Exploring Cloud Compliance with Chris Finan of Anitian at RSAC 2025
Join us for an exclusive discussion with Chris Finan, the CEO of Anitian, as they delve into nuances of cloud compliance for federal cybersecurity standards. This event, theCUBE + NYSE Wired at RSAC 2025, offers expert insights into the evolving landscape of government and enterprise cybersecurity requirements.
In this video, Dave Vellante of theCUBE Research converses with Finan. Together, they explore Anitian's journey and expertise in assisting companies with cloud products to achieve federal compliance efficiently. Key discussion points include the importance of automation and expert advisory in fast-tracking Federal Risk and Authorization Management Program certification and the role of Anitian’s SecureCloud product in this process. They also discuss how Anitian collaborates with hyperscalers to enhance compliance frameworks.
The video further centers on significant insights shared by Finan on addressing tools creep in development security operations pipelines and the strategic partnership with Open Policy. Finan highlights how integrating generative AI and agentic AI capabilities streamlines compliance processes, reduces costs, and aids companies in meeting requirements efficiently. According to Finan, this technological synergy is pivotal in accelerating Zero Trust implementations for clients.
Forgot Password
Almost there!
We just sent you a verification email. Please verify your account to gain access to
theCUBE + NYSE Wired @ RSAC 2025. If you don’t think you received an email check your
spam folder.
In order to sign in, enter the email address you used to registered for the event. Once completed, you will receive an email with a verification link. Open this link to automatically sign into the site.
Register For theCUBE + NYSE Wired @ RSAC 2025
Please fill out the information below. You will recieve an email with a verification link confirming your registration. Click the link to automatically sign into the site.
You’re almost there!
We just sent you a verification email. Please click the verification button in the email. Once your email address is verified, you will have full access to all event content for theCUBE + NYSE Wired @ RSAC 2025.
I want my badge and interests to be visible to all attendees.
Checking this box will display your presense on the attendees list, view your profile and allow other attendees to contact you via 1-1 chat. Read the Privacy Policy. At any time, you can choose to disable this preference.
Select your Interests!
add
Upload your photo
Uploading..
OR
Connect via Twitter
Connect via Linkedin
EDIT PASSWORD
Share
Forgot Password
Almost there!
We just sent you a verification email. Please verify your account to gain access to
theCUBE + NYSE Wired @ RSAC 2025. If you don’t think you received an email check your
spam folder.
In order to sign in, enter the email address you used to registered for the event. Once completed, you will receive an email with a verification link. Open this link to automatically sign into the site.
Sign in to gain access to theCUBE + NYSE Wired @ RSAC 2025
Please sign in with LinkedIn to continue to theCUBE + NYSE Wired @ RSAC 2025. Signing in with LinkedIn ensures a professional environment.
Are you sure you want to remove access rights for this user?
Details
Manage Access
email address
Community Invitation
Chris Finan, Anitian
Exploring Cloud Compliance with Chris Finan of Anitian at RSAC 2025
Join us for an exclusive discussion with Chris Finan, the CEO of Anitian, as they delve into nuances of cloud compliance for federal cybersecurity standards. This event, theCUBE + NYSE Wired at RSAC 2025, offers expert insights into the evolving landscape of government and enterprise cybersecurity requirements.
In this video, Dave Vellante of theCUBE Research converses with Finan. Together, they explore Anitian's journey and expertise in assisting companies with cloud products to achieve federal compliance efficiently. Key discussion points include the importance of automation and expert advisory in fast-tracking Federal Risk and Authorization Management Program certification and the role of Anitian’s SecureCloud product in this process. They also discuss how Anitian collaborates with hyperscalers to enhance compliance frameworks.
The video further centers on significant insights shared by Finan on addressing tools creep in development security operations pipelines and the strategic partnership with Open Policy. Finan highlights how integrating generative AI and agentic AI capabilities streamlines compliance processes, reduces costs, and aids companies in meeting requirements efficiently. According to Finan, this technological synergy is pivotal in accelerating Zero Trust implementations for clients.
Join us for an exclusive discussion with Chris Finan, the CEO of Anitian, as they delve into nuances of cloud compliance for federal cybersecurity standards. This event, theCUBE + NYSE Wired at RSAC 2025, offers expert insights into the evolving landscape of government and enterprise cybersecurity requirements.
In this video, Dave Vellante of theCUBE Research converses with Finan. Together, they explore Anitian's journey and expertise in assisting companies with cloud products to achieve federal compliance efficiently. Key discussion points include the...Read more
exploreKeep Exploring
What government cybersecurity standards does Anitian help companies comply with, particularly those in the cloud industry?add
What kind of automation do you use for assessing the gaps in a company's cloud product, specifically in relation to SecureCloud?add
What benefits does our tooling provide in terms of clarifying shared responsibility in complex cloud environments and helping to streamline security processes?add
>> Hi everybody, welcome to theCUBE After Dark. It's still light here in the Embarcadero. My name's Dave Vellante and we're here with the NYSE Wired and Open Policy. We have one of our sponsors here, the CEO of Anitian, Chris Finan. Chris, good to see you. Thanks for ... along with us in the Wired community and Open Policy sponsoring this event, it's good to see you.>> It's great to be here, Dave.>> Yeah. Well, we did this last year and it was really a pleasure. We interviewed a lot of startups, find out what they're doing, what's happening in the ecosystem, concomitant with RSAC. So tell us about Anitian.>> Anitian's been around a while and our focus is in helping companies that have cloud products. These are companies with cloud tools. Could be an infrastructure company, could be a SaaS application provider that want to sell to the federal government. We help them get compliant for government cybersecurity standards. We do that with a mix of automation as well as human experts who we bring to bear, and we shorten their time to revenue. We make it really easy for them to go after that federal vertical and expand their business.>> So things like FedRAMP. I mean, that's always the one that everybody throws out there, right?>> Yeah. Bingo.>> I want to get FedRAMP certified. I could do it myself, DIY, or I come to you and get some help. You compress it. How does that work?>> That's exactly right. Yeah, you could do it yourself. You could hire one of the big four to help you and sure, they could give you a highly customized build. We come in with a cloud technology stack, we bring a stable of expert advisors. They're all former auditors. We come in and we provide that automated suite that gets you there in about half the time and half the cost.>> What kind of specific automation do you have for, I think you call it SecureCloud is one of your products->> SecureCloud, yeah.... >> is that right, that you're offering? Help us understand automation, because people hear automation, they're like, "Oh, that's a good thing." And sometimes a lot of people say, "Oh, that's a bad thing," because the machines get out of control. How do you do it? How do you control it? Give us some color on that.>> Well, the first thing that we do is we use automation. In this case it's a SaaS tool, a software as a service that we use to assess the gaps in a company's cloud product. Hey, how far away are you from being able to meet all of those FedRAMP controls? That now helps us have a really tight scope so that we can resource plan, so that you, the CIO and your CFO, can get together and say, "Hey, we know exactly how many people we're going to need to put toward this project, how long it's going to take us. And now we can factor that into our overall business plan so that we can be really intentional about our federal market expansion."
We start by automating that gap assessment. That really simplifies it, gives us a good sense of scope. The next thing we do when we're ready to move forward is we deploy a set of technologies into that company's cloud environment to actually begin addressing those controls, to close the gaps very quickly. And then we use our human experts who come in and help tune them up to make sure everything is meeting the mark.>> A lot of agencies obviously move into a Zero Trust environment. That's kind of the big ... Pre-Covid, it was sort of a buzzword, then it sort of became a mandate, then became a product to a lot of companies' portfolios. We know it's not a product, but help us understand how you fit in to enabling your customers participate in a Zero Trust environment. Where does your offering leave off and where do they have to pick up, the shared responsibility model, if that makes sense?>> Well, what we help figure out is visibility into exactly where that line should be for shared responsibility. Because especially if you have a complex cloud environment or maybe you're in multiple clouds or either your product's a hybrid, it can be very difficult to discern which of those controls you're inheriting, how to actually operationalize them across your technologies. Our tooling comes in and makes that delineation really, really clear so that we can focus on only closing the gaps that remain. That's how we're able to not just compress the time, but eliminate a lot of the unnecessary costs, so that we're already meeting you where you are in your Zero Trust journey. You're not having to go backtrack and do more.>> How do you interact with the hyperscalers? Because they do a lot of their compliance templates as well. You guys add value on top of that? Is it coopetition? Is it complimentary? There it is. How do you fit into that hyperscaler world?>> We're very complimentary. Yeah. The hyperscalers all have a great toolset to help with compliance, and in particular the government accreditation frameworks like FedRAMP or CMMC. What we do though is we add a layer of depth on top of that. So we'll take all of that tooling, we'll make it very accessible, and then on top of that, we'll provide deeper analysis and we'll provide an opinion. We have a very opinionated set of analytics that can come in and can discern, "Hey, based on the data in your environment, everything that we're seeing from that visibility, how close are you to meeting the mark? And we'll help ensure that we get you right to that bar so that you're addressing all the controls, you're zeroing out all the findings, without having to do anything that's overkill.">> When I hear opinion, I think opinionated stack, but I think what you're saying is you understand what's possible in terms of maturity model and then you help people get there, and you probably also have an opinionated offering, a curated capability.>> Yeah, exactly right. I think opinionated in this day and age, especially with AI, means that we can move away from simply providing visibility into actually taking action. That, for us, is the really exciting thing now as we've been able to integrate a lot more agentic AI features into our stack. Opinion means, "Hey, we see this control gap that you have. Let's actually help you close it, say, with this infrastructure as code. Because we see everything that's happening in your environment, and now we can take that, we can factor it in and we can give you back the remediation required to close that gap.">> Obviously with GenAI and LLMs really now going mainstream, this becomes much more relevant. How has that changed your approach to assisting your customers in getting certified?>> In a couple of ways. The first thing that we want to do is, we want to break down as many barriers as we can. GenAI is great because it gives you a translation capability. Let me explain what I mean. We're now able to take a lot of the work that you may have done for your SOC 2 framework. We're able to ingest that data and we're able to answer a lot of FedRAMP controls based on those policies that you've already written. They may not be formatted in the perfect FedRAMP parlance, but that's where our AI tools, and GenAI in particular, can help with that translation to make that process really simple and automate a lot of it. We used to rely on human expertise to do that. Now we can use AI to do a lot of that. So we can really drive down the cost because we're able to leverage a lot by crosswalking those frameworks.>> Let me ask you this. A lot of DevSecOps pipelines, they suffer from tools creep. How do you deal with that? The whole tools sprawl thing, how do you avoid, "Oh, here's another shiny new toy or another point product." How do you address that?>> Well, what we want to do is we want to make sure that we're helping a company tightly scope their federal environment. You don't want anything extraneous in there. I think that's where we are very helpful in terms of that overall DevSecOps architecture, is we can come in, we can shift a lot of the control and remediation work to the left, and we can ensure that we're only bringing into that federal environment the things that are necessary to process that federal data and to deliver value to the federal government, without bringing in anything unnecessarily into that scope that's not going to create additional risk exposure. Again, having that really tight visibility and visibility that leads to actionability, to me, that's the key. I think that's where in general we're seeing DevSecOps go, and we're seeing a lot of that security work shift to the left as a result.>> What's your relationship with Open Policy? You guys had a meetup here earlier today and we're taking it to After Dark; eventually the sun will go down. What were you guys talking about today? What was that meetup all about?>> Well, we've partnered with Open Policy because, as you know, there's a ton of change right now in federal government policy and especially around->> What do you mean?>> Such curious ... So much up in the air. The Open Policy crew and their tooling, of course, really valuable to help us keep our finger on the pulse. I think also Open Policy really are great at connecting the ecosystem. And so we find that this is a team sport, so we like to partner with them to deliver a lot of value to our customers.>> That's true. They are great connectors. Well, Chris, thank you very much for taking some time. Give us a quick update on the company. What's the snapshot, strategy, funding, scale?>> Yeah. Well, we just closed around in the fall. We've got two phenomenally great investors that I was really excited to work with coming here.>> Congratulations.>> Thank you. Sageview Capital and Forgepoint Capital, they led a new round for us, and we are now cooking what I think is going to be a very groundbreaking agentic AI capability for federal government accreditation. We are working right now to pilot that with the federal government to help alleviate some of their bottlenecks, and I'm really excited to bring this out of the skunkworks and into the->> Awesome. Is that this year type of thing? Are we going to hear about it?>> It's going to be in the latter half of this year.>> All right, great. So you got that big announcement coming. Any other action we should know about? Any other events you're going to and things that we shared?>> Well, RSA is always great because you get a great mix of people from DC and the Valley. Yeah, there's a lot of good events. I think just getting a good understanding of where the government's going, where the national security agencies are headed next, it's always good to get a little bit of that insight.>> Well, if you can navigate that, Chris, then you're in the right job. I congratulate you on the raise and look forward to hearing the future progress. Thank you.>> Well, I appreciate it, Dave.>> All right. You bet. All right, keep it right there. Everybody, back right after this short break. This is theCUBE After Dark. It's still sunlight here, but you're watching the Cube from the Embarcadero at La Mar. Right back right after this short break.
