Tell us a little about yourself from a professional perspective.
I’ve spent the last 30 years in technology in a wide variety of roles, ultimately founding and leading products and technology at cybersecurity companies — including Fortify Software and AlienVault. Most recently, I served as VP Products and Technology at AT&T Cybersecurity where I was responsible for a nearly $1B portfolio of cybersecurity products and services.
Why did you set up Ballistic Ventures?
Ballistic Ventures was formed out of a deep sense of urgency and moral responsibility to address the growing threats to society’s digital infrastructure. This mission is profoundly important to me and my partners. For over 35 years, our work in cybersecurity has granted us exclusive insight into the evolution of the cyber threat landscape. We’ve tracked its progression from the benign hacking of the ‘80s to the ruthless and insidious attacks on individuals and nations alike, which disrupt millions of lives daily.
We’re confident that security, privacy and trust are fundamental to future generations and free economies. As technological innovation continues at a blistering pace — and, in fact, accelerates — every aspect of our physical lives will soon be accessible online. Without fail, nefarious acts will follow. Adaptation is the only reasonable response.
We believe that the most important action we can take today is to empower the world’s greatest cybersecurity entrepreneurs with our collective experience, network and passion. Together, we can turn the tide at this crucial inflection point to ensure a safe, prosperous future for all generations to come.
What do you see as the top security threats to your company? And to organizations in general?
For Ballistic Ventures, criminal organizations and foreign intelligence agencies are our main concern. After all, we move large amounts of money with the portfolio investments we make, and we have access to a lot of confidential information about other companies that we’ve met with.
For organizations in general, the threat of spear-phishing remains high, and it’s the most common attack that we see on our organization.
How were you protecting your digital assets before Trusona, and what were the challenges?
We have a policy to utilize MFA (multi-factor authentication) across all our business services. We attempted to comply with that policy via individual configuration of each person’s accounts. We used native multi-factor approaches along with authenticator apps from leading vendors.
The problem was that with so many accounts, the user experience was full of friction as it required constant wading through the authenticators, followed by the manual entry of the codes. Not surprisingly, the overall adoption was poor and convenience trumped security in many instances, with partners sharing login credentials with their staff.
Even with a team of some of the best cybersecurity experts, if friction is too high, it prohibits adoption.
What is the relationship between user experience and security? Does there have to be a trade-off between the two?
That relationship is everything! I started my software career at Apple and learned there that the slightest bit of friction is the difference between adoption and avoidance — and in cybersecurity, avoidance creates a security gap.
No company is too small to be hacked. Once an identity is compromised, you can be in deep trouble. Luckily, companies like Trusona bring some of the most important and fundamental security capabilities to both enterprises and smaller companies that don’t have the resources such as a major bank, for example.
How was the experience when you configured and deployed Trusona?
The integration was quick to configure and the Trusona Customer Success team helped every step of the way. The support was simply phenomenal and the end user setup was fast and easy. We didn’t have a single user complain about the process.
Trusona has been a hit with the employees. Access to the applications behind our SSO works flawlessly. The only complaint I’ve received was that assistants could no longer log in to their manager’s accounts! Everyone had to learn about “delegate” capabilities in the various software solutions.
What do you like about the Trusona experience?
Our team absolutely loves the customized login landing page with our own Ballistic branding. Seeing your brand and logo as an integral part of the sign-in process goes a long way and eradicates an extraordinary amount of friction. It has a psychological effect — not to mention it looks cool.
What security advice would you give to companies?
Don’t use personal computers for work or, if you do, maintain separate logins for work and personal use. Also, I’d advise moving away from any on-premise software and migrate to the cloud for as much as possible. Finally, use a modern MFA solution to protect your systems and applications — ideally passwordless MFA. Follow the NIST and OMB guidelines and do not use MFA that is phish-able, such as SMS-based approaches.
About Roger Thornton
In his General Partner role at Ballistic, Roger will tap into over 30 years of experience to counsel future generations of cybersecurity founders who are focused on building great products as a foundation for great companies.
To learn more about Roger, visit https://www.ballisticventures.com/team/roger-thornton.