Startup Spanugo looks to channel to drive sales of new security assurance platform

Spanugo's channel is already critical in their Go-to-Market, and includes a select mix of SIs, MSPs and auditors -- although they have no partners in Canada yet.

Santa Clara CA-based Spanugo has announced that their Automated Security Assurance Platform [ASAP] has reached General Release.  ASAP provides enterprise grade automation of the validation of IT assets in public and private clouds as well as on-prem, to ensure that they have been configured correctly. Out of the gate, partners are critical in the Go-to-Market strategy that Spanugo is building, and includes a select mix of system integrators, MSPs and auditors.

“We’ve been around for a little more than two years in development and testing, and now we are going much broader and expanding the Go-to-Market,” said Peter Jensen, Spanugo’s CEO.

Jensen said that Spanugo plays in what Gartner calls the cloud security posture management space.

Peter Jensen, Spanugo’s CEO

“We look at a company’s IT assets and determine whether they have been configured correctly,” he said. “This is something which others have done, but the process has been largely manual. The problem is that things are spun up all the time and if a single one is misconfigured, you can get breached and wind up on TV. What we do is allow the customer to determine what policies they want to be compliant with, and once we know that, we find assets which have been misconfigured. We don’t manage the assets, but make they are securely configured.”

In addition to manual processes, this area is also characterized by DIY homemade solutions that some have developed, and by some newer solutions that have recently come onto the market. Jensen stressed that Spanugo sees itself as highly differentiated from anything else that is available.

“What’s unique about how we do it is that we look it from an enterprise perspective, and fully consider all aspects of the hybrid cloud – public, private and on prem,” he said. “It’s SaaS, and agentless. It’s not in line of production. It’s very non-invasive. While some tools for on-prem don’t work with cloud, so aren’t very useful, we provide a single set of tools that works seamlessly.”

“Our architecture is distinct in that we are the only architecture who covers this area fully both on-prem and in the cloud,” said Anupam Sahai, Spanugo’s VP of Marketing. “That makes it compelling for enterprises.”

“We are probably the only vendor out  there that supports all the public clouds,” Jensen added. “Others focus on private clouds, which is only 5% of the market.”

Today, Spanugo provides alerts to the customer when there is a problem, but they are working on adding full remediation to the mix.

“We identify where there is a problem, but the customer isn’t always able to respond immediately – say at 2 am,” Jensen noted. “So they have been asking if we can do automatic remediation as well, and fix things automatically. We have taken the first steps on that, and are working on it. But it’s a very complicated process and we are not there yet.”

The sweet spot for this includes regulated industries, but ultimately includes organizations who need to protect sensitive data.

“Every IT organization should care about whether their sensitive data is safe, but the importance of our solution really comes down to sensitivity of the data,” Jensen said. “Data for a manufacturing company isn’t as sensitive as a hospital. Our top prospects are verticals with sensitive data – financials, health care, public sector. We see a lot of interest there.”

While Spanugo is just hitting General Availability, most of their sales already go through channel partners.

“It is a hybrid model, but we are quite channel heavy,” Jensen said. “We have a very small direct sales force. We spend 75% of our time with channel partners because they can go to their customers with this. We would rather have sales resources supporting partners. We have six POCs now with large clients, four of which were generated by our partners. This morning at 7 am we had a call with another partner about another exciting opportunity.”

Because Spanugo has a small sales force, they will be looking to partners to carry the ball in most markets, including Canada, where they have no direct presence.

“In markets where we don’t have direct sales people, the channel is the primary vehicle,” Jensen said.  “We have no direct sales force in Canada. We want to identify two or three strategic partners to take it to market in Canada.”

Spanugo is presently working with a couple of large system integrators in the US. Other key types of partners are MSPs, MSSPs, and auditors, and a channel program is already in place to support them.

“MSPs like this,” Jensen noted. “When their customers host solutions, it is the customer’s responsibility to configure assets correctly. But customers make mistakes and get breached and wind up on the news like Capital One. That impacts them. Capital One was on AWS and were breached because of Capital One’s error, but it made AWS look bad because it was on their watch. With us, customers will be more secure with fewer breaches.”

Anupam Sahai, Spanugo’s VP of Marketing

“We also see possibilities for MSSPs using our platform in their managed security offerings,” Sahai noted.

Auditors are also important, because the Spanugo tool’s automation of the process cuts the costs of doing audits.

“Resellers could also be a fit if they know the market as well,” Jensen said. “Because there was nothing in this space at all until a couple of years ago, it’s wide open, and lets partners offer a brand new service.”

The plan is to build out a relatively select channel though, not just sign up a lot of folks.

“We want a maximum of two to three partners in each market, perhaps five in larger ones,” Jensen said. We would rather focus on a few partners that are super motivated. As well, there are partners who can sell and those who fulfil. We are looking for the first type, not people who just provide a quote once the customer decides they want to buy.”