Jul
01
2021
--

To guard against data loss and misuse, the cybersecurity conversation must evolve

Data breaches have become a part of life. They impact hospitals, universities, government agencies, charitable organizations and commercial enterprises. In healthcare alone, 2020 saw 640 breaches, exposing 30 million personal records, a 25% increase over 2019 that equates to roughly two breaches per day, according to the U.S. Department of Health and Human Services. On a global basis, 2.3 billion records were breached in February 2021.

It’s painfully clear that existing data loss prevention (DLP) tools are struggling to deal with the data sprawl, ubiquitous cloud services, device diversity and human behaviors that constitute our virtual world.

Conventional DLP solutions are built on a castle-and-moat framework in which data centers and cloud platforms are the castles holding sensitive data. They’re surrounded by networks, endpoint devices and human beings that serve as moats, defining the defensive security perimeters of every organization. Conventional solutions assign sensitivity ratings to individual data assets and monitor these perimeters to detect the unauthorized movement of sensitive data.

It’s painfully clear that existing data loss prevention (DLP) tools are struggling to deal with the data sprawl, ubiquitous cloud services, device diversity and human behaviors that constitute our virtual world.

Unfortunately, these historical security boundaries are becoming increasingly ambiguous and somewhat irrelevant as bots, APIs and collaboration tools become the primary conduits for sharing and exchanging data.

In reality, data loss is only half the problem confronting a modern enterprise. Corporations are routinely exposed to financial, legal and ethical risks associated with the mishandling or misuse of sensitive information within the corporation itself. The risks associated with the misuse of personally identifiable information have been widely publicized.

However, risks of similar or greater severity can result from the mishandling of intellectual property, material nonpublic information, or any type of data that was obtained through a formal agreement that placed explicit restrictions on its use.

Conventional DLP frameworks are incapable of addressing these challenges. We believe they need to be replaced by a new data misuse protection (DMP) framework that safeguards data from unauthorized or inappropriate use within a corporate environment in addition to its outright theft or inadvertent loss. DMP solutions will provide data assets with more sophisticated self-defense mechanisms instead of relying on the surveillance of traditional security perimeters.

Jun
22
2020
--

4 enterprise developer trends that will shape 2021

Technology has dramatically changed over the last decade, and so has how we build and deliver enterprise software.

Ten years ago, “modern computing” was to rely on teams of network admins managing data centers, running one application per server, deploying monolithic services, through waterfall, manual releases managed by QA and release managers.

Today, we have multi and hybrid clouds, serverless services, in continuous integration, running infrastructure-as-code.

SaaS has grown from a nascent 2% of the $450B enterprise software market in 2009, to 23% in 2020 and crossed $100B in revenue. PaaS and IaaS revenue represent another $50B in revenue, expecting to double to $100B by 2022.

With 77% of the enterprise software market — over $350B in annual revenue — still on legacy and on-premise systems, modern SaaS, PaaS and IaaS eating at the legacy market alone can grow the market 3x-4x over the next decade.

As the shift to cloud accelerates across the platform and infrastructure layers, here are four trends starting to emerge that will change how we develop and deliver enterprise software for the next decade.

1. The move to “everything as code”

Companies are building more dynamic, multiplatform, complex infrastructures than ever. We see the “-aaS” of the application, data, runtime and virtualization layers. Modern architectures are forcing extensibility to work with any number of mixed and matched services.

Apr
16
2020
--

Bridgecrew announces $14M Series A to automate cloud security

In today’s grim economic climate, companies are looking for ways to automate wherever they can. Bridgecrew, an early-stage startup that makes automated cloud security tooling aimed at engineers, announced a $14 million Series A today.

Battery Ventures led the round with participation from NFX, the company’s $4 million seed investor. Sorensen Ventures, DNX Ventures, Tectonic Ventures, and Homeward Ventures also participated. A number of individual investors also helped out. The company has raised a total of $18 million.

Bridgecrew CEO and co-founder Idan Tendler says that it is becoming easier to provision cloud resources, but that security tends to be more challenging. “We founded Bridgecrew because we saw that there was a huge bottleneck in security engineering, in DevSecOps, and how engineers were running cloud infrastructure security,” Tendler told TechCrunch.

They found that a lot issues involved misconfigurations, and while there were security solutions out there to help, they were expensive, and they weren’t geared towards the engineers who were typically being charged with fixing the security issues, he said.

The company decided to solve that problem by coming up with a solution geared specifically for the way engineers think and operate. “We do that by codifying the problem, by codifying what the engineers are doing. We took all the tasks that they needed to do to protect around remediation of their cloud environment and we built a playbook,” he explained.

The playbooks are bits of infrastructure as code that can resolve many common problems quickly. When they encounter a new problem, they build a playbook and then that becomes part of the product. He says that 90% of the issues are fairly generic like following AWS best practices or ensuring SOC-2 compliance, but the engineers are free to tweak the code if they need to.

Tendler says he is hiring and sees his product helping companies looking to reduce costs through automation. “We are planning to grow fast. The need is huge and the COVID-19 implications mean that more and more companies will be moving to cloud and trying to reduce costs, and we help them do that by reducing the barriers and bottlenecks for cloud security.”

The company was founded 14 months ago and has 100 playbooks available. It’s keeping the crew lean for now with 16 employees, but it has plans to double that by the end of the year.

Powered by WordPress | Theme: Aeros 2.0 by TheBuckmaker.com