PureSec, the story behind the investment

TLV Partners believes that in the near future many cloud apps will be moving into a serverless world, and that we are now in the midst of  a major change in the creation and distribution of software and applications. PureSec is the first security solution that is designed exclusively for serverless applications.

Cloud computing is an area we find especially exciting. It has brought enormous change to the world of applications and it would be no exaggeration to say that most of the innovation in IT over the past decade has been enabled, catalyzed, or caused by cloud computing. Currently, we are in the midst of a microservices revolution, one that has, until now, been championed by containers. Through our investment in Aqua Security over a year ago, we have witnessed first hand the rapid growth this market is experiencing, and believe it will continue to proliferate enterprises across the globe.  We are now on the cusp of another revolution in cloud infrastructure: the move to serverless computing.

Evolution+of+cloud

From Monolith to Microservices

Over the past few years, we have seen a trend toward microservices architectures, partly as a rejection of traditional monolithic systems. The promise of increased agility, scalability, and developer productivity have fueled interest in and the adoption of microservices.
Monolithic apps are good for small scale teams and projects, however, when working on larger scale projects with several teams, they become problematic. It’s much harder to make changes, as the code base becomes larger and more people make changes to it.
The microservices approach, in a nutshell, dictates that instead of having one giant code base that all developers touch, there are numerous, smaller code bases managed by small and agile teams. The only dependency these code bases have on one another is their APIs.
However, using a microservices is not a free lunch and there are many challenges when moving to this new architecture. Specifically, the significant operations overhead and the substantial DevOps skills required to get microservices running, is a major challenge for both startups and enterprises alike.

The Rise of Containers

This is where container technologies like Docker come into play. Containers are a packaging strategy for microservices. One of the key advantages of Docker and other similar container technologies is that they easily integrate into Continuous Integration (CI) and Continuous Deployment (CD) pipelines.  Additionally, container technology companies’ packaged applications (in the case of of Docker these are Docker images) can be moved seamlessly across environments and build pipelines.

Screen+Shot+2017-04-18+at+5.38.18+PM

Due to the benefits mentioned above and more, Docker and microservices have spread like wildfire in the last two years. And it’s interesting to note, that much of this adoption is being pushed by large enterprise incumbents, as opposed to young startups. This surely stems from the necessity of more established companies to innovate in order to preserve their position in the market. In other words, the spike in interest in both microservices and containers is all about one thing: speed.

Screen+Shot+2017-04-18+at+5.40.20+PM

Serverless: The Next Frontier of Cloud Computing

At the 2014 AWS re:Invent conference , Amazon announced a new service: AWS Lambda. If you’re unfamiliar with Lambda, it’s what has been termed a “serverless” computing service. Instead of loading your application code into a  virtual machine or a container , you upload it into Lambda. There it sits, dormant, until some external event triggers it, whereupon the Lambda service brings your app out of quiescence and executes it. Once the application completes its task, the code is automatically removed from the Lambda service. A user never pays for any idling servers or unused capacity. The unit of scale in serverless is an ephemeral function that runs only when needed. Servereles also scales to whatever is needed for your service, making architecting for scale significantly easier than with provisioned compute instances or containers.
The broader serverless application development currently consists of a number of major vendor platforms ( IBM OpenWhisk , AWS Lambda,  Microsoft Azure FunctionsGoogle Cloud Functions ) and open source frameworks (like Apex, Sparta  and the Serverless Framework), although Lambda is currently the clear leader in the space.
Not Surprisingly, the big enterprises were the ones who first adopted serverless, with cost and speed of development as the main adoption factors. Since its debut in 2014 AWS Lambda has grown very quickly, by the end of 2016 almost 40% of AWS customers were using or at least experimenting with Lambda.

pasted+image+0

There are many benefits to using serverless computing services. However, the smaller the individual component, the more complex the entire system becomes. A single function enables a simpler deployment model, but the system as a whole becomes increasingly complex.

On the whole, we believe that the serverless market, represents a significant opportunity for startups. As such, a year ago we started to explore the serverless market, and searched for Israeli entrepreneurs taking on the market. As someone who has had success investing in security companies, I was naturally interested in the security challenges that this new type of architecture poses.

Guy Podjarny, Co-Founder and CEO of Snyk and an entrepreneur I respect immensely,  summarized the security issues of serverless perfectly: “Serverless is amazing, and is revolutionizing how we operate applications. With it, Serverless brings a similar caliber seismic event to the world of security, fixing certain security concerns, elevating others, and shuffling the priorities for all the rest.

Since Serverless is new, we have an opportunity to make security practices and tools a natural part of how Serverless applications are built. I’m personally excited to see Serverless grow to fulfill its massive potential, both for ops and for security.”

https://snyk.io/blog/serverless-security-implications-from-infra-to-owasp/

PureSec: Securing Serverless Architectures

Shaked Zin and Avi Shulman, the founders of PureSec, approached us through one of my posts on Facebook about serverless. They had just started to develop a security solution for serverless applications. While we were intrigued, we initially had doubts whether the serverless market was mature enough and passed on the opportunity to invest. A couple of months later however, after seeing the immense progress Shaked and Avi had made and after speaking to several enterprises, we decided that we needed to rethink our decision. And after an extensive due diligence process we were convinced that they developed an innovative approach and solution for serverless security. While I would love to share more about PureSec product and their approach, unfortunately they are currently in stealth mode.

In addition to our interest in the market and fascination with the product, we are thrilled to have the opportunity to work with Shaked and Avi, both of them are extremely motivated and talented. They have a transparent approach and willingness to conduct an open discussion which is exactly what we are looking for in our entrepreneurs. For us, every investment is the beginning of a journey with unexpected turns and obstacles, one that we would never set out to without feeling fully confident in our partners..
We are very excited to announce our Investment in PureSec and welcome Shaked and Avi to TLV Partners family and wish them good luck!!

*** This is a Security Bloggers Network syndicated blog from PureSec Blog (Launch) authored by Rona Segev, Managing Partner at TLV Partners. Read the original post at: https://www.puresec.io/blog/puresec-the-story-behind-the-investment