The traditional company data center is disappearing. Meanwhile, cloud adoption is accelerating. Companies need to figure out how to manage the influx of SaaS–and fast. The financial, legal, security, and productivity stakes are too high to delay any longer.

Cleanshelf helps companies minimize these risks and maximize the benefits of cloud transformation. Michael Lines, our new CISO and Head of Product Security gets it.

In fact, the idea of helping companies solve a major problem that they may not even be aware of lured him back into the startup world after decades of running information security for corporates across the globe.

Read on to hear more (and see why he’s already evangelizing SaaS management to his infosec peers everywhere!).


Cleanshelf's CISO and Head of Product Security, Michael Lines

Hey Michael! Please share a little bit about yourself.

I grew up all over the world; everywhere from Spain and Libya to the Azores. Global experiences shaped who I am and how I perceive the world.

For the past twenty years, I’ve focused on information security. As CISO for several globally-dispersed organizations, I bring a unique perspective on the diversity of security and privacy challenges that exist, and how culture, laws, and regulations around the globe should transform how we think about information security and privacy.

What prompted you to step back into the startup world with Cleanshelf?

Before I was introduced to Cleanshelf, I hadn’t really considered the problem of how the proliferation of SaaS solutions was impacting companies. Once I thought about it through the lens of information security and risk, the lightbulb went off. I was instantly sold on both the problem and Cleanshelf’s innovative approach to solving it.

Besides being the innovator in the field, Cleanshelf is staffed by some of the smartest and most focused individuals I have ever met. The prospect of taking something great and making it even better is what enticed me to join Cleanshelf.

What problem does Cleanshelf solve for a CISO?

Companies are moving from home-grown and internally managed applications to SaaS-based tools because that's what they have to do to compete and survive. This introduces a two-fold problem.

"Companies need to get the most out of what they’re paying for."

First, the issue of known SaaS. This is where Cleanshelf helps companies become more efficient. Our platform integrates with existing procurement and management processes to make sure licenses are being fully utilized. Companies need to get the most out of what they’re paying for. Unused or underutilized SaaS is a cost and productivity drain.

Second, the issue of unknown SaaS. This is where Cleanshelf discovers SaaS that companies aren’t even aware of. These tools have bypassed management and control processes; often in the form of shadow IT or other personally bought and managed applications. This is the greatest area of risk for companies. CISOs cannot manage and secure what they are not aware of.

From a security perspective, what are the biggest issues with unknown SaaS?

Not only do companies not know anything about it, but they haven’t performed their normal risk due diligence for those relationships. Data is widely shared with these vendors by their employees. Often, this data is quite sensitive, and without knowledge of who it is being shared with, companies have no control over it.

Consider the implications: What happens if that unknown SaaS vendor gets hacked? Companies will have a breach that they may not know about until some investigative reporter emails them asking for a comment. This is not a far-fetched scenario.

What should today’s security officers prioritize?

The remote work migration weakens companies’ abilities to monitor and control their employees’ IT usage. Individuals are more likely than ever to try and buy SaaS products to help them stay productive while working from home. We’re seeing this with file-sharing and collaboration tools in particular.

"Regular risk management programs, like vetting vendors and ensuring proper contractual requirements, are being bypassed."

These well-meaning employees are exposing their companies to significant risks. Regular risk management programs, like vetting vendors and ensuring proper contractual requirements, are being bypassed.

Through this unmanaged activity, employees are undermining their company’s information security program and controls, and exposing their company (and their company’s customers and sensitive information) to the risk of data loss and information disclosure.

This should be top of mind to every CISO out there.

Sounds like a big problem, and a big opportunity. We’re glad you’re here to help us with both. Thanks Michael.


To learn more about Cleanshelf’s leadership team, check out our blog. Most recently, we interviewed Mike Phillippi, our new VP of Marketing.

To learn more about protecting your data and discovering unknown SaaS, set up a demo with the Cleanshelf team today.

3 Likes

About Cleanshelf

Cleanshelf is the leading enterprise SaaS management platform focused on tracking, controlling, and benchmarking SaaS applications. Their SOC 2-compliant and AI-powered technology helps companies save up to 30% on their SaaS spending by automatically identifying unmanaged contracts, duplicate licenses, and wasted cloud software subscriptions. Based in San Francisco, Cleanshelf provides an enterprise-grade solution to over a hundred clients, including Qumulo, Wodify, and CoStar Group.

Comments (0)