We are excited to bring Transform 2022 back in person from July 19th, effectively July 20th to 28th. Join an AI and data leader for insightful talk and exciting networking opportunities. Register today!
Oak9, a developer-first Infrastructure-as-Code (IaC) security provider, says companies are beginning to adopt the concept of treating applications as code. For example, policy tools as code, such as HashiCorp Sentinel, are designed to define governance or policy principles. The Oak9 platform utilizes its own Security as Code (SaC) and is designed to evaluate changes to cloud-native infrastructure. Apply appropriate security to the SaC Blueprint to protect the architecture of your cloud applications at risk.
According to the company, today’s organizations leverage multiple tools and technologies. This is why the multi-cloud / multi-IaC language environment is so popular. Being agnostic to Oak9 technology, you don’t have to manage security across multiple tools at once.
The company has access to an integrated development environment (IDE), code repository, continuous integration and continuous deployment (CI / CD) pipeline, and chat ops tools, allowing developers to choose the IaC language, cloud, multi-cloud, and workflow. Claims that you can use etc. .. ..
According to Alex Brown, HPA, the venture capital firm that led Oak9’s recent funding round, is accelerating the adoption of IaC in the market, making cloud app security an important need for Oak9 to address.
Oak9 claims that the platform will accelerate the delivery of cloud-native applications while providing security to identify and address vulnerabilities. The platform is designed to tell users where security vulnerabilities exist in the organization’s cloud, how important they are, why they exist, and how to fix them. This tool allows organizations to apply security fixes to their entire cloud infrastructure.
Human Resources, Budget, and Bandwidth Challenges in Cyber Security
As a result of the pandemic, new cybersecurity threats and challenges continue to emerge. According to Gartner, the COVID-19 pandemic has transformed the way attackers access the system, triggering a wide range of new cyberattacks that will continue to evolve over the next five years. According to a report from Tripwire, the organization lacks the knowledge needed to turn things around in this plight. Tripwire also found that while some companies do not have a dedicated security officer, others have a small overloaded department. Talent shortages are a problem that organizations must solve if they want to stay safe.
In fact, the IT leaders surveyed by Gartner reported that lack of talent was the biggest challenge.
According to Gartner Research Vice President Yuno Geng, driving remote work and accelerating recruitment plans in 2021 makes it more difficult to find IT talent, especially for features that enable cloud and edge, automation, and continuous deployment. It has become. According to polls, only 20% of newly adopted technologies in the IT automation sector continued their recruitment cycle. The main challenge for the organization was to find talent. That’s why 64% of the emerging technologies didn’t develop as expected.
Eventually, cloud-native applications are exploding and developers are creating and building IaC. According to IDC statistics, the percentage of cloud-native applications will reach 80% in 2023. This requires practice to protect cloud-based platforms, infrastructure, and applications.
However, according to Oak9 co-founder and chief product officer Om Vyas, security engineers are not IaC experts and developers are not security experts. So how do organizations secure cloud-native applications?
IAC in the enterprise
Implementation and management of IaC, which requires highly qualified engineers, lacks a company of software infrastructure engineers with IaC expertise.
Raj Datta, co-founder and CEO of Oak9, said that the IaC security industry is clearly unable to hire enough security professionals to ensure proper security in IaC and cloud settings. He said it was at an important time. According to him, budgets are being cut in the industry, and many organizations are struggling to find talent when the sector actually needs more talent than ever before.
Aside from talent, Vyas said budget and bandwidth are also major challenges in the IaC and cloud-native security markets today. I claimed that Oak9 users saved up to 70% in security review time and did more than 100 hours of DevOps work a month. He said Oak9 offers a free community edition, integrates with popular devops tools, and takes less than five minutes from onboarding to security fixes.
Gap monitoring in implementing security policies
Janey Hoe, vice president of Cisco Investments, an investor in Oak9, said the developer security controls and compliance checks enabled by Oak9 are energizing the business. Alice Burma, managing director and co-portfolio manager of Morgan Stanley’s Next Level Fund, also invested in Oak9, said the company is a disruptive organization helping drive the development of the IaC security sector. I did.
In this sector, Vys claims that Oak 9’s competitors are other IaC security products and cloud security posture management (CSPM) technology. However, he says Oak9 is clear because it focuses on protecting the architecture of cloud workloads or the entire application, rather than static misconfigurations.
Recently, Oak9 announced $ 8 million in additional funding rounds to enhance the security of IaC and cloud environments. Oak9, which recently released an IaC repair feature, said it would use some of this money to extend its free community edition and launch the next-generation Security as Code offering.
Oak9 has raised $ 14 million in the last 15 months. The latest round also includes former leader Menlo Ventures and HPA, who have increased their investment in Oak9.
Venture Beat’s mission It’s about becoming a Digital Town Square for technical decision makers to gain knowledge about innovative enterprise technologies and transactions. See membership details.