Aviva Zacks of Safety Detective sat down with Henrique Vaz, Co-Founder & CEO of CleanCloud, and asked him about CleanCloud Score.
Safety Detective: What motivated you to start CleanCloud?
Henrique Vaz: I used to be a corporate lawyer. I had worked in quite a few industries on M&A transactions.
In 2012 I was looking to start my own business and started an aggrotech business. After a few years, and a couple of companies, and I met those who would be my co-founders, who were working on a big software house in Brazil, and had noticed the lack of experts in the cloud computing industry. When I looked deep into this market, I saw this problem as it was growing. The need for automated services was going to be huge, and with that idea, we started CleanCloud.
When it started, the product was intended to improve cloud usage, with insights on security, performance, and cost optimization. After a couple of years, we pivoted, rebranded, and separated the company into two products: CleanCloud Inspect, solely focused on cloud optimization, and CleanCloud Score, launched last year and focused on compliance.
The big opportunity that we noticed was that large corporations were finally moving their production environment to the cloud in Latin America, after a couple of years doing POCs and tests on AWS, Azure, and Google.
Along with that, there was a couple of reglementary opportunities with new data protection regulation based on GDPR, called LGPD, and regulation from the Brazilian Central Bank regarding cloud computing usage.
SD: Can you explain how your company manages the AWS Cloud?
HV: You can think about CleanCloud as a layer between the infrastructure and the end-user. AWS, Azure, GCP—all the major cloud providers—offer a lot of features, but oftentimes the end-user doesn’t get all the visibility that they want. That’s where CleanCloud comes in.
With CleanCloud Inspect there are over 50 recommendations for cost optimization, like resources that are being underutilized, not used, or different payment methods available with discounts according to usage patterns, along with dashboard, anomaly detection alarms, MSP features, and many others to solve specific problems for our customers.
With CleanCloud Score, we apply the same logic of making recommendations based on cloud usage and configuration for compliance. In the agreement between the end-user and the cloud providers, there is the shared responsibility model. The cloud provider is responsible for the infrastructure part of the cloud, the hardware, availability zones and regions—the security “of” the cloud—and the customer is responsible for the configuration of the services of the cloud, among others ports policy, encryption and user management—the security “in” the cloud.
CleanCloud Score checks for over 150 items according to the main frameworks and regulations of the market, comes up with recommendations, and then step by step solves those vulnerabilities so the user can keep their cloud in compliance with those regulations and more secure.
SD: What verticals use your services?
HV: Regulated markets, B2B2C, and enterprise software are our main users. The more personal data they collect, the more important a product like ours is.
SD: How does your company stay ahead of the competition?
HV: Always talk to our customers. We conduct weekly interviews with many of them to see what they need, and we also look for trends and where the market is going.
In this sense, we see CleanCloud Score as the new generation of CSPM – cloud security posture management – software. The first generation focused on visibility and now there is a need for DevSecOps automation features.
Also, personal and sensitive data has more value by the day so compliance with those regulations, like GDPR and CCPA, is something we always keep track of.
SD: What would you say are the worst cyberthreats today?
HV: In Brazil, the most common vulnerability we see are unprotected storage and database. It is something we always tell our customers to start working on. We have to remember that those services usually have sensitive and personal data, and besides the heavy fines from GDPR or other regulations there is big damage to the company’s brand.