Zscaler has agreed to purchase startup Trustdome and its technology that’s used to get control over who and what has access to data, applications, and services in public cloud environments.
The cloud security vendor said Ramat Gan, Israel-based Trustdome’s Cloud Infrastructure Entitlement Management (CIEM) platform will help businesses reduce their public cloud attack surface and improve their security posture. The proposed acquisition will also provide Zscaler with its first development center in Israel, where the company plans to continue investment.
“The addition of Trustdome’s team and innovations in CIEM will strengthen our cloud protection portfolio by enforcing least privilege principles across multi-cloud environments while giving DevOps the freedom to innovate,” Jay Chaudhry, Zscaler’s founder, chairman and CEO , said in a statement.
Terms of the deal, which is expected to close by the end of April, weren’t disclosed, and Zscaler didn’t immediately respond to a request for additional comment. Zscaler’s stock is up US$2.86 (1.49 percent) to US$195.25 per share in pre-market trading Thursday morning.
Trustdome was founded in July 2019, employs 17 people, and hasn’t raised any outside funding, according to LinkedIn and Crunchbase. The company’s CIEM technology will be combined with Zscaler’s existing Cloud Security Posture Management (CSPM) offering as part of Zscaler Cloud Protection (ZCP).
“Entitlements and permissions are quickly becoming the biggest security challenge in the public cloud,” Trustdome CEO Ofer Hendler said in a statement. “The Trustdome team has built an innovative platform to solve this challenge while allowing development and DevOps teams to maintain speed and agility.”
Enterprise cloud environments can have hundreds of millions of discrete permissions granted to both humans and cloud services, Zscaler said, including unused permissions, non-federated dormant accounts, and misconfigured permissions. Left unchecked, Zscaler said these permissions can become an easy path for attackers to infiltrate cloud deployments.
Trustdome’s platform provides full governance over who has access to what across all of a company’s clouds, resources, identities and APIs, according to a blog post from Rich Campagna, Zscaler’s senior vice president of cloud protection. It provides a comprehensive view of an organization’s permissions as well as the ability to find misconfigurations and get remediation plans teams can act on, Campagna said.
The platform does this without any disruption to DevOps, meaning that companies can continue deploying code rapidly, freely, and securely, Campagna said. By 2023, Gartner expects three-quarters of cloud security failures will stem from inadequate management of identities, access, and privileges, up from half of all failures in 2020, according to Campagna.
“Understanding the threat vectors that introduce business risk is an important early step towards developing a strong cybersecurity strategy,” Campagna wrote in his blog post. “The same is true as your organization embraces the public cloud.”
This is Zscaler’s third acquisition deal in the past year, coming 11 months after the firm purchased early-stage vendor Edgewise Networks for US$30.7 million to protect application-to-application communications in public cloud and data center settings. A month before that, Zscaler bought cloud security posture management startup Cloudneeti for US$8.9 million to prevent and remediate app misconfigurations in the cloud.