“It’s a match” – how the in-house Venture Client Unit connects OTTO Security with start-ups
And: how artificial intelligence can help prevent cyber threats
“A people company. Driven by technology“ – and it’s not just since the transformation into Germany’s largest online marketplace that technology and innovation have been a top priority at OTTO. One third of all employees are already techies – and this number is expected to increase. Despite its internal innovation strength and tech expertise, OTTO also keeps a close eye on the start-up market to identify new solutions and gain impetus for its own developments and processes.
The OTTO DOCK 6 Venture Client approach
A few years ago, we professionalised this approach through the establishment of the Venture Client Unit OTTO DOCK 6. “The innovation potential in the start-up market is enormous”, explains Venture Client Manager Julia Kunstmann. “Our goal is to provide a space where this potential can be quickly put into practice.” With a systematic and standardised process, the Venture Client Unit supports start-ups and corporate companies from the initial matching phase to the full integration of their respective solutions. We use it at OTTO ourselves, too. Both sides can benefit equally from this: start-ups can test their solutions in the environment of a leading e-commerce player, while OTTO can test new approaches in its own tech environment to address internal and external challenges.
Artificial intelligence can help prevent cyber threats
Cybersecurity is a key challenge for many companies. Experts note a significant professionalisation of cybercrime. At the same time, the application architectures that require protection are becoming increasingly complex and are constantly changing. Many companies are turning their attention to the start-up market to keep up with these developments:: “Cyber threats are rapidly evolving. Companies must face this challenge head-on and dynamically strengthen their own capabilities. Start-ups are particularly interesting in this respect, as they often address specific aspects of cybersecurity and develop highly targeted solutions”, says Ralf Kleinfeld, Information Security Officer at OTTO. This is precisely why he turned to OTTO DOCK 6. The brief: to screen the market for interesting innovations that not only protect algorithms from attacks but also incorporate artificial intelligence into cybersecurity solutions.
The start-up scouts begin their search
With this relatively open objective, the start-up scouts of DOCK 6 set to work. “After clarifying the task with the department, we reached out to various groups to find suitable solutions. To do this, we engaged with our own contacts in the industry, scanned various databases, and matched suitable companies with the department’s requirements”, recalls Julia. Not just any start-up is considered by the experts: to work with DOCK 6, the start-ups need to fulfil numerous criteria, such as having Series A funding and a market-ready solution.
“In the course of our research and in consultation with the department, we gradually approached the topic of Cloud Native Application Protection Platform – CNAPP for short”, says the Venture Client expert. One of the CNAPP approaches addresses the entire footprint of cloud applications from a security perspective; from the source code and secure cloud configuration to protecting applications throughout their entire runtime.
After the research process, the Venture Client Unit drew up an initial longlist of eligible companies. Three of them were then selected to undergo final evaluation by the department to launch a pilot project with OTTO. From these companies, Wiz was chosen.
A prioritised approach towards cyber threats
Wiz, an Israeli start-up, helps companies to secure their cloud infrastructures. Its platform identifies vulnerabilities, misconfigurations, and network exposure in the cloud environment in an automated and risk-oriented way, displays them in a clear dashboard, and provides recommendations for action. Michael Dielman, Account Executive at Wiz, summarises the company’s value proposition: “Wiz uncovers risks that other tools fail to detect. We are able to contextualise threats, thus enabling security and compliance teams to prioritise them. Not every threat needs to be tackled with the same degree of urgency.”
For Ralf Kleinfeld, it was a clear match: “We had some important requirements, and during the evaluations, it was Wiz that convinced us the most that they could fulfil them. The provider’s solution aligned well with the CNAPP concept, and we were impressed by how much of this concept was already being implemented by Wiz.”
From the pilot phase to permanent operation
Once the decision had been made, DOCK 6, in close coordination with relevant compliance departments at OTTO, intiatied all processes for reviewing contracts, data processing, and other requirements. At the same time, kick-off with Wiz took place. And then things really took off – the solution was implemented in OTTO Security and thoroughly tested.
Ralf summarises the result: “Wiz accurately identifies misconfigurations and vulnerabilities. Our experts can detect threats to resources at an early stage and close these gaps.” In the increasingly complex and dynamic threat landscape that cloud infrastructures face today, the assessment of the risk posed by these vulnerabilities is particularly helpful in prioritising which findings need to be addressed and when.
For OTTO, it quickly became clear that Wiz would remain in operation on a permanent basis. Ralf concludes: “The experience with Wiz shows us that start-ups can provide real value. We will continue to pursue this approach in the future when seeking solutions to new problems. In particular, the flexibility with which Wiz accommodates our requests – which is also a part of the start-up mentality – is an added value that we absolutely need in technology as well as in our own approach.”