Castle Wants Everyone to Feel Safe on the Internet

by Shardul Shah

Internet security

In this post: Castle

Our partner Shardul Shah shares why he's excited to welcome Castle to the Index family.

It’s hard to read the news today without learning about a security-related incident. Take the not-so-new but newly discussed Megabreach, which is one more reminder of the importance of our digital identities and the challenge of keeping ourselves safe online. Our view is consumers of online products of large corporations should benefit from the most pragmatic concept that large corporations will use to protect their own employees: BeyondCorp.

Untitled

When we met Castle’s founders, Johan & Sebastian, we were really impressed by their shared view of the analogy of building on the BeyondCorp concept for consumers. The core components of BeyondCorp are to have: (i) user database, (ii) a device database, and (iii) a set of access policies related to the trustworthiness of the user & device pair. Castle at its core manages: (i) user profiles, (ii) identifies devices, and (iii) enables granular access policies.

When we met Castle’s founders, Johan & Sebastian, we were really impressed by their shared view of the analogy of building on the BeyondCorp concept for consumers. The core components of BeyondCorp are to have: (i) user database, (ii) a device database, and (iii) a set of access policies related to the trustworthiness of the user & device pair. Castle at its core manages: (i) user profiles, (ii) identifies devices, and (iii) enables granular access policies.

The first commercial company to provide capabilities to support BeyondCorp outside of Google was Duo Security. Just like our friends at Duo, Castle will coordinate users, security teams and developers to provide better online security by facilitating workflows such as notifications & authentication challenges using their secret sauce -- a spicy combination of supervised and unsupervised machine learning. Practically, this means that when I shop for a pair of J's on Farfetch, the security team has the ability to instrument a text notification before I check out based on how likely they think my user/password combination is actually being used by me on a device that is trustworthy.

In the last year many tourists have jumped on the 'Zero Trust' bandwagon, and it can be pretty hard to distinguish reality from knock-off. So I found it important and authentic that the founders of Castle were clear in sharing with me what they will not do: they won't block threats to the web app & they aren't an alternative to financial fraud tools.

Castle has a long journey ahead and we are delighted that we'll have some great fellow travellers in Datadog’s Olivier Pomel and Duo’s Zack Urlocker who have joined in the financing. In the meantime, don't reuse passwords and change your passwords whenever your spidey sense is tingling ;).

Published — Feb. 12, 2019