Working in cybersecurity and zero trust with Ericom Software’s David Canellos

Join top executives in San Francisco on July 11-12, to hear how leaders are integrating and optimizing AI investments for success. Learn More

VentureBeat sat down (virtually) with David Canellos, president and CEO of Ericom Software, to gain his insights into the unique challenges and opportunities of helming a leading cybersecurity provider today. Previously, Canellos was SVP of global service providers for Symantec, which he joined through the acquisition of Blue Coat Systems. He has also held various executive positions with the Oracle Corporation, Versatility and SAIC.

Picture of David Canellos.
David Canellos, president and CEO of Ericom Software. Image source: Ericom.

The following is an excerpt of VentureBeat’s interview with David Canellos: 

Why cybersecurity?

VentureBeat: How did you get started in the cybersecurity industry, and what keeps the field fascinating to you? 

David Canellos: Nearly 20 years ago, I peered around the corner and realized that the pace of technological advancement and digitalization of every aspect of life was escalating — the internet was expanding, ecommerce was challenging the brick-and-mortar model, smartphones had just been introduced, premium digital content was available online, cloud computing was starting to emerge, Google search had become a thing — but cybersecurity wasn’t keeping up. If anything, it was an afterthought, bolted on versus being built in by design.


Transform 2023

Join us in San Francisco on July 11-12, where top executives will share how they have integrated and optimized AI investments for success and avoided common pitfalls.


Register Now

Since insiders were trusted, network security was “castle-and-moat,” designed to protect against external threats like distributed denial of service attacks on popular or important websites. The gaps that this model left open represent a large attack surface that continues to grow as digital transformation proceeds.

Back then, I lucked out and found Cloakware, an early-stage cybersecurity provider that created software to protect source code. A fascinating proposition — to secure sensitive software like digital rights management and online gaming, defend military equipment from reverse-engineering by a potential adversary to get at highly sensitive software secrets, secure root passwords of critical infrastructure, and so on. Once bitten, I went all in on cyber and haven’t looked back.

What keeps me going is the dynamic, constantly evolving nature of the cybersecurity industry — always something new to learn and new challenges to tackle. And the stakes are higher than ever, which makes the industry exciting.

VentureBeat: What led you to take on the CEO role at Ericom? What are the favorite parts of your role?

Canellos: Ericom is a fascinating company that went beyond intriguing for me. 

When I joined, the company was in the early innings of an intentional pivot from its successful heritage of remote access to cybersecurity, and the foundational pieces were in place: a blue-chip customer base, real revenues from production customers vs. pilots or POCs, technology and GTM partners and, most importantly, a talented core team. My belief was I could have an impact by stimulating further growth, in particular, by extending the strategy to develop a cybersecurity access platform on the public cloud, delivered globally as a true, cloud-native service.

The roots and epicenter of Ericom are in Israel, a country known as a startup nation in large part due to its disruptive cybersecurity innovations. Security is intertwined in the culture and way of life in Israel, and hence the access to talented and creative people — especially engineers — aiming for cybersecurity careers was attractive. 

The company was and is bootstrapped. There’s no venture capital or private equity, so customer sales are what funds the company. So no preferred class of shares, a simple cap table and a level playing field for all Ericom stakeholders. This results in a sense of ownership and shared mission across our employees, allowing us to feel connected to what really matters and that the work we do has a greater sense of purpose. 

It’s been a heavy lift for all of us. For me personally, it’s been satisfying that Ericom scratched my itch to (1) learn and grow professionally, (2) make some money, and (3) have fun. Wrapping all of this into one phrase, it’s the creation of a company culture embodied in what we call #OneEricom.

Zero trust and the security stack

VentureBeat: What is Ericom’s vision of zero trust, and how does that guide the roadmap of your products and services?

Canellos: Consistent with the view of our chief strategy officer, Chase Cunningham, who helped validate and extend the zero-trust concept while at Forrester, our products implicitly trust no one, verify often, and make sure if and when an attacker gets in, they are restricted by segmentation so they can’t cause widespread damage. In effect, minimizing the blast radius of anything that goes wrong.

Our roadmap is guided by our commitment to creating products that help our customers actualize that zero-trust vision in their organizations.

VentureBeat: Ericom’s first move into the cybersecurity market was with a remote browser isolation (RBI) solution for web security. Why did the company start there? 

Canellos: Ericom has a strong history of developing remote access and connectivity solutions. At one point, we found that our virtualization solutions were being used in Japan, one of our key markets, to help organizations comply with an “internet separation” requirement — basically ensuring that any system accessing the web was separated from the rest of the network for security purposes.

While these customers were achieving effective separation, virtualization was not a great solution from either the user experience or cost perspective.

By developing a highly scalable and cost-effective remote browser isolation solution, we made a real difference for our customers.

VentureBeat: How has your solution evolved over the past few years?    

Canellos: More than our RBI solution has evolved; our product portfolio has evolved well beyond RBI to provide a full cybersecurity stack. 

Ericom now delivers a full-stack cybersecurity platform aligned with Gartner’s Security Services Edge (SSE) model on a global cloud infrastructure. This multi-tenant platform includes an integrated set of controls that simplifies operations and improves security outcomes. It includes a secure web gateway with built-in RBI core, clientless and client-based zero-trust network access (ZTNA) options, cloud access security broker (CASB), data loss prevention (DLP), and more.   

We invested heavily in developing this cloud-native solution, including the underlying architecture, which we call the Ericom Global Cloud. It is a high-availability, elastic, cloud-native infrastructure that scales to deliver an outstanding, low-latency user experience. We built it on public cloud IaaS, so it’s not tied to any specific provider’s infrastructure, which results in unique flexibility, performance and cost advantages. To date, more than 50 Ericom Global Cloud points of presence (POPs) are available, and we are adding more this year.  

VentureBeat: What are the primary security use cases you are seeing organizations address with your SSE solution?    

Canellos: Despite some return to the office, distributed remote/home-based work has become a permanent fixture in most of the markets we serve. There is a huge need to connect these workers to corporate apps securely — whether to SaaS apps like Salesforce or ServiceNow, or corporate cloud or legacy apps, so this is a key use case. We address this need with the ZTNA capabilities in our platform and our CASB solution.

On the topic of securing work from home, I’m particularly excited about our clientless ZTNA solution, which protects corporate apps and data from risks and threats from unmanaged devices and BYOD — a big challenge for organizations.  

Use of unmanaged devices is on the rise. For example, new distributed work environments and flexible team structures have made use of third-party contractors the norm in most organizations. Contractors typically need to access many of the same apps and data that an organization’s salaried employees use each day. 

But unlike employees, contractors typically don’t use laptops that are provisioned and managed by IT departments, so it is challenging — or impossible — to deploy and configure the necessary VPN software and endpoint security on their laptops. As a result, unmanaged devices represent a unique threat to a company’s data, as well as the security of their entire network.

Our solution allows IT teams to set and enforce granular app access and data-use policies for unmanaged devices in the cloud without installing any agents or changing configurations on contractors’ devices. Using their standard web browser, contractors log in as normal, yet their privileges and application use can be controlled. The extensive, policy-based security controls provided by the solution are noteworthy in a solution that is simple to use and deploy.

Our customers also need to protect all users as they interact with the web, whether they are onsite or remote. To address web security, our SWG has web isolation capabilities built-in, as well as DLP for data security. 

Phishing prevention is a particular concern since, despite widespread mandatory antiphishing training, users keep clicking on emails and links. Our platform’s unique antiphishing solution allows IT teams to have websites launched from links in emails open in a read-only, isolated mode to help prevent credential theft and block malware. 

Unlike nearly all other SSE vendors, Ericom’s platform includes identity management capabilities with multifactor authentication as a standard component. Zero-trust starts with understanding identity. Once an enterprise authenticates an identity, it can enforce the appropriate user-level authorization and access policies. This is fundamental to zero trust, so it is core to our platform.

Building a global cloud infrastructure

VentureBeat: I’ve seen a number of announcements about the build-out of your global cloud infrastructure. Why are additional POPs important enough that you announce them? 

Canellos: Having differentiated security capabilities in your SSE service is only half the equation for a security vendor like us. Equally important is how you deliver these capabilities — and that is what makes our growing number and distribution of POPs newsworthy.

We are very proud of the cloud infrastructure we’ve developed. The Ericom Global Cloud is a high-availability, elastic, cloud-native infrastructure that scales to deliver an outstanding, low-latency user experience. It is built on public cloud IaaS without being tied to any specific provider’s infrastructure, giving it unique flexibility, performance and cost advantages. 

As you mentioned, we are quite active in building it out. To date, more than 50 Ericom Global Cloud POPs are available. 

VentureBeat: Can you discuss any challenges Ericom has faced in developing its technology or bringing its solutions to market and how it overcame them? 

Canellos: Well, on the technology front we’ve discussed a few, such as designing an IaaS provider-agnostic global cloud infrastructure or developing new solutions for thorny issues like unmanaged device access, phishing or virtual meeting security. We tackled all of these as a boot-strapped organization, taking in no outside institutional capital.

This required us to stay very disciplined on the technology side of the house, working side by side with customers and partners, staying laser-focused on key priorities, and closely following the build-measure-learn approach defined in The Lean Startup, Eric Ries’ famous book (which lives right here, on my desk).

On the go-to-market front, we took the time up front to identify strategic partners with strong mutual technology/product/service alignment in order to create efficient routes to market. 

Building a cybersecurity career

VentureBeat: What advice would you give someone interested in pursuing a career in cybersecurity?

Canellos: Three things come to mind:

  1. To embark on a career in cybersecurity, it is crucial to familiarize yourself with the various areas of specialization in an ever-broadening field. This can include network security, application security, cloud security, cryptography, and other areas. Setting up a personal lab environment to experiment with different tools and techniques can help you gain practical experience and develop your skills.
  1. The cybersecurity landscape is continually evolving. Staying current with the latest trends and technologies is essential for success. So read blogs, listen to webinars, attend conferences like RSA and Black Hat, and read industry publications.
  1. Building a network of cybersecurity professionals can give you opportunities to learn about new prospects, obtain industry insights and establish valuable relationships that can help advance your career. Keep in mind that staying engaged and connected is critical in such a competitive and rapidly evolving industry.

VentureBeat’s mission is to be a digital town square for technical decision-makers to gain knowledge about transformative enterprise technology and transact. Discover our Briefings.