a pretty risky finding. Kale is turned off in Okta, yet he has global admin to the sensitive folder in Google Drive. Very risky findings, but now you can search using AI.

>> Yeah, I think AI really helps some of those automation around some of the heavy lifting stuff that's kind of a lot of grueling work, toil to make the configurations work, make the services go faster. Clearly it's the future of security. I have to ask you about the company. Obviously we're in a world now, where it's kind of like everyone sees the shift. There's the old way and new way. You guys only been around for a few years, I think three years.

Tarun Thakur

>> Thank you.

>> And you're on the right side of this. So as an entrepreneur and as a fast-growing company, take us through the momentum. Since your public launch, give us some of the stats how business has been because the world spun on your doorstep. Okay, this is-

Tarun Thakur

>> Thank you. Thank you, John. I love that. I'm going to steal that from you. The world world has spun up on your doorstep. I'm actually going to steal that. John, we came out of a very, very strong, our year-to-date performance has been phenomenal. And thanks to the team and customers and partners and also our investors for that vote of confidence. Our Q3, we finished on Halloween 300% year-over-year growth. As you know, that's considered top quartile SAS performance. Our net retention rates of 120% and plus. Multiple, multiple Fortune 500 logo acquisition across healthcare pharma, across life sciences, across big tech, across retail. The most recent customer that we acquired, Crocs, that we all love to wear. And so really, really good execution by the team. Very proud of it. But I think you nailed that. The world is spun up in front of your door. We use the word, the market is coming to us at a very, very rapid pace. And so very happy with the progress. I think we were hoping to finish the year very strong and really in the middle of how to sort of accelerate the journey in the next 24 months.

>> Yeah, I mean, getting the data right has been a key discussion point. That's why governance is super hot. Identity ties into that. Visibility into, I call the new observability, which is what's going on with the data. How do I make the data intelligence, I mean this is what people are talking about. And your customers and other customers are looking at, how do I re-architect my foundation, knowing I have data and build it from the ground up with the access control built in to enable the disruption? Because it's a disruptive enabler. It's disrupting, but it's enabling. So the value creation is there. So, it's not just disruption and disrupting operation.

Tarun Thakur

>> It's value creation.

>> Value creation. And everyone's kind of in agreement that this kind of in-between the line, so to speak, with access control, which has been a database thing is actually core to that. So can you take us through the successes at horizontals, the scalables of certain industries? Is it all industries? What are some of the signals you're seeing from the market where you're winning or where you get called in or you solve problems?

Tarun Thakur

>> Yeah, John, I think we describe our go-to-market or our customer acquisition journey. The customer journey, the user journey, the buyer journey. We describe very much it as bi-modal go-to-market, meaning we have commercial and mid-market organizations. Think of anybody below 3000 employees where it's a very fast sales cycle. Nimble organization, agile organization, they want to move fast, they want to solve their problem. But we also have a lot of traction towards enterprise and large enterprise. So, that's the bi-modal nature of the go-to-market. And what we are experiencing is like, look, the problem is everywhere. Like you rightly noted, the problem is everywhere. Now it's time to, as a young startup, as you noted only two and a half years since coming out of stealth and only four and a half years old, still a toddler, you have to focus. And I think one of the big decisions we made, John, earlier in the year, which paid off, fast-forward 12 months, is we tripled down on enterprise. I think enterprise is the way they think about security, the way they think about strategic planning for the next four years. And this is a world that has really worked very well for us, which is the next generation enterprise identity platform. Leaders and organizations, they're now planning for 2026, 2027, and they want to bet on the platform today that's going to enable multiple identity security use cases. Not just non-human, not just posture management, not just identity governance. They want a platform that is multi-cloud, multi-identity, human and non-human, but also that addresses multi-use cases. And I think that has also worked very, very well for us or from messaging positioning. But I would say to answer your question very specifically, our pull, if you can say, is very strong in global 2000, global 5000.

>> Well, congratulations on announcing Access, Access graph is with powerful underpinning enabling the self-service. Great feature. And again, I love the focus because I love that Steve Jobs, John Ivey mentions about Steve Jobs, the focus is the key. And I think you're in a great spot because everyone's talking about how do I enable the data to be successful?

Tarun Thakur

>> Thank you, John.

>> And you got to get it right. So Tarun, thank you for coming.

Tarun Thakur

>> Thank you so much.

>> I'll give you the last word. Put a plug-in for the company. What else are you're growing. What are you guys looking to do? You're here at re:Invent. A lot of action around.

Tarun Thakur

>> Thank you, John.

>> A plug-in to the company.

Tarun Thakur

>> Appreciate, appreciate. I would just say there's only one plug-in from my perspective, is companies are only built with phenomenal people and talent and people coming together with various sets of opinions and points of views. We are hiring across the board, product management, engineering, sales, marketing, international expansion. Anybody who likes to be in a chaotic yet a customer-driven mindset company, love to have you on the journey. People who love to build, love to have that entrepreneurial spirit. So other than that, thank you John, so much for the opportunity and any and all talent is welcome.

>> Great. Yeah, congratulations on the team expansion, the momentum. Obviously the product's solid. Companies trying to understand permissions as is the foundation of identity security through power, agentic. Tarun, thank you so much for coming on this CUBE special edition of re:Invent coverage here from Palo Alto.

Tarun Thakur

>> Thank you, John.

>> I look forward to seeing you here around hallway.

Tarun Thakur

>> Thank you. Best wishes for you and the team for the great event and best wishes to everybody else at this week. .

>> Okay. I'm John Furrier, you're here in theCUBE. We are here at Palo Alto. We're also on the ground in Las Vegas for AWS re:Invent coverage. Thanks for watching.