Interview: LeedsSource CEO Ari Leeds on Permatrix and Salesforce security
Four years after its launch, LeedsSource is expanding into a new market. The Massachusetts-headquartered Salesforce consultancy is entering the security and compliance software space with a homegrown application called Permatrix.
LeedsSource says that Permatrix improves the security of Salesforce environments by making it easier to manage users’ access permissions. Boardroom Insight recently caught up with LeedsSource’s founder and CEO, Ari Leeds, to discuss the consultancy’s new software in more detail and get a partner perspective on the state of Salesforce cybersecurity.
Boardroom Insight: IT consultancies that decide to build software often go down the productization route because they want to more efficiently tackle a challenge they find themselves solving regularly for clients. Is that how your team got the idea for Permatrix?
Ari Leeds: That definitely played a big role in it. I have also, in past jobs, been involved in taking cyber security products to market and have been well exposed to the cloud security and compliance product world which provided a unique angle into the perspective of those types of stakeholders. On top of providing consulting on the best ways to approach permissions, we found ourselves needing to get answers faster. This ultimately led us to creating this tool, turning hours into clicks.
Boardroom Insight: Salesforce has built-in access controls for managing users. In what ways exactly does Permatrix extend those controls?
Ari Leeds: Salesforce provides the tools but not the visibility into the outcomes and impacts of those tools.
Think of a permission set in Salesforce as a checkerboard, where every square represents a different possible permission. Now imagine your users have 100 checkerboards, each with the same set of squares (permissions possibilities), but each one with different squares activated (permissions selected), and you have to pull each board out one by one and add up all the squares that were checked off across all boards to find out the total scope of activations for a single user. This is very tedious and prone to error.
Permatrix essentially does these types of analyses for you with a single click, answering questions that have to do with users’ entire permissions scope across the entire environment. You may want to know if Sam has access to “View Encrypted Data” or “Export Reports” – you can either go look through page after page of Sam’s profile, permission sets, and permission set groups, or you can get the answer in Permatrix almost instantly.
So Permatrix can help you have great visibility for compliance purposes while allowing you to construct permissions designed for least-privileged-access security.
Boardroom Insight: Can you talk a bit about your decision to make the software free rather than going down the subscription-based SaaS route?
Ari Leeds: We did actually start with a paid model but realized it was becoming a barrier to entry. We were seeing every single day the struggles that people were facing with permissions in our consulting business and in messaging forums, but didn’t have the platform to show that we had a better way. Tools like this often struggle to get budget approval until it’s a major pain point, but we didn’t want that to be a showstopper for something that we are very proud of – if we listen, iterate and improve, we will be able to hopefully offer something even more advanced in the future.
Right now, it’s all about helping people, showing them a better way, feeling their pain points and constantly improving. So many admins out there are either in “profile jail”, or are basing permission sets on individual objects just to make auditing permissions easier while sacrificing security and running into limits. We want to help put people into a place to succeed right now as our philosophy is baked into every aspect of the tool – and because there are so many other free permissions tools that are more like permissions multi-tools (allowing users to make sweeping bad decisions) instead of smart analyzers we decided to make sure we offered our something better to the same audience.
text
text