Accurics Tackles Cloud Security Early On with Infrastructure as Code
The startup continues to develop its channel partner program.
Less than a month since its launch, Accurics says it is fielding “lots of interest” from partners, even as it continues to fully flesh out its channel program.
That’s according to co-founder and CEO Sachin Aggarwal.
Accurics’ Sachin Aggarwal
“We are looking at a holistic view of our partner program. And are just bringing someone on in the first week of June,” he told Channel Futures. “We will rely heavily on the channel.”
Upa Campbell, chief strategy and marketing officer, agreed.
“We’ve seen a tremendous amount of traction with partners in past three weeks,” she said. “I feel like organizations are really looking at partners to help them figure this out.”
The “this” Campbell refers to is protecting cloud-native infrastructure – think containers, serverless functions, service mesh and more – during the DevOps phase, not later. Born-in-the-cloud deployments eliminate the need to manually place and configure a box in a data center. Instead, IT teams (or their channel partners) write script to secure the cloud environment.
What Is Infrastructure as Code?
Accurics’ Upa Campbell
But there’s a problem with this approach; it’s the issue Accurics aims to solve with what it calls “infrastructure as code.” Most cloud-native security scripting takes place after the development stage. Yet one inadvertent mis-type can expose an asset, or the entire cloud stack, to hackers. In fact, Accurics found in a report it wrote using proprietary data and public sources, 96% of cloud security issues uncovered during production go unaddressed.
“The crux of the issues lies in the fact that as the cloud-native stacks become more complex, the attack surface increases and it becomes harder to detect and remediate potential breach paths,” Piyush Sharrma, CTO and co-founder, wrote in a May 19 blog. “While on the surface it may appear that many cloud breaches are the result of simple misconfigurations of cloud infrastructure such as storage services, the underlying attack kill chains are fairly complex. For example, in the 2019 breach at Capital One where over 100 million individuals were affected, an attacker got hold of a set of AWS access keys by exploiting a server vulnerability. The keys were associated with an IAM role with excessive permissions that enabled the attacker to find an S3 bucket and exfiltrate the data within it.”
To that last point, Campbell noted that 30 billion records have suffered breaches in the last two years alone.
“There needs to be a guardrail for developers and DevOps teams to prevent mistakes like opening ports,” she said.
That’s what Accurics provides through its infrastructure as code platform. Aggarwal said the software takes about 2 minutes to set up and then scans for and displays any problems.
“You don’t need to wait two or three days to see issues in the environment,” he said.
The software also exposes unused assets, a feature partners can use to help enterprises reduce unnecessary cloud spending.
“In addition to helping from a security standpoint, partners can help organizations save money by optimizing their cloud architecture,” Aggarwal said. “We provide visibility into the organization’s entire cloud-native architecture and topology, and you can see what resources not being used.”
All in all, this kind of simplicity and early detection will become more important as the cloud grows more complex. Most organizations continue to tack on security at the end of a cloud deployment. Yet by the time they realize there’s a problem, it’s usually too late, Campbell said.
“You have to embed security earlier, and to do that, we’ve developed a technique called breach path detection, which dramatically reduces the attack surface,” she said.
Gaurav Manglik, general partner at WestWave Capital, said Accurics is tackling the security challenges posed by cloud-native deployments head-on with infrastructure as code.
“I see what Accurics is doing as ‘4-D’ security: It brings a higher level of strategic security to what is still mostly a tactical and one-dimensional discipline,” Manglik told Channel Futures. Accurics, he added, is “enabling organizations to …
… secure the cloud by protecting the full cloud-native stack throughout the DevOps life cycle, and ensures that risk posture does not drift from an established baseline.”
Partners Are Key
Channel partners including system integrators, managed service providers and managed security service providers will prove key to those efforts. Aggarwal said it’s too early to discuss Accurics’ channel strategy and program details. But he said partners will be vital to the company’s success. Accurics partners will need to know cloud architecture “fairly well,” he said, and understand DevOps processes. However, they do not need to be security experts.
In turn, partners who have downloaded the free version of the Accurics platform are reporting positive results, Campbell said.
“I’m very encouraged by the level of traction we’ve seen with partners,” she said.
Plus, she said, the Accurics platform “is very intriguing to partners because the sales cycles are pretty short.”
Finally, while Accurics may be new to the technology sector, Aggarwal is not. The company marks Aggarwal’s fifth startup. He also founded Layered Insight, which Qualys bought; Jvion, acquired by JMI Equity; Aqreva, snapped up by Invision Capital; and Soltius Indonesia, sold to Teledata. Accurics recently emerged from stealth mode with $5 million in seed funding from ClearSky Security Fund, a venture capital firm. Accurics’ other investors are WestWave, Secure Octane and Firebolt Ventures.
About the Author
You May Also Like