Security—by its very nature—tends to get in the way or slow things down. Your house is more secure because your front door is locked, but it would be faster and easier to get in if the door were not locked, or if there simply was no door. The challenge is to recognize the value of security and find ways to streamline it so that it provides adequate protection without imposing too much of a burden.
Finding the right balance between security and productivity is a challenge that most organizations are familiar with—especially as they embrace the accelerated development workflow of DevOps culture and adopt container technologies. In April of 2019, Christy Pettey shared, “Gartner predicts that by 2022, more than 75% of global organizations will be running containerized applications in production, which is a significant increase from fewer than 30% today.”
As organizations try to develop faster to maintain a competitive edge, they also run the risk of implementing security poorly or ignoring it completely. Developers and cybersecurity professionals have separate objectives that often conflict with one another.
Developers Feel the Need for Speed
Developers want to work fast. The focus is on producing and releasing applications that drive business and revenue as quickly as possible. When an app needs access to a service, developers just want to have immediate access. They don’t want to be burdened with messing with configurations or creating tickets, and they definitely don’t want to deal with security and compliance requirements. All of those things slow down the development workflow and impact the performance of the finished product.
Cybersecurity Needs Visibility and Enforcement
The perspective from the cybersecurity side of things is very different. For cybersecurity professionals, it’s important that every service is uniquely identified and it’s crucial that authorization for access to any resource be as-needed and least-privileged in order to minimize the potential attack surface. The IT security team needs dynamic policy enforcement and the resource mapping and logging that provides comprehensive visibility of the environment so they can identify and mitigate risk.
Finding the Balance with Automated Cybersecurity
How can an organization meet the needs of both developers and cybersecurity? Soluble, a new cybersecurity startup, thinks it has the solution. The stated mission of Soluble is “Secure the agile enterprise, so engineers can develop, innovate, and adopt new technologies without slowing down.” The company has grabbed the attention of the RSA Conference for its potentially groundbreaking solution, and will be presenting as a finalist in the Launch Pad event.
Soluble uses Kubernetes to bring security into the DevOps workflow, meeting the needs of the cybersecurity team, while also providing the speed the developers need.
The company has built a SaaS-based API control plane, and provides microproducts, providing strong identity, access, certificates, policy, secrets and more. With a pay-for-what-you-use model, it is designed to deliver value offering its services at a low cost per user, while saving time and resources.
The microproducts are built around industry-standard open-source components, making security readily accessible, manageable, and integrated into developer tool chains so they can get value, and move on.
“For Kubernetes security, we see multiple tools and to-do lists of things that are complicated to do, and never get done,” said Rob Schoening, cofounder and CTO for Soluble.” We can turn these things you talk about, but don’t do, into things that you can do without extra work.”
Cofounder and CEO Rich Seiersen, who was previously CISO of Lending Club, Twilio and GE, and is a leading authority for CISOs on measuring cybersecurity risk, said that engineers can use Soluble to check things off their roadmap.
“Engineers can literally check the box off items in their roadmap—scanning, secrets management, RBAC [Role-Based Access Control], policy management, and more—and move on,” Seiersen said. “Only paying for what they use, and how much they use. Security gets what they need, without getting in engineering’s way.”