Q&A: Three Reasons I Chose to Become a Conjur Advisor


April 25, 2017 | DevOps | Conjur


Correy Voo has known Conjur for several years and recently became an advisor to the company. His distinguished career includes senior technology leadership roles at global telecommunications and global financial services firms, chairing industry groups, and advising a number of innovative startups. He is currently Chief Technology Officer at Showt.

We recently had a chance to chat with Correy regarding his involvement with Conjur.

Conjur: Correy, thanks for your advice and support to-date, and for taking a few minutes for this chat. Please tell us a bit about your background.

Correy: I’ve been in roles at the intersection of business and technology for most of my career. I started out in consulting with BT, where I ultimately became the CTO and Chief Architect. Then I went to Bank of America for several years in a similar CTO / Chief Architect capacity and then spent a few years at UBS as Platform Services CTO / Group CTO where I had various responsibilities such as setting the technology strategy for Bank wide technology services. In those roles, I was always exposed to interesting startups and upon leaving UBS I decided to focus my energies on working with startups more closely and more formally, and on starting up my own technology firms as well.

How Did You Connect with Conjur?

Whilst at UBS, I was in the Boston area for business and was invited by our Wealth Management division to attend a client dinner engagement for the Boston Tech / Financial Services community that Elizabeth (Lawler, Founder and CEO of Conjur) was also attending. We got to chatting about Conjur and what it was offering in the area of Next-Generation Privileged Access Management (PAM) and that was the nexus for an ongoing dialogue regarding market dynamics, product strategy, and so on. Those conversations started to become more frequent, and at some point it just made sense that I formally sign on as an advisor.

Why Did You Decide to Work With Conjur?

I saw that the firms I worked with and the startups that were vying for their business were still solving problems for the “old world”. Conjur was unique in several ways that intrigued me regarding a very forward-looking view of where the world was going in terms of utility computing and automation, and specifically how to maintain the necessary levels of controls when using these new technology options.

Firstly, Automation. Conjur provides the first solution to market that is focused on solving the PAM problem for DevOps. If you look at the development and direction that technology is evolving in – Machine learning, AI, automation, robotics, etc. – it involves less and less participation from humans. All the PAM solutions to-date are designed to be human-centric and in the new world, the human is typically the bottleneck. Conjur is built for new word — If an application or machine is asking for access, so long as it’s within policy, can be granted without human involvement in a secure, controlled and policy assured manner which is still in keeping with the need to protect and defend critical assets and processes.

Secondly, Ease of Use – Conjur is built for business and DevOps to help them address security and compliance demands in a rapidly evolving and highly flexible set of operational conditions. The incumbents are all built with the security admin in mind as the target user. What’s needed today is a solution that allows business users to apply security to the right things for the right reasons using policy. Conjur is a business tool that manages security, rather than a security tool per se – it fits well into the new world operating models and processes that are being used to run modern businesses. Conjur is a tool for modern Business Technology, not legacy boundary controls.

Most importantly, Conjur is built for the Cloud and other modern infrastructure, and application, technologies. All industries that have developed reliance upon infrastructure and application technologies will continue to evolve and doing so, will continue to exploit more effective technology solutions such as Machine Identity, IoT, and M2M computing at significant scale. Everyone has been trying to get current PAM solutions like CyberArk and the like to work in the new world – cloud, containers, utility computing – and finding that they are not suitable – old world practices just do not work with modern, boundary-less, agile solutions. Companies trying to control applications and services in external cloud systems like AWS and Azure the same way they controlled their traditional data centers are struggling. Most medium and large organizations are living in a hybrid reality where they’ve still got a significant legacy data center footprint, lots of new cloud-based infrastructure, and there are more new technologies, architectures etc coming down the road. Companies need to be able to apply common policy controls across an increasingly fragmented and evolving set of services and infrastructures from a common control framework that still addresses the corporate risks. Conjur is the only system available that had the practical functionality to support this hybrid current-state moving to future-state.

Where Would You Like to See Conjur Evolve?

In terms of where the technology is today, I think Conjur and it’s customers and prospects have a significant opportunity to deploy the technology as a migration platform to help get customers move off of legacy IT and onto modern IT platforms. Conjur has the ability to reach into the old world and help pull companies forward to the new services by applying a uniform set of policies across all.

As far as what the future holds, I’d like to see Conjur put machine learning into the product so that humans can be further removed from the day-to-day repetitive tasks of policy management, enforcement and governance – once the fundamental principles have been configured into the master policy console. This will allow users to start with static rules that are initially manually defined and then use the system to learn more about how the environment is actually operating based on those rules and how things are being added / changed etc. It would be interesting to have dynamism built into the platform so that it’s constantly learning and growing through inference and experience so that it is able to self-govern based upon a set of master policies which are described as business rules

Any Parting Thoughts?

As a long time technology geek, it is always good to see a small company take an idea and cause waves in a traditional domain, constantly challenging the status quo in a market that has a lot of outdated, legacy, ideas and companies. I’m enjoying helping Conjur punch way above it’s size — as evidenced by your traction in terms of customer wins, partner engagements, and traction with the analyst community. 




Keep up-to-date on security best practices, events and webinars.

Share This