To be the Security Monitoring Platform of choice for the cloud-native world
I was on a call with the senior leadership of a massive e-commerce retailer. We were presenting our cloud pen testing report to them. CISO had had to resort to parlor tricks to get the budget approved for getting us on board. Here we were, and the CTO had just exclaimed, “I thought we had fixed this.” There was a bit of an awkward pause before the CISO replied. Hey CTO, do you remember you approved this exception before the holiday peak started last year? CTO retorted, but why didn’t we stop once the peak season was over. CISO laughed nervously and replied - “Remember we sent multiple reminders, and your office replied saying that various business units needed the exception to stay”.
I have had conversations of similar nature at various other places. Be it big e-commerce, Software technology, Old security company. They all started with secure by default. On the journey of facing and dealing with business realities, they had to make configuration changes.
“The things that kill you are not the things you don’t know; The things that kill you are the things you think you know, but you don’t know.”
I saw this happen over and over again. I became numb about the severe misconfigurations I would find repeatedly. To the extent when an engineering leader would sing praises about their DevOps team, in my mind, I would smile and think, “We shall see.”
In 2016 I was determined to solve it for my consulting clients. I wrote an e-book on using “Ansible with Jenkins” to do continuous security monitoring. The only problem was that my scope was too narrow. I tried solving this for web applications and database servers supporting it.
The world has changed since then. Everything in the cloud has an API. The primary interface engineers use for building and deploying applications is through APIs. They moved to the cloud en masse, thinking that they are secure by default. They were not!
I realized that the entire cloud landscape requires a new way of thinking like a cloud-native. The only way to bring the CTO and the CISO on the same page is to demonstrate every single time whether their realities match their security policy assumptions.
We built a framework of automation to do policy enforcement and monitoring for our customers. Initially, we went with showing Slack notifications. Then one day, a customer had a billing issue with Slack. Slack downgraded their account! Did you know when Slack does that to your account, you lose all integrations, chat history, and any configuration you have made on top of the default!
At that moment, we realized that what we are doing is way too critical to rely on another 3rd party to deliver. So we built our very first version of Kloudle.
Thinking of security for cloud-native operations requires a new way of thinking. It starts with shining light on every single event that is relevant for security. Otherwise, CISO and consequently the CTO are blind to the risks.
Some of these events are too sensitive. We need to give an immediate response. Humans can’t scale this; therefore, it requires automating the response and monitoring based on best practices. Other responses can be about notifying others, alerting when required in some cases, just collecting the data for later.
This team is forging a new path on a mission to achieve the company's vision.