Executive Q&A: Reuven Harrison CTO and a Co-Founder of Tufin

Can you tell me about Tufin?  

Tufin has developed a policy-centric approach to security and IT operations that enables enterprises and their security and development teams to do more with less, and to do so with greater accuracy and agility.  

Agility with security is the key here. Today’s large enterprises must find a way to balance these two seemingly opposite requirements. This is no easy task considering most organizations have a hybrid network, not to mention the rapid adoption of cloud-based computing. Corporate networks will continue to grow in complexity to meet the demands of the business, making them essentially unmanageable. As a result, they face an increased probability of security breaches, exposing sensitive data and resulting in fines and loss of reputation, or worse, loss of business.   

Tufin’s security policy automation solution delivers end-to-end network security across the hybrid enterprise infrastructure.  

What is your role and responsibilities at the company?  

I am the CTO and a Co-Founder of Tufin. In my role, I am responsible for Tufin’s future vision and product innovation. Ultimately, I keep an eye on industry trends, listen to the feedback our customers have about their biggest pain points, and my team and I develop solutions to meet those challenges.  

I have a particular interest in developing solutions for security and development teams to work together in a way that will ensure a robust security posture whilst increasing agility.  

How do you help organisations to manage and enforce a unified security policy? 

In most organisations, there is no central repository where security policies are kept and updated. Instead, admins rely on spreadsheets or institutional knowledge. As such, policies deteriorate along with organisational changes. 

Our belief is that a centralised, automated security policy solution can deliver security with agility in a hybrid multi-cloud world. With a centralised security management layer that sits on top of all of the infrastructure, organisations can easily visualise, analyse, create, and implement security policies across the entire hybrid network. With a policy-based approach and a central management console that connects to all network and cloud platforms, changes can finally be automatically vetted for policy compliance, properly designed and properly provisioned. Once automated, security policies can be built into the network and application change process and integrated with ITSM workflows, so that security changes can be reviewed and approved/denied in minutes instead of days.  

How important is it for businesses to have greater visibility of their applications?  

Businesses need full visibility of their applications and connectivity requirements to ensure undisrupted service, rapid innovation cycles and continuous security.  Gaining total awareness and visibility is critical for businesses. Without full visibility, IT teams struggle to manage their complex, fragmented networks and configure policy rules using disparate solutions. If you can’t see it, you can’t secure it. This leads to: configuration errors that expose the organisation to attacks; inconsistent security policy enforcement; re-work due to manual errors; excessive time spent on routine tasks; and challenges decommissioning rules, servers, or applications.   

Understanding the entire network topology ensures that you know who is talking to whom and what is talking to what across physical networks and hybrid cloud platforms. This helps to detect potential threats and network access anomalies, connectivity and compliance violations, and measure the security gap you might have. With that visibility and knowledge, you can begin to gradually apply remediation or implement policy changes.   

What do you see as being one of the top emerging cyber trends this year? 

As enterprises embrace the cloud as their main compute platform, new attack vectors are being exposed and targeted by cyber criminals. Whilst it is normal for security controls to follow new technologies and we are already seeing organisations close this gap using security groups, cloud firewalls, proxies and other security controls, there is an additional and unique factor in this case which amplifies the risk: the gap between traditional network security teams and cloud dev teams who are operating the cloud. 

This gap consists of different tools, processes and business objectives between both security and dev teams. As a result, developers are unintentionally exposing the organisation and its customers though cloud misconfigurations which may lead to data breaches, service interruptions and ransom demands. 

What can we expect from Tufin in 2022? 

As the security policy company, Tufin has been a leading provider of solutions that help organisations manage security risk through the network change processes. In 2022, Tufin will extend this solution to help enterprises bridge the gap between security teams and cloud dev teams. The solution will leverage Tufin’s holistic view of security controls across the hybrid network and our deep understanding of security business processes and developer processes and tools.