CyberArk CEO: We are just getting started
Udi Mokady speaks to CRN about how the company got started and what it will do next
Privileged account security vendor CyberArk was founded 1999 and now has over 700 employees and offices in 10 countries. Udi Mokady spoke to CRN at the vendor's Impact 2016 event in Portugal last week about his plans for the future of the NASDAQ-listed company.
Why did you found CyberArk?
Two of us founded CyberArk. I served in an intelligence unit and my co-founder managed a very large datacentre. We just saw that everybody was myopically focused on perimeter security. Now it is very clear you aren't going to keep them out if they want to get in. Information security was all about keeping the bad guys out.
We compared it to the physical world: you don't just put in doors and then let everybody walk in. You lock things up in safes. For many years the biggest demand came from regulated companies or visionary companies. In the last four to five years it got to the point where all hackers have to do is pound on the door 20 to 30 times sending phishing emails and they become insiders.
There is a growing awareness that the paradigm has to switch to behaving as though you have been breached, as though they are already on the inside. That of course created a huge demand for our solutions.
How difficult was it to convince people that they need to look at privileged account security?
It was difficult. In the early years, the earliest adopters were financial services in every country. But that has really changed in the last few years. Every vertical is subject to an attack, and we still need to educate customers a bit. They understand that they are soft on the inside and need protection but they still need to understand the scope. Every piece of technology has to be administered, therefore has privileged accounts in it. Every server, every application, every network device.
Were you competing with anyone?
In the early years we were educating [the market] on our own, and being very persistent with sticking to it. We didn't jump on a specific fad in the tech industry. So when the competition did arise, we were already the clear market leader.
Being the innovator, even the creator of this market, gives us a lot of advantage.
We are the clear market leader by all measurements, by innovation as well as by growth and market presence.
What were your goals when you founded CyberArk?
When we founded the company we probably didn't think about creating a whole new layer; we were just fixing a security problem for the user.
We are very proud that we took the company public. We are not just another company that comes and goes. When we went public it was a message to our partners and customers that we are here to stay. We are going for it.
How have those goals changed?
I tell anybody who joins the company that we are just getting started. It sounds a bit weird to them because we have 700-plus employees and 250-plus channel partners.
How important have partners been in reaching the growth you are at now?
Incredibly important. We wouldn't have done it without them, for many reasons. We needed the early channel adopters who helped us in the early years. They were the door-opener for every region. Then they morphed into the only way to scale. The channel is crucial.
What are your future plans for the business?
We want to grow geographically. We do a lot in the Americas and in EMEA, but we are very early on in Asia-Pacific and Latin America.
We will continue with our organic growth but we will also be looking at acquisition opportunities. We are not in a rush to acquire anyone, but the two acquisitions we made in 2015 [Cybertinel and Viewfinity] really worked well for us.
Do customers show enough interest in security or is it something people take for granted?
The health of the information security sector [lies in the fact] that budgets are only growing. It's not that they don't care or won't buy security, they do buy it.
Customers these days could be inundated with too many security vendors, but I don't believe it can all be done by one vendor. If you try to be a jack of all trades, you will be a master of none.