While the cloud is becoming increasingly important in the modern business world, companies migrating to remote infrastructure face a number of challenges, perhaps the most important of which is security. Cloud-based application and data hosting is now a reality for many businesses. However, knowing exactly what’s going on underneath the hood isn’t always easy due to the complexity of the integrations at work, which range from API gateways to Kubernetes. As a result, identifying security policy violations can be difficult.
This is a problem that Paladin Cloud is attempting to address with an open source “security-as-code” platform that is now available to the public. Paladin’s primary mission is to assist developers and developer operations (DevOps) teams in protecting their applications and data in both testing and production environments — and it does so by providing full visibility into the security posture of their numerous cloud services and enterprise systems. Finally, it all comes down to automating the detection and remediation of security policy violations, which can range from unauthorised access and misconfigurations to insecure APIs.
The Piscataway, New Jersey-based startup announced today that it had raised $3.3 million in a seed funding round co-led by Okapi Venture Capital and Bowery Capital, with participation from a slew of notable backers including Samsung Next, T-Mobile Ventures, SaaS Ventures, Touchdown Ventures, and UST to help take the open source project to the next stage and further toward commercialization.
Paladin employs a plugin-based architecture to assist developers in connecting to and ingesting data from a wide range of sources, including code repositories, threat intelligence systems, API gateways, Kubernetes, and others. Paladin can then locate all assets, evaluate and identify policy violations, and carry out any pre-configured auto-fixes.
While Paladin is designed to secure all of the major public clouds, including AWS, Azure, and Google Cloud, it is also flexible and extensible as an open source project. This means it can be used as part of a company’s hybrid cloud strategy, where some of its data and applications are hosted on public and private cloud infrastructure — Paladin can be used to build bridges between these disparate systems.
To get a better sense of the world into which Paladin has entered, consider Wiz, a $6 billion company; Bridgecrew, which was recently acquired by Palo Alto Networks for $156 million; and Accurics, which was acquired by Tenable for roughly the same amount. Not to mention other fledgling startups like Jit, which recently emerged from stealth mode with $38.5 million in seed funding.
As a result, it is clear that there is a genuine need for cloud-native security in the age of DevOps. Paladin, on the other hand, touts its open source foundation as a key differentiator. The benefits are the usual benefits that open source solutions bring to the table, such as the fact that open source is an extremely appealing proposition for developers who prefer to tinker with and test-drive software themselves, rather than having to jump through giant corporate hoops.
While there are other open source players in the space (including venture-backed Stacklet), Paladin touts its “holistic approach” to cloud security, which includes the aforementioned connector-based architecture, which extends security not only across the major public clouds, but also across a wide range of cloud technologies such as Kubernetes.