Updated on: June 25, 2024
In a recent interview with SafetyDetectives, Ofer Klein, the co-founder and CEO of Reco, shared insights into the innovative solutions his company offers to address the growing challenges in SaaS security. Based in the USA with its research and development in Israel, Reco leverages advanced AI technology to provide comprehensive identity-centric SaaS security solutions for businesses. Klein discussed the evolving landscape of SaaS applications, the critical need for automated security measures, and the future trends in cloud technology. This interview highlights Reco’s unique approach and the importance of proactive security in today’s fast-paced digital environment.
What is the Background of the Company and Yourself?
My name is Ofer Klein, and I’m the co-founder and CEO of Reco, based in the USA. The company is three and a half years old, with our research and development based in Israel. The concept behind our technology comes from my two co-founders who have experience in the Israeli FBI (Shin Bet). One is an AI PhD, and the other was a manager of the vulnerability research group. Remarkably, one of them is the youngest ever lieutenant colonel in the history of the Israeli FBI.
What Business Problem is Reco Solving?
Businesses today want to run as fast and as cheaply as possible, which means adopting SaaS and GenAI applications. The challenge is that companies don’t know who’s using what, how they’re using it, or who has access to it, and they lack control. Until recently, this wasn’t a major issue because there weren’t many breaches. However, in the last twelve months, especially the last six, this has become the fastest-growing attack surface. If no action is taken, breaches are inevitable. This is the business problem we’re solving.
Can You Discuss the Product and How Reco Works?
Reco is an AI-based, identity-centric SaaS security solution. We connect to SaaS applications within a few minutes via API, and request read-only access to metadata. We ingest these logs and metadata into a graph, which is our proprietary technology with multiple patents. This AI graph automatically analyzes every interaction between identities, applications, and data in real time at an extremely high scale. We have companies with 700,000 accounts updating in real time. Once we have this “heartbeat” of the company, we provide a full lifecycle of SaaS security:
- Inventory: Identifying all apps that are known and unknown, including shadow SaaS.
- Third-Party Risk: Assessing what’s risky and what’s not.
- Configuration Management: Ensuring apps are configured properly and compliant.
- Identity and Access Governance: Identifying all users and merging identities, including non-human identities.
- Activity Monitoring and Detection: Monitoring activities and alerting in real time based on predefined controls.
We combine the capabilities of three or four different products into one platform.
What are Some Common Security Challenges Companies Face with Their SaaS Applications?
The first challenge we hear is, “I didn’t even know I had so many applications, and my attack surface is so big.” Internally, we call this the “oh-shit meeting” when we show the risk assessment results. For GenAI within SaaS, there’s a huge business acceleration and a huge challenge. For example, a public company we work with had someone connect an AI app to their Zoom, transcribing all calls and sharing them with the entire company by mistake, including pre-earning calls and board meetings. This highlights the risk of unapproved app usage and access mismanagement.
Where Do You See the Future of SaaS Security Heading with the Advancement of Cloud Technology?
Companies are increasingly adopting a SaaS-first approach. For any new company, they now have three options: on-prem, cloud, or SaaS. The vast majority of companies choose SaaS, leading to an increase in the number of apps used, from around 400-500 today on average by each company to potentially over a thousand in the future. This growth, coupled with more GenAI apps and independent activities, makes manual operations impractical.
We believe in harnessing AI to secure SaaS. Manual approaches to access audits and third-party risk management are no longer effective. Only by integrating machine learning and AI into security operations can companies secure their business effectively.
Are There Any Emerging Technology Trends That Will Significantly Impact SaaS Security in the Next Few Years?
AI, specifically GenAI, will have a significant impact. Predictive analytics at scale are achievable at levels we haven’t seen before. Hundreds of thousands of employees can engage with thousands of apps and millions of data points. The key is aggregating this data, making predictions, and identifying anomalies through AI, which can then be optimized by human oversight.
The biggest challenge in harnessing AI is trust—how predictable, scalable, and real-time it is. This is why we focused on solving the technology and scalability problems from day one before approaching the market.