AlgoSec today unveiled a software-as-a-service (SaaS) platform dubbed AlgoSec CloudFlow, which provides visibility into and control over security settings across multiple clouds.
Company CTO Avishai Wool said the challenge with cloud security is not that public clouds are any less secure than on-premises environments; rather, cybersecurity professionals have no easy way to ensure policies are being enforced. AlgoSec CloudFlow addresses that issue by making it possible for cybersecurity teams to detect misconfigurations automatically as part of a larger analysis to ensure compliance and security controls are being applied consistently across multiple clouds.
Moreover, IT and security teams can manage multiple layers of security controls across those clouds in a way that doesn’t require them to manually set up and deploy controls for each cloud, said Wool. Cybersecurity teams can have one control automatically applied across multiple clouds without having to deploy agent software on every cloud instance, he said.
Longer term, Wool promised that AlgoSec CloudFlow will also share a common console with the on-premises edition of the company’s cybersecurity management software, which will make it easier to apply controls across a hybrid cloud computing environment.
Exactly who is in charge of cybersecurity in the age of the cloud, however, tends to vary widely by organization. Wool said AlgoSec CloudFlow is designed to be accessible to both cybersecurity professionals and developers. In many cases, developers have taken it upon themselves to deploy applications on a public cloud without consulting cybersecurity teams at all. In other cases, the cybersecurity team maintains total control. With the latter approach, developers can find themselves waiting weeks for a security review to be conducted every time an application needs to be updated, and waiting for that approval often defeats the purpose of having adopted DevOps in the fist place. AlgoSec CloudFlow provides a set of workflow tools that enables organizations to balance cybersecurity responsibilities as their DevSecOps strategy continues to evolve and mature, Wool said.
Attempting to lift and shift a set of cybersecurity technologies designed for an on-premises IT environment into the cloud is a recipe for failure, Wool noted, as each cloud service provider has its own technologies in place for securing its cloud. IT organizations first need to find a way to manage the services provided for securing cloud infrastructure before finding a way to secure their applications running on each of those public clouds. That “shared responsibility” approach to cybersecurity is often confusing because many developers assume the cloud service provider is also securing their applications.
Regardless of how any organization goes about securing the cloud, the number of applications in the cloud that will need to be secured will far outstrip the number of applications deployed in any on-premises IT environment. In fact, arguably the biggest challenge many organizations now face is figuring out how to apply and enforce cybersecurity policies at what is now an unprecedented level of scale.