Uncover the journey of Cyral with insights from its CEO, Manav Mital. In this interview, he discusses the importance of data protection and the innovative strides taken by the company.
Can you tell us about your background and how it led you to found Cyral?
Cyral is the intersection of my passions and proficiencies. I have been on a long entrepreneurial journey. I started out as an early hire at Aster Data, which was one of the first companies to talk about Big Data, where I ran most of the engineering team. Then I founded Instart, which was in the CDN space where we focused on managing infrastructure at cloud scale. Cyral presented itself as the intersection of these two experiences — managing data at cloud scale. When I saw that companies were moving their sensitive data off-premises to the cloud, I realized they need a different way to manage the security and governance of data, and the answer is Cyral.
Can you explain the importance of data security governance and its impact on organizations?
The number one thing most security leaders are worried about is a data breach. Companies increasingly gather sensitive information about their customers that they are tasked with keeping out of the hands of hackers. When everything began migrating to the cloud, breaches became much more common since there are so many ways for a hacker to access a database. Data is everywhere, and there isn’t a structured enough system to protect it.
Data security governance is its own category like IT security or application security, and more organizations are finding a need to address it with a specialty team or service dedicated to protecting sensitive information.
How does Cyral’s solution differ from traditional security tools, and how does it address the challenges of securing modern cloud-based environments?
Modern technology solutions are an adaptation of the past. They either take the way a company functioned in a data center and move it to the cloud, commoditize technology from big, enterprise solutions for others, or have developers recreate the work that once belonged to an IT team. Cyral does something new.
Other security tools are not database aware and have no way of knowing what’s in a company’s database or whether a user should be allowed to access a specific field or record—it’s often all-or-nothing access. Cyral addresses this issue with its complete suite of discovery, authentication, authorization, and auditing controls. Several people within the same organization can input a query into their Cyral-protected database, and depending on their role or other defined factors, each would see a different result. In fact, Cyral is the first security solution to provide all the features of database activity monitoring (DAM), privileged access management (PAM), data loss prevention (DLP), and data security posture management (DSPM) for a company’s sensitive datasets from a single platform.
Can you discuss the role of generative AI in data security and the potential risks it poses to organizations?
Generative AI is a reality for technology, so I see it working in data security in two ways. As it stands, security products make a lot of noise. They send alerts and false positives often, driving security leaders to spend time across multiple dashboards and data streams just to understand what’s happening. I anticipate that generative AI will begin to be incorporated into security products to help reduce the noise and make security analysts more productive. It will more accurately pinpoint a threat and where it is then send security teams to the right place to investigate.
On the flip side, data security can make companies or products built around generative AI more secure. The lifeblood of AI is data, and it’s often sensitive data like PII or non-public information. Right now, that data is a risk for generative AI-based companies because there are not enough controls to keep information from being fed to models that should be kept secure. One of the biggest issues that security leaders face is employees unknowingly exfiltrating data and putting it into the wrong SaaS platform. This same issue will translate with the growth of AI tools as there are limited restrictions on the information that gets fed to the models that then learn from the data and could share it or hold it insecurely. Data democratization is the foundation of effective generative AI.
How does Cyral’s solution integrate with existing security infrastructure, such as firewalls and SIEMs?
Cyral is an API-first platform and integrates easily with existing infrastructure, SIEMs, and monitoring tools. And due to Cyral’s stateless interception, it is completely non-disruptive to performance and existing workflows.
How does Cyral ensure compliance with regulations such as GDPR and CCPA?
We fold regulations into our product design, and we have a brilliant team of engineers able to quickly enact changes as policy shifts. We don’t collect customer data, which also makes this easier, but we are very strict with our internal security practices.
Can you share any success stories or notable use cases where Cyral’s solution has helped organizations improve their data security posture?
One recent example is Turo, the world’s largest car-sharing marketplace. Turo reached a point where the company needed to streamline database access for its developers while strengthening security around the sensitive data it collects, including driver’s licenses, phone numbers, and addresses.
The company implemented Cyral and realized three key benefits:
- Limited database access to reduce risk: Cyral assigns engineers read-only access to the Turo databases. It also directs users to a replica database so that any problems that may emerge stay isolated from the primary data source.
- Automatic database activity audits: Cyral maintains an audit trail across all users and data sources, so Turo can preemptively identify problems that might be affecting performance or undermining security. If there is ever a security issue, the audit trail will be available for maximizing the speed and precision of the response.
- Growth in a developer-first culture: Turo encourages its devs to innovate, and with Cyral, they can now do so freely without the risk of harming the database. Cyral has guardrails up to keep them from accessing anything risky, so they can grow.
How does Cyral stay up-to-date with the latest security threats and vulnerabilities, and what steps do you take to address them?
Our mission is to help businesses secure and govern their data in the cloud, which is more important now than ever. We maintain the highest level of security a few ways. First, we have a strong development team that can quickly respond with product augmentation and enhancements as needed. We also have very close relationships with our customers and prospects. They know that any concerns they have can be brought to our attention and addressed. Lastly, we have strong connections in the security industry. Our CISO is well-respected with a storied history in cybersecurity. Our investors are also known in the industry and able to make important connections for us. We know through these connections and relationships, we are always up-to-date with the latest in the industry.
How do you see the data security landscape evolving in the next 5-10 years, and how is Cyral preparing for those changes?
With the current pace of innovation, it is admittedly difficult to forecast that far out. Ten years ago, I don’t think anyone would have guessed the amount of mission-critical, sensitive data that companies have in the cloud. Currently, there is no accepted form factor for the right data security solution. The lines between ideas like data security, data privacy, and data governance are blurred. I anticipate that the distinctions between these ideas, who they serve, and how they should be integrated into workflows will be much clearer in the next few years. That will help with defining which solutions make the most sense for each organization.
What advice would you give to security leaders looking to improve their organization’s data security posture?
In addition to calling Cyral, you should make sure you have the right teams focused on the right subject area. Security teams have evolved so much over the years, and now you have subject matter experts in specific disciplines such as IT security, cloud security, and application security. Data security is a separate concern. It requires its own focused solutions, so look for experts that specialize in protecting your database and any information you collect.
Founder, and CEO at Cyral
Manav Mital is the co-founder and CEO of Cyral, a leader in data security governance that stops data exfiltration by delivering enterprise security across all databases in every cloud. He was previously the founder and CEO of Instart, a startup in the CDN space focused on improving web and mobile application performance, consumer experience, and security before it was acquired by Akamai. Manav has a MS in Computer Science from UCLA and a BS in Computer Science from the Indian Institute of Technology, Kanpur.