Valence Security Enables Secure SaaS Adoption
More than ever, organizations today rely on SaaS applications such as Microsoft 365, Salesforce, GitHub, Okta, and Slack, and dozens, hundreds or even thousands of others. Valence Security empowers security teams to find and fix their SaaS risks with its SaaS Security Platform that includes SaaS Security Posture Management (SSPM) capabilities, remediation, and business user engagement. Valence minimizes the SaaS attack surface with advanced visibility and remediation to address configurations, identity, integration and data risks. Valence was selected as a 2023 RSAC Innovation Sandbox finalist.
The Power of the Cloud Fueled Valence’s Architecture Since Day One
For Shlomi Matichin, the Co-Founder, CTO, and acting CISO of Valence, attention to the company’s security architecture and posture is top priority.
To maintain a clear focus on the company’s security architecture, Shlomi believes in applying simplicity to the software architecture. In particular, he highlights, “We use only the basic building blocks: Kubernetes, Azure storage containers, Postgres, and Azure Data Explorer. No serverless, no Kafka. The simpler you keep it, the easier it is to secure it.”
Valence applies this high level of attention to protect customer resources by ensuring each customer’s resources always remain separate from each other, including IAM permissions. “I think our customers appreciate the effort,” notes Shlomi. Additionally, they have implemented Zero Trust principles in their cluster, with specific attention to APIs. There are no open APIs in the production network and strong authentication is required for communication between every two microservices.
Finally, Valence relies completely on Golang for their backend programming since it is one of the only ecosystems with the lowest rate of CVEs as compared to other languages. Shlomi simply states: “We’ve spent a lot of effort on how to make the system intentional.”
Aligning on Company Values is a Must for Choosing the Right Cloud Security Vendor
When asked what Shlomi looked for in a cloud security solution, the answer was clear. “We wanted to choose a company that aligns with our core values. These include the desire to constantly innovate and iterate, while being thorough. You have to continue to learn and apply new knowledge, making sure your product doesn’t miss anything important that could be detrimental to the customer. Orca is that kind of company.”
“We wanted to choose a company that aligns with our core values. Orca is that kind of company.”
Co-Founder and CTO
Specifically, Shlomi believes that Orca’s powerful Cloud Security Posture Management (CSPM) capabilities are exactly what Valence needs to satisfy his requirements. “Orca is a brand name, and we use that. We tell customers that we have Orca installed, and this is what we use as a CSPM. It goes a long way to show that you’re making an effort, that you understand security, and that you’re taking care of the data that they entrust to you.”
A True CNAPP Through and Through
Prior to using the CSPM capabilities within the Orca Platform, Valence did not have the visibility it needed, and the company’s previous solution missed finding critical vulnerabilities, on top of producing false positives.
With Orca’s cloud native application protection platform (CNAPP), Shlomi and his team no longer have to concern themselves with missing any critical vulnerabilities. “It goes a long way to show, first of all, the alerts were true positives. We see the critical findings, and we don’t have to go chasing down false positives.” Instead, the Valence team can focus on solving the risks that truly matter, resulting in more intentional time spent on security while also preventing alert fatigue.
“We see the critical findings, and we don’t have to go chasing down false positives.”
Co-Founder and CTO
The Orca Platform Eases the Security Remediation Process
Crafted as a platform since the beginning, Orca pays particular attention to details that make the user experience easier, more meaningful, and more comprehensive. A few standout features for Shlomi and his team include the news widget, cloud cost optimization capabilities, and technology integrations.
“The ‘From the News’ widget keeps updating and shows you if you’re vulnerable or not; it’s an amazing feature that helps my team focus on the recent threats and risks right now,” says Shlomi.
Cloud cost optimization also keeps Valence’s security posture in check, even if it’s not directly a security feature. “With cloud cost optimization, it’s helpful to make sure we’re not wasting money on resources we don’t actually need. Ultimately it helps us keep a handle on what’s in our cloud environment, another crucial part of visibility for us.”
Finally, technology integrations enhance the security remediation process. Valence uses Slack to communicate and track security issues, and being able to send alerts from the Orca platform directly to Slack reduces Mean Time to Remediation (MTTR) while also reducing tool sprawl.
A Partnership as Deep as the Ocean
The true partnership between Orca and Valence runs deep, as evidenced by the fact that the CNAPP and SSPM leaders integrate together to provide organizations with complete visibility into their IaaS and SaaS footprint.
Whereas traditional cloud security used to mean a focus on securing production environments, the synergy between SaaS and IaaS means that the partnership between Orca and Valence produces a 360 degree view into what’s happening for customers as it relates to the cloud overall.
Anna Sarnek, Director of Strategic Alliances for Valence, says it best: “The proof is in the pudding. As a security company, we trust Orca and we use them, which shows the power of what Orca provides for us to secure our infrastructure as we leverage our own product to secure our SaaS. We are the proof point of how our partnership is influential for the future of cloud security.”