Michael Beesley, CTO and co-founder of security company Skyport Systems, has a storied history in the networking world. Previously the founder and CEO of BCN Networks, Michael joined Cisco when BCN was acquired, and then made the transition to Juniper as its CTO of the Infrastructure Product Group, alongside current Skyport CEO Stefan Dyckerhoff. Leading several routing and switching product lines, Michael grew Juniper and Cisco annual revenues into the billions.
SDxCentral co-founder Matt Palmer and Michael go back to their days at Juniper, so Matt was eager for a chance to chat with an old friend. Below, find out what’s unique about Skyport’s startup mission and what it means for you.
Tell us about Skyport and SkySecure. What customer problems did you set out to solve when you started the company?
Beesley: Skyport is a secure infrastructure company that offers the SkySecure solution to our customers to help them secure their most critical applications and data. When we started the company we took an intensive look at the enterprise IT technology stack and realized that the compute infrastructure remained disintegrated from security and visibility solutions to the point that we were still relying on the enterprise network as the foundation of trust underpinning servers and the application VMs executing there in.
As businesses have become ever more connected, the job of maintaining a trustworthy network, whereby no bad actor can ever get onto the network, has become untenable. It was this insight that led us to start Skyport and to offer a cloud-managed on-premises secure server on which enterprise can run their most sensitive and exposed applications. The SkySecure solution allows the enterprise admin to be sure that only the software intended is running on the server – nothing more and nothing less. It also provides secure monitoring and recording of all application transactions with the ability to set tight white listed security policies on a per workload basis.
What’s your vision for SkySecure?
Beesley: The SkySecure solution allows administrators to establish security perimeters around applications. This facilitates an easy to use compute infrastructure that incorporates security by default, establishing a hardware based root of trust allowing administrators to control, monitor, and secure their applications and the data that these applications process.
When we started Skyport, one of our key observations was that application perimeters were going to be key in re-establishing the security profile within enterprise allowing them to withstand the evolving set of advanced threats. As such, our vision for SkySecure is to continually expand the form factors we offer along with the integrations and capabilities to the point that white listed per application perimeters can be the default for all workloads used by an enterprise regardless of physical form or location. This enables enterprises to continue to reap the business benefits of an open and connected architecture, but also facilitates prescriptive and proactive security and visibility around each application. We fundamentally believe that application-based security perimeters will be the next significant enterprise architecture evolution, and we are confident that our SkySecure solution will play a very significant role in this transition.
How are early customers using SkySecure? Can you give us a few examples?
Beesley: Nearly half our early customers initially want to use SkySecure to protect servers in hostile environments. There’s a law firm that wants to protect servers in Hong Kong, a pharma company seeking to lock down R&D servers in China, and a media startup seeking a tamper-resistant system to deploy into a third-party data center in Amsterdam.
Another common use case is securing servers in the DMZ that contain sensitive information or credentials, such as FTP or other managed file transfer servers. Rambus is using SkySecure for this purpose in order to protect their blueprints.
Protecting critical IT systems is a draw. In a recent survey we conducted, nearly half of the responses called out protecting vCenter as the number one priority. DNS, DHCP, and Active Directory also got large numbers of votes.
What are your initial target use cases for SkySecure?
Beesley: SkySecure is well-suited to protect remote, exposed, critical, and high value applications and servers, such as:
- Servers in hostile and untrusted locations and branch offices with insecure physical controls, untrusted personnel access, and issues with a secure delivery chain. SkySecure servers have a locked-down chassis, hardware and software tamper detection, lights-out remote management, and they do not need on-site skilled staff to deploy.
- Exposed DMZ applications and gateways that are persistently under attack. SkySecure reduces the threat surface area, enforces application specific protections, prevents lateral attacks, has an observation mode, monitors and prevents exfiltration attempts, and prevents follow-on exploitation due to credential theft.
- Critical applications that manage the IT infrastructure are the keys-to-the-kingdom. SkySecure provides full visibility and real-time access control of communications to and from the VM, enforces whitelist access policy, and compartmentalizes critical credentials.
- High value electronic assets that use sensitive data while it is not encrypted. SkySecure protections span the entire platform and provide packet mirroring to obtain an evidentiary trail for incident and breach handling.
What type of people are you finding most interested in SkySecure?
Beesley: It turns out a cloud-managed on-premises secure server is interesting across many verticals, and we find traction in financial, education, government, energy, technology, legal, and even market research organizations. The head of server infrastructure is usually the person who pulls the trigger on buying SkySecure, since it is an alternative to purchasing commodity server compute. They are heavily influenced by the security team, who find the architecture and feature set very attractive.
What’s your route market?
Beesley: We focus on mid-market and enterprise customers and are 100 percent partner driven and have signed up our first wave of channel partners including Carahsoft, Accunet Solutions, SiegeSecure, Epic Machines, and Kraft Kennedy.
You are a networking veteran… What led you to enter the server and security worlds?
Beesley: The founders of Skyport have spent decades working on software, systems, and solutions for enterprise and service provider networking. Through these experiences we have seen the evolution of the enterprise architecture that has led to today’s modern, connected reality. This has brought many powerful business benefits to the enterprise, their customers, partners, and employees. When we started Skyport we looked in detail at this IT stack and came to the realization that through this evolution, we had lost the root of trust underpinning the servers and their associated workloads, with the resultant decline of security posture and the rise of ever more advanced and capable cyber threats.
We set about scoping the technology and work involved to produce a cloud-managed, secure by default on-premises server that would re-establish a root of trust and facilitate effective, easy to use application security within the modern reality of enterprise IT. The skills and experiences we had from the networking world proved invaluable in solving some of the most difficult technical aspects of the SkySecure solution. As such, it was a natural and exciting progression for the team with a good balance between learning and applying new technology and leveraging experience and hard learned lessons from the past.