Secure Your Hybrid Cloud Configurations with Alcide
The benefits of the hybrid cloud and DevOps are both well known. But what happens when these two models intersect? Often DevOps and Security teams struggle to account for the added complexity introduced by hybrid configurations. Luckily for them, Alcide has the answers, as CEO Ranny Nachmias explains. Share
Alcide is the lesser-known name of Hercules, the gatekeeper of Olympus. The Greek hero keeps a constant and watchful eye over Mount Olympus — from its base to its summit — in search of intruders. Inspired by our namesake Alcide is the gatekeeper to your cloud enterprise operations, where the crown jewels of the organization reside - which means in today's landscape, the data center, and cloud operations.
We created a new kind of solution, one designed specifically for the complex hybrid, multi-cloud environment, and one that works for all the stakeholders who operate and protect it.
Alcide was established in mid-2016. We have grown to about 25 employees and we are well-funded and backed by Intel Capital and a couple of other major investors. We launched our product on April 2018 at AWS Summit San Francisco. Our product is currently GA and is installed in a couple of POC-sites.
We are technology partners with some of the largest cloud providers - including Amazon, Google, and Microsoft. Gartner also named us a "Cool Vendor" in the category of ‘cloud security’ a couple of weeks ago.
What are some of the problems faced by software developers today?
Under the theme of "software is eating the world," software and software security is changing so many things in our world. In addition to access consumerism, we're all consuming software on a daily basis without even noticing it. The impact of software and software distribution is defined by asking three major questions.
First, where does the software run? Who are the deriving cloud providers, and what technologies do they use to protect the software and the data it collects?
Midsize and enterprise organizations are building data centers and migrating workloads to the cloud. We all know the most popular providers, Amazon, Microsoft, and Google, but there are also many smaller cloud providers, whose identity and reliability is unknown.
Secondly, there's the question of how you're building and deploying it, apart from where you're building your cloud operations. Which technology stack did you choose?
Serverless is one of the technologies to distribute software and manage cloud operations. You're probably familiar with containers, virtual machines, bare metal etc. Serverless is a mixture of many technology stacks running on multiple platforms.
There is also a huge shift in who is responsible for operations, whether it be development operations, IT or security. One of the most prominent themes in that aspect is what is today called ‘DevSecOps.’ This brings up the third question - how can the stack and ops run efficiently with business velocity and secured operations in such big organizations?
This whole tectonic shift, that kind of defined problem space, is breaking any security vendors that existed for the last 5, 10, or 15 years. In the manner that technology is changing rapidly, the security controls are not defined by these changes, and there is a huge need for a completely new approach of how to build security for such a meaningful shift.
What Alcide is building is visibility, control, and protection in a unified way that eliminates the boundaries of where you're running your data or how you're building your technology stacks.
What makes Alcide's product unique?
First of all, there are not a lot of solutions focusing on data center and native cloud operations. Although it seems like there are too many cyber companies, there are a couple of major verticals defining cyber. There are companies doing autonomous cars; there are companies doing endpoint security; and there are companies that are focusing on corporate networks, etc. Gartner categorizes most of these services. Our category, Cloud Workloads Protection Platform, is relatively new and there are only a few companies dealing with this challenge.
Alcide's uniqueness comes forth in a couple of points. First, our product was designed with a combination of DevOps and security capabilities. Secondly, it was built and developed as a cloud-native solution. Additionally, we were born in the last two years, which enabled us to be familiar with and to focus on what cloud really means. Companies that were born four years ago cannot understand that because a couple of major technologies which are used today simply did not exist back then.
The cloud-native part enabled us to be agnostic. We don't care if you're running on Amazon, Google or Azure, we don't care if you're running as a hybrid cloud or a multi-cloud; we don't care which technology stack you use. We are agnostic to the technology stack that you chose to use. You can use serverless, containers, VMs, and/or bare metal, and our solution will behave exactly the same, giving you an equally satisfying level of control.
Last but not least, Alcide is a network security product with the proven application context, so we are providing these important benefits to both worlds.
Policy and technology. Which one is more important in your opinion, and why?
Alcide focuses on the data center and cloud operations. This is where machines are talking to each other. This is where organizations are running their production environment. To give you an example, this is where Gett and Uber are running their software and their technology. This is how Salesforce is running its technology.
That's a very important and defined thick line that divided us from other solutions that are giving insufficient security policies in the manner that you have mentioned.
How do you expect GDPR to change the way people do business in these times?
GDPR is going to change many things, but I'm not sure it's going to change how companies and people are doing business. There is a rising demand for companies to be more responsible, more alert, and more sensitive about how they are dealing with customer data.
GDPR puts a lot of pressure on the vendor's shoulders, but in the world that we currently live in, it's a mandatory prerequisite to ask companies that are delivering their technologies to answer consumer needs and to be responsible and alerted about where and how their privacy is dealt with and managed.
For Alcide, our contribution to GDPR is super-isolation capabilities that have not been seen before. Whenever a production event or a security event occurs, we are able to shorten the isolation scenario from a couple of days to a couple of minutes. We show the vendor how their operation works in real time. In today's complex environment you can't secure what you can't see, so our groundbreaking visibility layer allows for the enabler for building security controls to know where your access resides.