The cloud movement is massive. The market leader, Amazon Web Services (AWS), has built an incredibly successful franchise that generates ~$40B in revenue, grows 30% annually, and supports over one million active customers. And that’s only about half of the market today.
AWS is governed by three first principles that are firmly rooted in Amazon.com’s history: convenience, selection, and murky pricing. As consumers, we have all come to expect that a single-click can procure just about any product on Amazon.com for next-day delivery. Developers with just a few clicks get started with a universe of services to build & run their business in the next hour. And just as consumers often don’t get the best price, businesses sometimes pay up for direct or hidden costs.
The most significant hidden costs of AWS are rooted in a lack of cohesiveness. Simply put, the AWS products don’t always play nicely with each other. AWS’s organizational design actually perpetuates this. Reimagine AWS as a factory with lots and lots of assembly lines running in parallel. Within AWS, the teams that develop the most promising products get the most juice for their assembly lines. The result is a beautiful approach to massively parallelized product development - so far AWS boasts an astounding 175+ products. However, while those products are purchased from the same storefront, they don’t really have an understanding of one another.
"I have over 3,500 instances of AWS and there’s no way I can understand and communicate about risk across all of those."
— CISO, Fortune 50 enterprise
The most acute pain of this cost is felt within enterprise security and risk management. For security teams, the cloud represents a whole new world (yep, you guessed it I just watched Aladdin with my toddler). Since it’s so easy to make choices, developers end up making lots of critical decisions. They build a skeleton for their business and choose kubernetes, a data store, a query engine, a monitoring solution, etc. Then, developers make many critical configuration choices, for example for security groups & IP white lists to VPC peers. A single unintentional mistake can lead to a cascade of risk in a single environment. Now consider the number of developers, the number of decisions, the number of environments all increasing. You might start to get a taste for how all that complexity can quickly become overwhelming for security teams. To put it into perspective, the chief security officer of a Fortune 50 enterprise told me, “I have over 3,500 instances of AWS and there’s no way I can understand and communicate about risk across all of those.”
When there is a combination of a massive market and real pain, there tends to be a lot of folks that emerge to promise a solution. In this market, there are two types: cloud foreigners and cloud natives. Cloud foreigners have tried to assimilate the cloud into the rituals of the old world. The use of guardrails, intrusive technologies, and encouraging security teams to play ‘bad cop’, as you would expect, quickly sacrifices developer productivity, is largely ineffective, and is cultural anathema.
Wiz is among the cloud natives and aims to create balance by providing instant visibility into the cloud, without agents, without sidecars, and with a contextualized view to support prioritized risk management. For all my CISO friends, I’m sure this sounds too good to be true. And with all the snake oil they have been sold, and all the products that have been bungled by large corporates, they have all the right in the world to be skeptical. For all my non-CISO friends, that might sound like a string of buzzwords, and, no, GPT-3 did not write this. Most other cloud natives will likely start narrowly, trying to tackle just one part of the stack (kubernetes security; API security; etc). What’s different about Wiz is their breadth: they can directly scan or ingest data from partners to develop a view on applications, open source libraries, containers, virtual machines, cloud configurations, identity providers, the network & all your favorite cloud platforms. Perhaps more importantly most cloud natives will eventually promise AI or ML as the panacea, whereas Wiz actually delivers on what they promise.
"Wiz is among the cloud natives and aims to create balance by providing instant visibility into the cloud, without agents, without sidecars, and with a contextualized view to support prioritized risk management."
— Shardul Shah, Index Ventures
Index worked with Assaf, Ami, Roy & Yinon -- the founders of Wiz -- through the earliest days of their previous startup, Adallom. I have counted them among the deepest professional and personal relationships I’ve developed. Their energy is intoxicating; their desire to learn, more than their desire of being right, is off the charts; they are audaciously ambitious; they are magnets for talent; and they make tough decisions. Unsurprisingly and unequivocally, this second time around, they are moving with greater purpose and speed. The pace at which they have developed their product, developed a customer base of thought leaders, and scaled their business is truly unprecedented. We look forward to making more magic with Wiz & our friends Doug@Sequoia, Jeff Horing@Insight, and Gili@CyberStarts.
Published — Dec. 9, 2020