RESOURCES > VIDEO

ThoughtSpot

Watch how Vorlon helps Dutchie secure their non-human identities

Erik Richard, SVP of Engineering at Dutchie, describes how Vorlon brings long-overdue visibility and control to third-party API security. He explains that while organizations have matured in managing user accounts, API accounts remain largely ungoverned—creating one of the biggest blind spots for CISOs and CIOs today.

With Vorlon, Dutchie can automatically discover and monitor all third-party API connections, identify unused or over-provisioned keys, and detect risky behavior in real time. Erik calls Vorlon a breakthrough in translating proven IAM principles to the API world, finally giving security teams the clarity and control they’ve been missing across their SaaS ecosystem.

About the speaker

host image

Erik Richard

SVP of Engineering at Dutchie

Eric Richard brings is SVP of Engineering at Dutchie and has over 25 years of impactful leadership in software development, IT, security, and operations. His distinguished career includes executive engineering roles at global companies such as SPSS, Compete, Idiom Technologies, and most recently, HubSpot, where he served as SVP Engineering, and CISO for a decade.
video thumbnail

About

Dutchie is the cannabis technology software platform enabling cannabis commerce, streamlining dispensary operations, and providing safe and easy access for consumers. Powering over 6,500 dispensaries throughout the U.S. and Canada, and facilitating over 22 billion dollars in sales annually, Dutchie is a complete cannabis operating system, providing solutions for point of sale, ecommerce, loyalty and marketing, seamless payments, and more.

Website

https://business.dutchie.com

ThoughtSpot video transcript

The problem is that third-party application APIs are basically in the same place that we were a decade ago, but now, with programmatic access control. So, there are a couple of different challenges that every CISO faces. The first is just discovery, understanding what all those third-party tools are, understanding what accounts there are, what API keys, in this case, there are, and putting in place a lot of the same hygiene that we've put in place around user accounts, putting that in place for API accounts. As a CIO or CISO, the lack of control and visibility into all of those solutions out there is probably one of the most scary places that I think is left for CISOs today, where you just can't get your arms around what the attack surface actually even is. And if you don't know what it is, how can you protect the company? How do you find keys that aren't being used? How do you find keys that have been over-provisioned? How do you find keys that are being used in ways that you shouldn't be used? All of those things we've grown very used to in the IAM world have analogies in the API world. And Voron helps with all of those.

You might also be interested in

Spin Cycle Security-2
White Papers and Research

Spin Cycle Security: Rotating Credentials

Read More
10 Questions-2
White Papers and Research

10 Questions to Ask About API Activity

Read More
Rapid Response Breach Playbook
White Papers and Research

Rapid Response BreachPlaybook - Snowflake

Read More

Get proactive security for your SaaS ecosystem

Book a Demo

Sign up for industry insights and Vorlon news

Start Here

Product

Company

Let's Connect

soc-type-2aws logo croppedlatio innovators on blackFS-ISAC-Seal_Affiliate_onblack
© 2025 Vorlon Inc. All rights reserved.