Deloitte Acquires CloudQuest to Gain CSPM Platform

Deloitte this week announced it is acquiring CloudQuest to gain a cloud security posture management (CSPM) platform that it will now make available as part of the portfolio of security services it provides. Terms of the deal were not disclosed.

Vikram Kunchala, risk and financial advisory cyber cloud leader for Deloitte and a principal for Deloitte & Touche LLP, said rather than license commercial software, the security services provider prefers to own the software platforms on which its services are based. That enables Deloitte to price its services more competitively, noted Kunchala.

Earlier this year, Deloitte acquired Root9B, LLC, a provider of a threat intelligence and hunting platform.

In general, Kunchala said that, as cybersecurity issues continue to escalate, more organizations that ever are relying on external service providers to compensate for a chronic shortage of cybersecurity expertise. It’s estimated there are globally more than three million open cybersecurity positions. Even when organizations can find qualified security talent, they often find it difficult to retain them in the face of competitive salary offers, noted Kunchala.

Most organizations, as a result, are now relying more on a mix of internal and external expertise to combat cybersecurity attacks, added Kunchala.

Pressure on organizations to address cybersecurity issues is increasing in the wake of a commitment from governments around the world to combat the ransomware scourge, said Kunchala. IT teams are naturally inclined to manage as many IT tasks as possible in-house, however, in the case of cybersecurity the challenge has reached a level that few IT teams can meet on their own, noted Kunchala.

Organizations that are investing in digital business transformation initiatives are especially concerned, because these mission-critical applications represent high-value targets. Most of those applications are being deployed in the cloud, which Kunchala cited as a primary reason why Deloitte saw a need to add a CSPM platform to its portfolio.

Cloud security these days is, of course, a major area of focus. As responsibility for managing applications and infrastructure in the cloud has shifted left toward developers, the number of misconfiguration issues being discovered continues to increase at an exponential rate.

Cybercriminals now routinely scan for misconfigurations, because they know development teams are not bringing to bear the same level of security expertise as an internal IT team has historically applied to an on-premises IT environment.

Most developers still don’t have a firm grasp of the shared responsibility model that cloud service providers require them to embrace, noted Kunchala. The only way to address that issue is foster a level of collaboration around a set of security-by-design processes that guide developers through a set of DevSecOps best processes, said Kunchala.

It’s not clear if a backlash against shifting responsibility left toward application developers is building or not. However, the tolerance of insecure application environments among business leaders gets lower with each new breach. No mater how fast an application is developed and deployed, a major security breach can negate its business value overnight. As a result, it’s arguably only a matter of time before many business leaders present cybersecurity teams with a new cloud application security mandate in the hopes a more systematic approach will reduce the size and scope of the current problem.

Avatar photo

Michael Vizard

Mike Vizard is a seasoned IT journalist with over 25 years of experience. He also contributed to IT Business Edge, Channel Insider, Baseline and a variety of other IT titles. Previously, Vizard was the editorial director for Ziff-Davis Enterprise as well as Editor-in-Chief for CRN and InfoWorld.

mike-vizard has 745 posts and counting.See all posts by mike-vizard