RedLock Cloud 360 Aims To Provide Visibility into Security, Risk Across Multiple Public Cloud Environments
More companies are adopting public clouds as part of their digital transformation strategy. RedLock Cloud 360 aims to provide IT with better visibility and control of cloud infrastructure they don’t own.
As more companies adopt public clouds as a core part of their digital transformation strategy – for apps, data and operations – IT demands have grown for better visibility and control of cloud infrastructure they don’t own.
Venture firm RedLock has unveiled its first offering, RedLock Cloud 360, which targets delivering better cloud infrastructure security. The cloud-based platform enables organizations to manage security and compliance risks across their entire public cloud infrastructure -- without impeding efforts at DevOps or more streamlined software delivery.
“[C]ompanies need to be confident that they can gain complete visibility into public infrastructure security to verify security policies, investigate incidents, or ensure full compliance in a cloud environment,” said RedLock CEO Varun Badhwar in a statement. “With RedLock Cloud 360, security teams gain a single view of existing and potential risks over the entire cloud infrastructure, even across multiple leading public cloud service providers,” he added.
In specific, RedLock Cloud 360 automatically discovers workloads within an environment and enables continuous monitoring, anomaly detection, cloud forensics, adaptive response, and compliance reporting, Badhwar said. “Cloud infrastructure security starts with comprehensive visibility across your entire environment, including multiple cloud service providers.”
Under the covers, the RedLock Cloud 360 platform’s technologies tackle several key requirements, he said, including:
Speed up cloud forensics: be able to go back to any point in time and easily investigate issues.
Detect suspicious activities faster: assurance that anomalies will be automatically detected.
Enable DevOps with policy guardrails: increase DevOps productivity without compromising security.
Focus on what’s important: contextual alerts to prioritize issues and respond quickly.
Prove security and compliance: report on risk posture to your management team and auditors.
Beyond on-going management on data metrics, RedLock also uses ‘scoring’ to predict possible future risks to operations. This approach means lifecycle management for public cloud-based asset can be taken one step further, as RedLock Cloud 360 platform delivers actionable insights in a five-step process:
- Discovery: RedLock Cloud 360 continuously aggregates configuration, user activity, and network traffic data from disparate cloud APIs. It automatically discovers new workloads as soon as they are created.
- Contextualization: Next, the platform applies machine learning to connect the dots between configuration, user activity, and network traffic data. It learns the role and behavior of each cloud workload to provide context that is necessary for defining appropriate policies.
- Enrichment: The correlated data is further enriched with external data sources such as vulnerability scanners, threat intelligence tools, and SIEMs to produce critical insights.
- Risk Assessment: RedLock Cloud 360 scores each cloud workload for risk score based on severity to the business, policy violations, and anomalous behavior. Risk scores are then aggregated, enabling organizations to benchmark and compare risk postures across different departments as well as across the entire environment.
- Visualization: The entire cloud infrastructure environment is visualized with an interactive dependency map that goes beyond raw data to provide context on security and compliance risks.
RedLock Balances IT Ops Need for Control, Visibility with Developers’ Need for Speed
RedLock balances this ability to provide IT operations the control and visibility it needs, with software developers’ need-for-speed. The ability to deliver an agile or DevOps-friendly approach to cloud security and management is at the heart of RedLock’s approach, according to Gaurav Kumar, RedLock CTO and co-founder.
“When waterfall software development cycles were the norm, security reviews were an integral part of the release process,” Kumar said in a statement. “With today’s agile development, DevOps delivers software on a daily or weekly basis and often without any security oversight, which leaves you exposed with every release.”
In many organizations, software is now delivered on a weekly (or even daily) basis. In a written statement, RedLock officials pointed at research that suggests that the average lifespan of a workload is only 127 minutes, and mentioned the example of one customer, a leading cloud provider, which creates and destroys 10,000 cloud workloads per day.
In a recent post, Kumar provided more insight on this dev/IT balance for managing public cloud infrastructure and assets, calling it a ‘’shared’ responsibility.
Security of public cloud infrastructure is a shared responsibility. True, your cloud service provider is responsible for securing physical infrastructure. But, you are responsible for securing and monitoring the network, user and resource configurations. And if you leverage multiple cloud service providers, your job just got a lot more complicated.
Yesterday’s security tools rely on defining rigid policies based on fixed IP addresses, which fail in dynamic cloud environments where IP addresses are constantly changing. Moreover, agent or proxy-based solutions will not work with API-driven services such as Amazon RDS, Amazon S3, and Elastic Load Balancing.
The RedLock Cloud 360 platform is generally available. Pricing is subscription-based.
RedLock recently raised $12 million in funding from investors that include Sierra Ventures, Storm Ventures, Dell Technologies Capital. One exec shared why it made the investment.
“As organizations embrace hybrid cloud computing, security and compliance across their public cloud footprint becomes critical, RedLock provides organizations with much needed risk visibility and control across multiple cloud service providers in a single pane of glass, said Deepak Jeevankumar, managing director at Dell Technologies Capital.