One Microsoft manager’s entrepreneurial vision for multicloud identity and access
In July 2021, Microsoft acquired CloudKnox, a leader in cloud infrastructure entitlement management (CIEM). Over the past two years, I’ve had the pleasure of getting to know the founder and chief executive officer (CEO), Balaji Parimi, who is now the Partner General Manager of Permissions Management in the Identity and Network Access Division at Microsoft.
Balaji’s journey from studying computer science to creating a successful startup to joining Microsoft is particularly inspiring. He didn’t have the resources or opportunities that many young people pursuing technology careers do, so he created them. He started out following the course of education and employment prescribed for him, and then he broke the mold. He moved to a different country, discovered his passion, and changed his focus. Along the way, he built a network of friends, teachers, and colleagues who recognized his talent, sincerity, and amazing work ethic.
Balaji didn’t get discouraged when he felt lost—he just kept going. And when he couldn’t find what he needed in the market, he invented it. Balaji is the quintessential entrepreneur, and I feel so fortunate that he and his team have joined our division.
Balaji’s interview with Microsoft Partner Director of Identity and Access Management Joe Dadzie has been edited for clarity and length. We’ve included three video snippets so you can hear Balaji talk about his career journey.
Joe: You have a fascinating experience. Can you tell us about your journey into computers?
Balaji: I grew up in a small, rural town. Forget about computers, I had never even seen a calculator until the tenth grade. This was South India in the late 1980s when there were only two good career paths: engineer or doctor. And engineer meant civil engineer—there were no other forms. Around sixth grade, I said, “I want to become an engineer.”
In India, about a quarter to half a million students take an entrance exam. If you were not in the top one percent, you didn’t get admission into engineering. I was the only member of my high school class (around 400 people) that went to an engineering undergraduate program.
In the early 1990s, the internet was not prevalent, especially in India. We didn’t have access to any electronics that I could tinker with, and cafes didn’t exist. My father was a state government employee, earning just enough to get by. My undergraduate fee for civil engineering was about USD3 a year. If not for that, it could have been very difficult for me to study engineering.
In my second year, I had a course in Fortran. That was the first time I ever touched a computer. I was blown away, but when you’re in India, it’s almost impossible to change your discipline to get a degree in something else. Until I came to the United States for graduate studies, I didn’t realize that it was feasible to pursue computer science.
Video snippet 1: Balaji explains why he went to graduate school in the United States.
Joe: You ended up in Illinois, right?
Balaji: Yeah. I got admitted to Bradley University in Peoria, Illinois. By then, I’d studied for four years in a big city college, and I started seeing things. Civil engineering is not the only discipline. If I wanted to do more things on my own in the future, what are the areas that could help me? I needed to make things happen on my own. That was always in my DNA—I wanted to make things happen.
I enjoyed Fortran programming, but I did not know that I could switch to computer science. When I realized that it is possible, I spoke to the computer science department chair about my interest in switching to computer science. They gave me admission, with some prerequisite course requirements.
Joe: You went from Fortran and construction civil engineering to computer science. That’s cool. You mentioned a funny story about the Borland icon. Would you share that?
Balaji: When I did Fortran programming, it was all MS-DOS. There was no UI. My very first class in computers was a lab. The professor handed out a paper with an exercise. You double-click the Borland C++ icon and start typing. I double-clicked and started typing, but I couldn’t see anything. Meanwhile, the people next to me were typing and doing all kinds of things. I sat staring at this screen for three and a half hours, believe it or not. At the end of the class, I ran toward one of the graduate students, “Okay, tell me, what did I miss?” He nonchalantly double-clicks and does “file, new” to open the editor. The “file, new” instruction was missing from the exercise. Probably the instructor assumed, “Hey, who would not know this?” That was the experience that made me realize, “I have no idea.”
I’ve always believed in hard work. Like, if you don’t know, you need to figure it out. There is some genius-ness that is innate to you, but I think those kinds of people are very rare. For me, the only way that I can make progress is by knowing more and more. The only way you know more and more is to spend time. You’ve got to work on it. I used to do the same assignment in different variations, just so that I can practice and think differently.
Joe: That’s a great story! Once you finished graduate school, what came next?
Balaji: Naturally you go look for a job. Most graduate students from Bradley go work for Caterpillar. I was there a couple of years, but it wasn’t intense enough for me. My brother-in-law invited me out to Silicon Valley, where I worked for a startup, got laid off with the dotcom bust, and then worked at another startup as an architect on Voice over IP systems.
Then a friend encouraged me to join VMware, where I worked almost five years. Besides my day job, I was doing all kinds of research and performance experiments. This gave me an option to speak at user group conferences and get in touch with customers directly, which opened up my way of thinking in terms of software value creation. Rather than just displaying features and typing data sheets, think more about how you are solving a problem for somebody whose life is not engulfed in the software you develop.
When a bunch of VMware folks wanted to start a company, they asked me for help on the technical things and then asked, “Hey, can you come on board?” This gave me an opportunity to see what it takes to build a company—a front-row seat. I was the first engineer. I built the team. I built a lot of the systems and after four and a half years, one of the problems that I was trying to solve became CloudKnox.
Joe: What motivated you to start CloudKnox?
Balaji: I experienced the multicloud permission management problem firsthand. In both my VMware and Amazon Web Services environments, there were tons of identities in operation. I knew that all it takes is a one-liner to do pretty much anything. Any identities with excessive permissions can cause massive damage.
The combination of identity, action, and resource is the permission combination. I wanted to know, what are all the identities operating in my environment, human or non-human? What actions are those identities entitled to do? What actions are those identities actually doing for day-to-day operations? My focus was completely on getting answers to those questions. That’s it. Nothing else. I couldn’t find a decent tool out there to give me the answers. A friend at eBay confirmed that it’s a huge problem and that a solution didn’t exist. He said, “If you find something, let me know.”
Video snippet 2: Balaji explains why he started CloudKnox.
Joe: So, you wanted to solve the problem and started doing it. Can you go into what steps you took to do the startup? Doing a startup is more than just the idea.
Balaji: I realized I couldn’t work a full-time job and also work on the problem. So, I quit my job to focus full time on solving this problem and developed a prototype in a year. This was in 2016. By February 2017, I had everything that I needed to launch. By March, our initial set of four started working in a small 900-square-foot office with a conference room.
When one of my mentors, Suresh Batchu, a co-founder of MobileIron, took me to talk to half a dozen venture capitalists, everybody gave us a term sheet. We closed our seed round in July of 2017. About a year later, I gave a 10-minute demo to the former chief information security officer (CISO) of Blackstone, Jay Leek, who was one of the CISOs to validate our idea. We had a term sheet for Series A 10 days later. In 2018, Jay suggested that we apply to RSA Innovation Sandbox, and we ended up in the top 10 finalists.
Joe: You essentially helped create a new category.
Balaji: Yes. Then the Capital One incident happened. The market realized we needed something like CloudKnox, and things started accelerating. Gartner named us a “Cool Vendor” in the 2020 Gartner® Cool Vendors™ in Identity and Access Management and Fraud Detection.1
Joe: And so, we acquired CloudKnox, which became Microsoft Entra Permissions Management. It’s been a year since you and your company joined Microsoft, Balaji. How has integrating your startup into a big company gone?
Balaji: When Microsoft wanted to acquire our company, my big worry was, “Is this going to be Azure-centric? Or is it going to be multicloud?” In my first conversation with Joy Chik and Alex Simons, they shared the vision for multicloud. I was sold and excited to join. The kind of reception and the kind of help that we’ve gotten across different teams has been awesome. The moment the acquisition was announced, the kind of confidence and trust that the customers expressed was amazing. I never felt that anywhere else. I was like, “Hey, we did the right thing by coming here.”
When Microsoft launches a product, there are a lot of behind-the-scenes things that happen from a security perspective, scale perspective, performance perspective, and so on. I was blown away by the breadth and the meticulous nature of paying attention to every one of those because the customer focus is not just limited to what the product can do, but the kinds of things that the customers don’t see.
Video snippet 3: Balaji describes what it was like to join Microsoft.
Joe: You had to go through the work of doing all the behind-the-scenes stuff. Now that the product is generally available, where do you see it going?
Balaji: Automation is the name of the game in every aspect of the IT infrastructure. As this happens, granular permissions management becomes even more critical. It’s not just limited to cloud infrastructure. It’s going to be critical for all parts of the IT infrastructure that customers run. So, we are starting off just with cloud infrastructure, because today that is where the pain is more acute. But all other parts of the IT infrastructure, like software as a service (SaaS) and platform as a service (PaaS), are going to be critical as well.
Our goal is to make this the uber permissions management platform with one operating model. No matter which system you’re in, you should be able to manage permissions of any system across your entire IT landscape with one operating model. Both our leadership and customers believe in this. When we paint this picture about, “Okay, this is where we want to go,” customers say, “Okay, now I can finally address this critical problem with much more ease.”
Learn more
Learn more about Microsoft identity and access management.
To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us at @MSFTSecurity for the latest news and updates on cybersecurity.
1Gartner does not endorse any vendor, product or service depicted in its research publications and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s Research & Advisory organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.
GARTNER is a registered trademark and service mark, and COOL VENDORS is a registered trademark of Gartner, Inc. and/or its affiliates and are used herein with permission. All rights reserved.