‘The lingua franca of security teams is risk’- Welsh talks Lacework Edge

MOUNTAIN VIEW, Calif. — Lacework recently released its security service edge (SSE) product, Lacework Edge, and it’s tackling the user experience to make jobs easier for security teams. 

Lacework Edge is a proxy-based, cloud-native product that provides end-to-end, zero-trust connectivity by leveraging contextual data to make continuous risk-based access decisions. It secures access from any user or device to internet applications, private data center applications, and SaaS applications while also securing their data. 

Security Systems News spoke with Trevor Welsh, vice president of product at Lacework, about the development of Lacework Edge and the problems it’s solving. 

SSN: How was Lacework Edge developed / what went into the development process? 

Welsh: Customers were asking us about the security service edge (SSE) market, and we became increasingly interested in where the gaps were. We went on a listening tour. We heard that legacy solutions were VPN-based, which not only had significant security drawbacks, but they also provided a poor remote employee experience–which doesn’t fit with the modern, remote workforce. Newer SSE solutions were often pieced together with acquisitions with some brittle connective tissue in between. The more we heard, the more we became convinced that we could disrupt the market. 

We began building Edge a little under three years ago in stealth. We hired some amazing people to provide world-class engineering, product and go-to-market. We didn’t want to do this tepidly. We then created a structure that enabled access to part of Lacework’s investors as a virtual board of directors. We did this because we wanted to run Edge like a spin-in new business. This gave us significant velocity benefits. 

From a product and engineering perspective, we intentionally created a highly user experience(UX)- focused solution. We wanted to ensure that everything we built was carefully crafted to solve for our customers, and to keep them thrilled with us. Edge now has numerous paying customers. 

SSN: What problems does Lacework Edge solve? 

Welsh:  There are broadly three problems we look to solve: 

1. Performant and secure access to company internal, and SaaS apps for all employees, contractors and partners anywhere in the world. 

2. High speed, secure access for all employees to the open web that protects the end user, and the company’s data. 

3. Enabling companies to securely use GenAI and other business accelerators while provably and carefully protecting the company’s data. 

Prior to Edge, there have been a great deal of attempts to solve these problems. In many cases, legacy security companies will bolt together many of their existing products while making a few more acquisitions and then throw an SSE / SASE label on the resulting amalgamation of products. This comes with major security risks, but perhaps more importantly, the experience suffers significantly. Employees get a slow experience riddled with timeouts, and strange errors that get in the way of doing their jobs. Security teams get (yet another) cloud “thing” that’s hard to use and produces more problems than it solves. 

Edge produces a consistently excellent user experience for both the teams that set it up and run it, and the employees that depend on it each day. Edge ensures that employees know they are secure while doing their jobs, admins know that company data is protected, and where there could be risk that it’s raised, quantified, and remediated in the fastest, most efficient way. 

SSN: How does Edge solve these problems better than existing solutions? 

Welsh: Lacework Edge recognized two critical things. The first is that an SSE needs to get out of the way of employees doing their jobs. That their job isn’t dealing with an SSE all day. This means building in a way that produces maximum performance and reliability, sure, but also in a way that doesn’t produce arcane errors, pop-ups or require day-to-day interaction. The second thing was that the way to build an SSE from the ground up was also to recognize that the lingua franca of security teams is risk. So, we needed to leverage business risk concepts to make better access decisions. That risk couldn’t just be some report that gets run once in a while, or an unsubstantiated score somewhere. That it needed to somehow be both omnipresent and, yet not present at all. That’s the hard part about doing risk the right way. So, we built intentionally to think about the problem space as the people who are affected by our decisions each day.