In light of the news of our acquisition, I thought I’d devote a little time to chronicle our startup journey, the opportunity we see and our decision to join VMware.
The Cloud Security Opportunity
It’s no secret that the market around cloud security and compliance has been heating up. As enterprises migrate application workloads into Amazon, Google and Microsoft’s cloud offerings, the IT and security models have been flipped on their head. How we build, secure and manage applications in the cloud is fundamentally changing. Meanwhile, so many of today’s solutions really feel like they are for the security guy who is kept standing on the outside looking in.
The early cloud gold rush was all about unlocking innovation and helping companies move faster with access to technology, automation and new operational models like DevOps. But this year, the pendulum swung back to the side of security. Now the discussion is largely around DevSecOps as enterprises everywhere began to demand a new level of insights and controls for their cloud-based resources.
It’s not enough to distribute the responsibility across hundreds of engineers and hope they get it right. This is especially true in a world that has exponentially increased the number of options and configuration required to get the job done! The recent examples of accidental data leaks because of a misconfigured S3 buckets illustrate the importance of understanding and safeguarding cloud and new application infrastructure configuration. Often, companies must ensure thousands of settings and try not to loose the context of the deployment for each.
CloudCoreo started with the vision of creating a next-generation cloud provision and security system, enabling companies to reuse, update and secure their deployments across security and DevOps. What we discovered along our startup path is that companies will continue to use a variety of tools to provision their workloads (Terraform, Cloudformation, Chef, Ansible, Azure Resource manager, etc.), but corralling standards and ensuring correctness overtime is the key, often-overlooked problem.
At CloudCoreo, we quickly turned our focus to solving these security and compliance problems but doing it in a new way. We targeted both the security people and the engineering teams responsible for the cloud configuration themselves. Organizations let a variety of teams and tools exist for the sake of speed, but they need to ensure across them all that deployments are protected, regardless of the provision tool or target cloud that a team selects. And this detection needs to happen fast. In the future, compliance and validation should happen as close to provision time as possible – not days, weeks or months later when auditors lack the context of the deployment. Reactive approaches leave too much technical debt and too high of cost to fix issues, not to mention significant security and compliance risk.
Why VMware is a Great Fit for CloudCoreo and What the Future Holds for Hybrid Cloud Security?
In the last six months, we were approached by quite a few companies looking to extend their security solutions and be relevant in this new cloud world. Many of these companies struggled to fully appreciate the emerging challenges of cloud security, making it hard get aligned a common vision for the future.
While presenting our new product at re:Invent 2017, engineers from VMware stopped by to listen. Then they came by again. And again. Through our conversations, we quickly came to the realization that our visions were not only aligned but they were nearly identical. We just happened to start down the path first.
Finally, VMware has invited us along to do some amazing things. They are integrating CloudCoreo and bringing our team on board in order to continue our vision, expand our charter, and accelerate everything we believe in. Business as usual, just bigger and faster.