As many organizations have been forced to make a rapid shift to work-from-home to help control the spread of COVID-19, a significant percentage of IT and cloud professionals are concerned about maintaining the security of their cloud environments during this period. Even otherwise, security has always been a prime concern for CIO/CISOs with more organizations moving to cloud in the ever evolving security landscape. While cloud security is a crowded market in India, several players are establishing their credentials by creating a niche in the country, while simplifying regulatory compliance. One such company, Aqua Security, an Israel based cloud security firm that helps enterprises to secure their cloud native applications, using a modern zero-touch approach to detect and prevent threats, has set its eyes on the Indian market and plans to drive business in the country. In an exclusive chat with CXOToday, Rani Osnat, VP of Strategy and Product Management, Aqua Security, discusses the importance of cloud security in the current business scenario and the company’s ambitious plans for the India market. Excerpts.
CXOToday: What are the latest cloud security trends today, especially amid the Covid-19 pandemic?
Rani Osnat: In recent months, cloud security practices and tools are becoming more mature, with a more strategic approach to managing risk in the cloud. Organizations have started to consider security before they deploy to cloud infrastructure, rather than do it as an afterthought. Specifically, the evolution of DevSecOps – the practice of integrating security into DevOps process across the entire application lifecycle – means that security is now being integrated into development automation, and not only done in runtime environments. Of course now, with COVID-19, we expect cloud to become even more of a focal point for business transformation than it was – enabling ongoing flexibility, remote workers, “zero touch” customer acquisition and so forth. Security when done right is an enabler of these changes, keeping in mind that malicious actors are not sitting this one out. On the contrary, attacks taking advantage of people’s fears of COVID-19 are abound and increasing in sophistication. Criminal organizations see this as an opportunity for data theft, ransomware, and resource theft, for instance, by hijacking cloud resources for cryptocurrency mining.
CXOToday: Please tell us about Aqua Security’s expertise in cloud security?
Rani Osnat: Aqua is a security vendor established in 2015 to secure cloud native applications. This is the next generation of hyper-scalable and resilient applications that rely on micro-services architectures, and using technologies such as containers, Kubernetes orchestration, and serverless function, all made to run in hybrid or multi-cloud environments. Cloud native originated in companies such as Google, Facebook, Twitter and Netflix, but as the technologies matured many of the tools used to run them were open sourced and given to the community to continue and evolve. This has allowed more traditional industries including banking, insurance, retail, etc. to adopt cloud native as their way of becoming more agile and cloud-ready. Aqua’s expertise is in provide a full security solution for those applications and the infrastructure they run on. This means integrating early into the development process, ensuring that only trusted code is deployed, ensuring the proper configuration of cloud, orchestration and container infrastructure, and monitoring applications at runtime for suspicious behavior and policy violations. Our customers include some of the world’s largest banks, insurance companies, car manufacturers, aerospace companies, energy companies and more
CXOToday: Considering there are so many security players present in the market, what is Aqua Security’s USP?
Rani Osnat: Aqua was founded with the specific goal of securing cloud native applications and infrastructure. The first generation of cloud security tools took traditional security models such as firewalls and host-based security and applied them to the cloud. As additional applications moved to the cloud, new categories of cloud security solutions emerged, including CASB (cloud access security brokers) for protecting SaaS applications, and more recently CSPM (cloud security posture management) for protecting IaaS accounts, and CWPP (cloud workload protection platforms) to protect applications running on IaaS/PaaS. Aqua plays in the latter two areas, CSPM and CWPP, but focuses on the next generation microservices-based applications that run on containers, serverless and VMs. Our uniqueness is in the full lifecycle coverage we have end-to-end, covering the development, deployment, and runtime aspects of these applications with an unparalleled degree of visibility and control, across all popular clouds and platforms. Many of our customers use Aqua to protect applications on across multiple cloud providers and running on different platforms and operating systems. We support this entire stack which remains heterogenous in larger enterprises.
CXOToday: What according to you the CIO/CISOs need to focus on when adopting cloud for critical infrastructure?
Rani Osnat: There must be an understanding the cloud security is not simply enterprise security or datacenter security done in the cloud. When running applications in the cloud, there’s a “shared responsibility model” in which the cloud provider owns part of the responsibility for security, especially around physical and infrastructure, while the customer owns the upper part of the stack (application layer, PaaS layer) but there are also shared areas.
CXOToday: What are your plans for the India market in the next 1-2 years?
Rani Osnat: Today, most Indian organizations have a cloud presence. Besides, India is also home to vast development teams and IT outsourcing companies that develop much of the next generation of cloud native applications for the Global 2000. This and the availability of talented developers are the reasons why we chose to establish an R&D center in Hyderabad, which is an organic part of the Aqua engineering team and is responsible for researching and developing entire products in our portfolio.
Aqua relies on channel partners to tap the market, globally. Due to the unique and emerging nature of cloud native technology, and the education required in the market, Aqua remains involved in the sales process, qualifying customers, understanding requirements, etc. As the technology matures and as the channel becomes more familiarized with cloud native, Aqua will be able to take a step back and scale the channel more effectively. This is especially true for GSIs (Global Systems Integrators like TCS, HCL, Wipro, CTS, Infosys and Tech Mahindra) many of which are based in India and working with Aqua Security.