Cloud App Management
Business Wire | September 29, 2023
CoreStack, a global multi-cloud governance provider, today announced the release of CoreStack Assessments, a product that simplifies and streamlines multi-cloud assessments for managed services providers and their enterprise customers. CoreStack Assessments equips MSPs and SIs to run multi-cloud assessments at scale against cloud-native Well-Architected Frameworks as well as custom frameworks, enabling them to quickly and easily identify and resolve issues across security and compliance, cost, and operations.
As organizations progress their cloud transformation, it’s imperative that they continue to operate in an optimized and well-architected manner, said Cyril Belikoff, GM of Azure and Industry GTM at Microsoft. CoreStack Assessments hits the mark by empowering single and multi-cloud customers with a comprehensive evaluation of architectural alignment with industry best practices.
“We are thrilled to introduce CoreStack Assessments to our partners – and to simplify delivery of cloud assessments,” said Saba Arumugam, CoreStack’s Chief Technology Officer. “Armed with these powerful assessment capabilities, our partners will be able to capitalize more quickly on the opportunities that matter and help their customers realize the full potential of their cloud investments. This solution provides our partners a robust, flexible, and streamlined assessment experience so they can help customers embrace cloud best practices in the most efficient way possible.”
Purpose-built for partners, CoreStack Assessments provides out-of-the-box support for Microsoft Azure, AWS, and GCP frameworks. Partners can also import existing custom frameworks, create custom assessment frameworks based on hyperscaler frameworks, or create new frameworks from scratch. With multi-level hierarchy and identity isolation, a clear and centralized workflow, and highly automated issue detection and recommendations, CoreStack Assessments provides MSPs new levels of assessment flexibility and scalability. The solution also provides powerful collaboration, evidence tracking, and reporting features.
“For Cloudelligent, CoreStack Assessments has been a game changer,” said Dwayne Lyle, Chief Revenue Officer at Cloudelligent. “It has reduced the internal costs to deliver a Well-Architected Review and automated many of our manual activities, accelerating delivery of these assessments by 50% and helping us ensure our customers are always well-architected. Ultimately it has improved the customer experience and differentiated us from other AWS Well-Architected Partners who deliver reviews in a more traditional way.”
CoreStack Assessments is offered alongside CoreStack NextGen Cloud Governance, a powerful set of solutions that leverage AI to provide continuous and autonomous governance for FinOps, SecOps, and CloudOps through one unified dashboard. CoreStack NextGen Cloud Governance is designed to help customers leverage best-of-breed cloud platforms with the least friction possible, boosting top-line revenues and bottom-line efficiencies whether they’re running AWS, Microsoft Azure, GCP, OCI, or a combination of cloud providers.
CoreStack was recently named one of the fastest-growing private companies in the U.S., ranking 835th on the Inc. 5000 List for 2023. CoreStack's inclusion on this prestigious list underscores its striking growth and transformative influence within the cloud industry. CoreStack comes in 120th in the Software category and is the 10th best performing company in the Seattle area and 12th in Washington State. CoreStack has also been recognized by Frost & Sullivan, Forrester, Gartner, S&P Global, and IDC as an innovator and leader in cloud management.
CoreStack provides a NextGen Cloud Governance platform that empowers enterprises to predictably increase top-line revenues, improve bottom-line efficiencies, and gain a competitive edge through AI-powered real-time cloud governance on autopilot. CoreStack's FinOps, SecOps, and CloudOps solutions embrace, enhance, and extend native-cloud capabilities, enabling reporting, recommendation, and remediation and providing single pane-of-glass governance across multi-cloud. Through executive dashboards for comprehensive real-time insights, CoreStack delivers transformative value such as 40% increase in operational efficiencies, 50% decrease in cloud costs, and 100% security assurance and compliance. CoreStack helps 750+ global enterprises govern $2+ billion in annual cloud consumption, and $300 million in cloud cost savings. Frost & Sullivan, Forrester, Gartner, S&P Global, and IDC have recognized CoreStack as an innovator and leader in cloud management. CoreStack is backed by strategic advisors, including the ex-CEO of Wipro and ex-CIO of Microsoft. The company is a Microsoft Azure (Legacy) Gold Partner, Amazon AWS Technology Partner with Cloud Operations Competency, Oracle Cloud Build Partner, and Google Cloud Build Partner. To learn more, visit www.corestack.io
Orca Security | September 14, 2023
Orca Security, a leader in agentless cloud security, has unveiled a groundbreaking AI-driven cloud asset search feature within its Orca Cloud Security Platform. This innovation positions Orca as the first provider to offer an AI-powered cloud asset search that's as simple as asking a question. This development empowers not only security professionals but also developers, DevOps teams, cloud architects, and risk governance and compliance teams to swiftly and effortlessly gain insights into their cloud environments.
Building upon its existing integrations with ChatGPT and Microsoft Azure OpenAI GPT-4 for generating remediation instructions, Orca's new AI-driven search functionality revolutionizes accessibility by enabling users to pose natural language queries like, ‘Do I have any Log4j vulnerabilities exposed to the public?’ or ‘Are there any unencrypted databases with sensitive data accessible on the internet?’ This democratizes cloud security, making it accessible to individuals across the organization, regardless of their expertise, to rapidly respond to zero-day risks, optimize cloud assets, and assess exposure to threats.
Gil Geron, CEO and co-founder of Orca Security, emphasized the platform's user friendliness, stating,
With our latest AI-powered cloud asset search, we are delivering on our promise to provide cloud security that is easy to operate. We built the industry’s first agentless cloud security platform to eliminate lengthy and labor-intensive deployments. Now we are focused on democratizing cloud security by introducing solutions that do not require reading through lengthy documentation or extensive training to operationalize, allowing security teams, developers, and DevOps teams to get value from day one.
[Source: Business wire]
Cloud asset discovery is a critical process involving the identification, categorization, and mapping of all digital assets within a cloud environment. This includes virtual machines, databases, storage instances, containers, networking components, and applications. Yet many organizations lack access to this vital information.
Orca's patented SideScanning technology offers 100% visibility for asset discovery and is now presenting this data intuitively to various teams across organizations, enabling a comprehensive understanding of their cloud environments. This capability is particularly crucial during zero-day threats, where speed is essential, facilitating faster and more effective mitigations.
Orca's solution also eliminates the need for users to understand different naming conventions for each cloud provider. Instead, users can ask general questions, and Orca will automatically search for the relevant status names for each provider, streamlining the search process and ensuring accurate results.
The AI-powered cloud asset search feature is immediately available through a feature request in the Orca Cloud Security Platform.
About Orca Security
Orca Security is a leading provider of cloud security solutions that offer full-stack visibility of the complete cloud infrastructure. It provides deep insights into vulnerabilities, malware, misconfigurations, and more across various platforms, including AWS, Azure, Google Cloud, Alibaba Cloud, and Kubernetes. The platform is designed to provide complete visibility of the entire cloud estate, from development to production, without requiring an agent. The company is known for innovative SideScanning technology that delivers instant-on, workload-level security.
Cloud App Development
Business Wire | September 15, 2023
On September 14, 2023, CloudBees, a leading enterprise software delivery platform, introduces a groundbreaking cloud-native DevSecOps platform that prioritizes platform engineers and developer experiences. The platform, built on Tekton, employs a domain-specific language akin to GitHub Actions and incorporates feature flagging, security, compliance, pipeline orchestration, analytics, and value stream management (VSM) into a fully managed single-tenant SaaS, multi-tenant SaaS, or on-premise virtual private cloud instance.
A spokesperson for CloudBees stated that the revolutionary platform was the market's most open and extensible DevSecOps solution, capable of orchestrating any tool in the software development toolkit. They added that it redefined DevSecOps by addressing the challenges of delivering secure, compliant, cloud-native software faster than ever.
Meeting the Challenges of Cloud-Native Development
As the rush towards cloud-native application development continues, software development and delivery teams grapple with the complexities of modern cloud-native architectures. This has led to the emergence of platform engineering as an evolution of DevOps practices. Platform engineering unites various roles such as site reliability engineers (SREs), DevOps engineers, security teams, product managers, and operations teams with the shared goal of integrating all organizations’ disparate technologies and tools into a streamlined path for developers. The CloudBees platform is purpose-built for this mission.
The CloudBees Platform: Speed and Security
The CloudBees platform empowers organizations to simplify complex cloud-native development and deployment processes across all DevOps tools, thereby accelerating innovation. It ensures a seamless journey from code development to successful deployment with a focus on:
1. Developer-centric experience: Enhancing developer experience by minimizing cognitive load and making DevOps processes nearly invisible through blocks, automations, and golden paths.
2. Open and extensible: Embracing the DevOps ecosystem, starting with Jenkins, and offering flexibility to orchestrate any other tool, protecting existing tooling investments.
3. Self-service model: Allowing platform engineers to customize the platform, providing autonomy for development teams. Developers can focus on innovation without waiting for automation or resources.
4. Security and compliance: Centralizing security and compliance with out-of-the-box workflow templates containing built-in security measures. Automated DevSecOps is integrated, incorporating checks across source code, binaries, cloud environments, data, and identity.
Michel Lopez, founder and CEO at E2F, noted that the CloudBees platform had significantly reduced the time required for their ISO 27001 compliance audit, from 12 hours to just 60 minutes. He also mentioned that the CloudBees platform provided all controls.
Shawn Ahmed, Chief Product Officer at CloudBees, emphasized,
Our new platform empowers developers, unifies teams, and accelerates innovation while offering unprecedented flexibility and choice.
The CloudBees platform promises to enhance developer experiences, streamline processes, and prioritize security, offering organizations a powerful tool to navigate the complexities of modern cloud-native architectures and accelerate innovation.
CloudBees, headquartered in San Jose, California, has been a software development leader since 2010. The company thrives in an innovation-driven industry by addressing the need for balancing development freedom and regulatory governance through its pioneering end-to-end automated software delivery system. Its robust Software as a Service (SaaS) platform encompasses DevOps, Continuous Integration, Continuous Delivery, and more, ensuring secure and compliant innovation.
PR Newswire | October 25, 2023
Lacework, the data-driven cloud security company, today announced a series of updates that expand the platform's enterprise-grade capabilities to help customers do more in the cloud, securely. Lacework is extending its platform support to new cloud providers in order to give customers more choice as they secure their multicloud environments, adding integrations into leading project management tools to increase operational efficiency around risk management, and enhancing agentless workload scanning, among other updates.
Expanded Enterprise Multicloud Support
Enterprises implement multicloud strategies for various economic, technical, and legal reasons, and Lacework is committed to supporting its customers' cloud or clouds of choice. Lacework has extended cloud security posture management to Oracle Cloud Infrastructure (OCI), giving teams visibility into their OCI resources and their associated risks. Whether enterprises are using Amazon Web Services, Google Cloud, Azure, OCI or a combination, the unified Lacework platform gives them visibility from a single location, resulting in better context, better outcomes, and faster investigations.
We are excited that Lacework has added support for Oracle Cloud Infrastructure. It gives us the opportunity to utilize Cloud Security Posture Management capabilities across our multicloud environment with a single platform, said Karen Prichard, Managing Director Group Security, Liberty Global. Our team can continue to reduce our risk and address our threats quicker with the added visibility and context provided by this new integration.
Additionally, the Lacework platform is expanding its industry-leading attack path analysis to Google Cloud and Azure. Attack path analysis from Lacework allows security teams to see their cloud environment through the eyes of an attacker, identifying targets and mapping out how each threat could be exploited to breach a cloud environment. Now Lacework customers leveraging Google Cloud or Azure can gain attack path analysis that is bespoke to each cloud's unique environment.
"My colleague already had the chance to identify configuration issues, it immediately flagged something we had to look at — giving us the opportunity to fix it," Simen Kildahl Eriksen, Security Engineer at Cognite, shares. "It provides an invaluable means of identifying potential configuration problems before they escalate into more significant security breaches."
In the cloud, organizations routinely create and tear down services and containers quickly in order to meet changing demands. Whether testing-development or running batch jobs, ephemeral workloads and containers are opportunities for bad actors to gain access. It's important that security teams do not lose sight of these short-lived instances.
To meet this growing need, Lacework agentless workload scanning has been upgraded to check customer workloads every five minutes for new instances. This granular visibility of what is running and its associated risk assures teams that they have comprehensive visibility into rapidly changing environments and gives confidence that short-lived instances are not falling through the security cracks.
Operationalized Risk Management with ServiceNow and Jira Integrations
It's not enough for an organization to have a list of vulnerabilities, they need to be able to quickly fix them. To enhance its industry-leading threat visibility tools, the Lacework platform now features integrations with ServiceNow and Jira that improve the process of mitigating vulnerabilities. Now, security and development teams have the premium vulnerability feeds with all the context Lacework is known for integrated into their ticketing system of choice. By connecting these systems to streamline response efforts, the appropriate teams can move faster when securing vulnerabilities.
"With the rise of cloud adoption and migration, securing the enterprise has never been more important for organizations," said Deepak Kolingivadi, Head of Security Products at ServiceNow. "The Lacework integration with ServiceNow Vulnerability Response enables our enterprise customers to streamline their response processes by simplifying assignment, collaboration, and remediation of critical vulnerabilities. Using business context in ServiceNow, customers can detect and report the security posture of IT and application environments within the Now Platform. We look forward to continuing our partnership with Lacework and helping mutual customers address cybersecurity threats more quickly and efficiently."
Lacework's integration with ServiceNow Vulnerability Response offerings for infrastructure and container applications is currently available in the ServiceNow marketplace. Lacework's integration to Security in Jira is in private preview.
Lacework keeps organizations secure in the cloud, allowing them to innovate faster with confidence. Cloud security requires a fundamentally new approach and the Lacework platform is designed to scale with the volume, variety, and velocity of cloud data across an organization's cloud environment: code, identities, containers, and multi-cloud infrastructure. Only Lacework provides Security and Development teams with a correlated and prioritized end-to-end view that pinpoints the largest risks and handful of security events that matter most. Learn more at www.lacework.com.