Industry Influencer: Dean Drako Lives His Own Vision Quest for Security

June 9, 2021
Pioneering cloud-based security services is only the starting point for security’s future

To categorize Dean Drako as a driven entrepreneur would be as foolish an understatement as informing Dorothy in the Wizard of Oz that she wasn’t in Kansas anymore. A serial problem-solver, Drako has impacted Silicon Valley taking on technology and network issues for close to two decades. From aggressive cybersecurity data-storage solutions tackled by his co-founded company Barracuda Networks in 2003 to the ever-progressive Eagle Eye Networks he founded in 2012 after frustrating attempts to deploy and integrate existing video surveillance options remotely with Barracuda, Drako has been an influential presence in both the physical and network sides of the security industry.

The goal for Drako and the Eagle Eye team initially was to create sustainable third-party partners in order to facilitate the delivery of cloud-based video services, which would stream and store live and recorded video, generate notifications and support real-time analytics and eventually lead to the industry's first cloud-based video solution with an open API. But the universe expanded in 2015, when the Eagle Eye Networks' CEO wholly acquired Brivo, a cloud access control company, seeing an opportunity to accelerate the cloud technology shift underway in the physical security industry by integrating both access control and video surveillance into a seamless cloud solution.

Meeting the Security Challenge

Drako’s dedication to expanding the cloud universe is ripe with challenges – some of the industry’s own making. The hack of the Verkada video cloud platform incensed most security professionals in the industry. Drako was certainly one of them. His initial reaction was that it was bad news for an overmatched competitor, but at the same time, it was a blow to the industry’s credibility. Cloud security has been a top-of-mind priority since Eagle was launched and Drako admits he is no stranger to those who lack the skills or professionalism to secure their cloud environments.

“There are two areas that you need to pay attention to for security. One is what you would characterize as your technical risks. Those are hackers from Korea or China or down the street, you know, script kiddies, trying to get into your computers to steal your data or trying to use your machines for bitcoin mining or get the cameras to do bitcoin mining. Bad actors trying to either get you for ransom, steal your data. They're kind of the rogue hackers out there in the wild,” says Drako, adding that these problems can be solved with layered defensive strategies that might include consistent security scans, audits by security professionals and security teams that perform black-box kind of penetration testing.

“The second threat factor that you have to kind of worry about is the employee. The disgruntled employee we'll call them. It's not always the disgruntled employee, but sometimes it's an employee who makes mistakes, sometimes it's an employee who doesn't follow the process or procedures, sometimes it's an employee trying to be helpful to someone that they're not supposed to be helpful to. But then again, sometimes it's just an employee doing something stupid and accidentally copying their laptop up to the cloud on a public server where somebody starts crawling it and sees passwords in it and scoffs them up. Or it's a disgruntled employee who purposely posts or sells your information because they had access to it, and they didn't get the review or raise that they thought they deserved.”

As cloud solutions expand and cybersecurity evolves to address that growing enterprise, Drako and other visionaries agree that the real issue for future growth is going to be people. The lack of qualified and cost-effective cybersecurity staff is creating a paradigm shift in how small to mid-sized companies are approaching their cloud operations. Security as a Service (SECaaS) is a cloud-delivered model for outsourcing cybersecurity services. This approach to cloud security mirrors models like Software as a Service, which provides security services on a subscription basis hosted by cloud providers. These Security as a Service solutions are becoming increasingly popular for enterprise organizations as a way to ease the in-house security team’s responsibilities. But for smaller organizations, this solution helps scale security requirements as the business grows and aids in avoiding the costs and maintenance of on-premises alternatives.

“Leveraging cloud security is a people issue. When I was at Barracuda there was no such thing as cloud email for companies, so we ran an exchange server. Running an exchange server was an arcane art. To keep it running reliably and redundantly for 2,000 employees, you had to buy special hardware, you had to buy mass servers, and everyone's worried about their mailbox getting full, and all kinds of stuff,” says Drako, who brings home the dilemma by relaying the story of the one guy at the company whose full-time job was to keep that email server running.

” If he quit, we were kind of lost, right? We couldn't afford to have two guys for this job. We had a backup guy, but he didn't know as much as the main guy. So, when you go to cloud, you eliminate that dependency. The cost is lower, you save a little money, but you really eliminate that Achilles heel of having to have the expertise in-house. And that goes for the Eagle Eye security cameras, as well as subsequent cybersecurity and other network critical operations. You can get someone else who is devoted and dedicated to it, then you eliminate that personnel dependency, but at what cost?”

The bottom line for Drako is if you want to migrate more video surveillance operations to the cloud and meet the needs of smaller organizations, you have to make the solution secure and cost-efficient. Emphasizing that Eagle Eye as a company is playing by the same rules as the small to mid-sized clients it represents, it must abide by similar restraints.

“We run our cameras in the cloud, and we run the Eagle Eye servers in the cloud. But we have no servers in the office There's also no email server in the office, there's no disk drive, no file servers in the office, there's no CRM system in the office, there's no marketing automation, there's no website server in the office,” adds Drako, stressing there is not a rack of equipment to be seen in its corporate office, and that’s been the recent trend for business operations and will remain so for the next decade.

“As people migrate to cloud for most of their business operations, the video surveillance business has to come along. No one's going to leave that rack there just with the video surveillance server on it. The video surveillance industry for the cloud is still in its infancy, but when the CRM industry was evolving, Salesforce had its breaches, Google had its email breaches. All of these guys had breaches at some point or another. And, we still have breaches. But you need to be proactive with your dealers and your end-user clients. As far as video is concerned, security is going to get better and the march to the cloud is just going to continue.”

Being the futurist he is, Drako is already mapping out the world beyond the cloud 20 or more years from now. While his vision may resemble an episode of Star Trek: The Next Generation, he is deadly serious.

“It’s going to get a little crazy. People will have sensory devices plugged into their brains. A buddy of mine was working on a project for what we call memory augmentation. Basically, you wear a camera 24/7 and it just takes pictures, every 10 or 20 seconds or something, and then sends {the images} up to the cloud. You’ll have Siri in your ear, so when you walk into a room, Siri is saying, ‘Oh, that's John Doe over there with the glasses. You last met him on February 17, 2034. He just had a daughter, they posted it on Facebook.’  That is going to happen. You can see all the pieces aligning now; the wearable cameras are already here, the cloud-connected cameras are already here, the AI is here, the Siri thing is already going on. All of that is coming together,” concludes Drako.

About the Author

Steve Lasky | Editorial Director, Editor-in-Chief/Security Technology Executive

Steve Lasky is a 34-year veteran of the security industry and an award-winning journalist. He is the editorial director of the Endeavor Business Media Security Group, which includes the magazine's Security Technology Executive, Security Business, and Locksmith Ledger International, and the top-rated website SecurityInfoWatch.com. He is also the host of the SecurityDNA podcast series.Steve can be reached at [email protected]