Today we hear from Aqua Security, winners in the Security category at the 2018 Tech Trailblazers Awards (see here). The company spotted how the potential proliferation of containers, and their spread into production environments, would bring security issues on a whole new level. We caught up with Aqua Security’s VP Go-to-Market, Andy Feit, who told us more about how the firm was founded to specifically deal with the new security issues that virtualization and cloud computing had created.
Could you give me a brief description of your company and what your focus is?
Aqua is a pioneer of the container security market. We offer the most mature and capable platform for securing container-based and cloud-native applications from development to production, accelerating container adoption and bridging the gap between DevOps and IT security. Aqua’s solution separates itself from all other vendors’ solutions by providing full lifecycle security for containers, hardening the technology and implementing tight, enforceable governance of the entire CI/CD pipeline.
Aqua secures cloud-native applications at dozens of Global 1000 customers, including two of the ten largest financial services companies and three of the world’s top ten software companies, as well as others in the retail, media, government, healthcare, telecom, and travel industries.
Aqua Security…recognized containers would become the next major disruption in datacentre and application technology, and create new security challenges due to the scale, agility, and open nature of the container operating environment.
Are there any key moments in your journey as a startup that have been particularly challenging or that you are particularly proud of?
Aqua Security was founded in 2015 by IT security veterans from companies including Intel Security, CA Technologies, and Imperva who recognized containers would become the next major disruption in datacentre and application technology, and create new security challenges due to the scale, agility, and open nature of the container operating environment. They also identified an opportunity to reinvent application security to make it more effective and efficient than ever. But even they could not anticipate just how quickly this market would evolve.
Enterprises across virtually all industries are adopting cloud native technologies to enable developers to build and ship applications faster than ever. As container adoption rates continue to surge, and the cloud-native infrastructure evolves to include Container-as-a-Service (CaaS) and “serverless” models, the security tools and best practices for these newer architectures require rethinking in terms of both technology and enforcement approach.
When talking to our customers, many cite the challenge of dealing with the dynamic nature of the environment as new services are automatically provisioned to meet demand. The IT security team no longer has adequate time to evaluate the risks and provide late-stage guidance to ensure compliance. The window to properly review the application and its infrastructure has become much shorter, if it even still exists, as is the time for overall systems testing as services are updated independently on a much more frequent schedule.
The IT security team no longer has adequate time to evaluate the risks and provide late-stage guidance to ensure compliance.
Another challenge is the loss of complete control over the physical network infrastructure as services are moved across data centres in different locations, or when the IT operations and security teams don’t even know where they are running, as is the case in serverless models.
We’re proud that our commitment to continuous innovation has set us apart from our competitors who either have the equivalent of a point solution or are more focused on specific stages of the development cycle, as opposed to the entire cycle. They’re playing catch-up, launching unproven first-generation offerings.
Another key milestone in our growth came when we launched our Aqua Link Partner Program last year. We work closely with global partners who understand the importance of securing and monitoring containerized applications and strive to enhance their solutions portfolio with enterprise-grade technology. We deliver support for managing multi-tenant environments, with the required segregation of policies, enforcement, monitoring, and reporting. This makes us unique in our ability to deliver deeply integrated solutions through Managed Service Providers such as Hitachi Vantara, which has integrated Aqua security capabilities into the Hitachi Enterprise Cloud (HEC) Container Platform.
Winning an award that carries the prestige and name recognition of the Tech Trailblazers Awards can make the difference between winning and losing a potential new customer.
What words of encouragement would you give to a company which is weighing up whether to enter the Tech Trailblazers Awards?
Winning an award that carries the prestige and name recognition of the Tech Trailblazers Awards can make the difference between winning and losing a potential new customer. The award logo gives your marketing and sales collateral instant credibility in the eyes of prospective customers, giving them another box to check as they’re considering you against your competitors.
Are there any tips you could give a company to help them with entering the awards?
Don’t rely on marketing jargon while developing answers to the award entry form’s questions. Be specific about how your solution works, and don’t be afraid to be forward-looking when discussing your product roadmap. You don’t want to give away IP, but you also want to generate a sense of anticipation and excitement for what you’re planning to release among the judges.
…don’t be afraid to pivot if necessary as market conditions change.
Do you have any advice in general for start-up companies, trying to survive in the current economic climate?
Identify a need in the market, and don’t be afraid to pivot if necessary as market conditions change. As I mentioned above, Aqua was founded by cybersecurity industry veterans who realized that while container technologies were primarily used by developers as a way to quickly provision systems for their prototyping and testing, that wouldn’t be the case for long. Indeed, as orchestration tools have become more mature, applications started to move into production and the need for security became a key challenge.
We are riding the next significant wave in IT Operations that follows the maturation of virtualization and cloud computing. But Cloud Native differs from these previous advancements in several ways, and our continued growth and success depends on us recognizing how enterprises’ needs are changing and innovating to meet those needs.
The container ecosystem is constantly evolving, and it’s our objective to support all popular stacks and deployment options.
How is the future looking for you? What’s next for you?
We continue to innovate at a rapid pace. The container ecosystem is constantly evolving, and it’s our objective to support all popular stacks and deployment options. This includes multiple cloud and virtualization environments, operating systems, orchestrators, registries, CI/CD tools, container engines as well as newer serverless platforms. We are constantly investing in the full breadth of these environments to continue adding new capabilities to its solution such as advanced threat prevention defenses, improved machine learning capabilities, and extensive compliance controls.
Earlier this year, we launched version 4.0 of the Aqua cloud native security platform, introducing new security and compliance controls for serverless functions and Linux hosts. As enterprise development and deployment of cloud native microservices-based applications continue to accelerate, Aqua now enables security teams to manage and enforce security policies across a blend of VM-based containers, Containers-as-a-Service (CaaS) and Function-as-a-Service (FaaS) spanning both multi-cloud and on-premises environments.