In today’s world, security risks are everywhere at the seams. Shared models are creating opportunities for exploitation. Many are trying to achieve compliance while mending the vulnerability in cloud computing.
In essence, it isn’t about fixing the present, but it’s about paving the way for a safer future. One company with its eye on those challenges is Secureframe Inc., with its core mission of simplifying compliance for businesses of all sizes, according to Ruoting Sun (pictured), vice president of product at Secureframe.
“We believe that a lot of the simplification happens through automating the work that needs to be done. At the end of the day, most of our customers tend to be very tech-forward, tech-enabled companies,” he said. “Their entire infrastructure stack tends to be in public cloud.”
Sun spoke with theCUBE industry analyst John Furrier at the “Cybersecurity” AWS Startup Showcase event, during an exclusive broadcast on theCUBE, SiliconANGLE Media’s livestreaming studio. They discussed how Secureframe Comply AI works and the company’s overall vision for compliance. (* Disclosure below.)
The goals at hand
When it comes to the customers that usually work with Secureframe, the companies tend to use a lot of software-as-a-service tools for endpoint management, along with single sign-on. The company apps are typically in Amazon Web Services, Azure and Google Cloud Platform, according to Sun.
“It actually is very easy to get a very good idea of the posture, the security posture and the compliance posture of these organizations, because so much of their technology infrastructure is actually cloud-native and is API-first, right?” Sun said. “The mission and the goal of Secureframe and the value that we provide is really to plug into all of the different infrastructure assets that you have and simplify the compliance workload that you typically have to go through to get a SOC 2, to get ISO 27001, to get FedRAMP authorization.”
There’s a lot of manual work that is involved in that process. That work also comes at a time when budgets are not getting bigger while there’s a skills and labor gap perspective in cybersecurity, Sun noted.
“We think that things like automation and AI can actually go a long way in addressing some of the skills shortage, as well as the lack of budget that a lot of customers are seeing today to invest in security and IT,” he said.
Where the market is heading
For companies that were entirely born in the cloud, most cloud workloads have a public-facing API, so it’s very easy for Secureframe to grab that data, according to Sun. Much of that has to do with evidence collection.
“The reality is, all of that stuff can actually be blown away by automation, if that information, that metadata around the configuration of those workloads and the configuration of those applications are made publicly available,” he said. “We plug into AWS, we plug into Azure, we plug into GCP, we plug into your endpoint management tool, your single sign-on service, your HR tools, your code repos and version history and version change tools, your ticketing tool — all of these different tools.”
The purpose of that is to automate the evidence collection and the workload testing that needs to be done to prove that a company is compliant with the thing it says it is compliant with. For cloud-native organizations and API-first, that’s very easy, Sun noted.
“For organizations that have a hybrid … on-prem, it’s a little bit trickier. But even a lot of the on-prem services now actually have an external-facing API,” he said. “[They have an] internet-facing connection that we can pull into.”
The company also recently launched its API, so users can use it to build custom middleware with their on-prem services. That way, they can build that same level of automation that Secureframe offers out of the box for a lot of the cloud-native elements, according to Sun.
“Obviously, as we grow, and as we see more and more larger customers in mid-market and enterprise, we expect that we’ll have to build a lot of that stuff out of box ourselves as well,” he said. “But that’s really where the company and where I believe the market is headed.”
Here’s the complete video interview with Ruoting Sun, part of SiliconANGLE’s and theCUBE’s coverage of the “Cybersecurity” AWS Startup Showcase event: