Close
  • Latest News
  • Artificial Intelligence
  • Video
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Subscribe
Logo
  • Latest News
  • Artificial Intelligence
  • Video
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Subscribe
    Home Cloud
    • Cloud
    • Cybersecurity

    DisruptOps Aims to Improve Cloud Security With Guardrails

    Written by

    Sean Michael Kerner
    Published October 18, 2018
    Share
    Facebook
    Twitter
    Linkedin

      eWEEK content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More.

      In the world of security, a common tactic is to block malicious actions in an attempt to prevent harm, but that’s not the approach that security startup DisruptOps is taking.

      DisruptOps is taking a “guardrails” approach as part of the company’s in-development cloud management platform for automated security and operations. The company announced on Oct. 17 that it has raised $2.5 million in a seed round of investment led by Rally Ventures to help fund development and the go-to-market plans, as it brings forward a new model for cloud security.

      “Every organization that I have worked with over the years that gets to a certain scale of cloud ends up having to build their own automation just to keep their environments running,” Rich Mogull, co-founder and vice president of product at DisruptOps, told eWEEK. “Almost always, the first place they start is with a concept called guardrails, which is basically the ability to monitor your environment to keep things in order.”

      Mogull is well-known in the security industry as the CEO of Securosis, which is a cloud security consulting firm that he is still running as a separate business. He said he had the realization one day that organizations didn’t have to run a scanner to find potential cloud misconfigurations; instead, organizations can make use of the APIs that cloud providers already have to determine configuration.

      “I really don’t need to scan the things. I can just make some API calls, and it tells me exactly the way things are at that point in time,” he said.

      At DisruptOps, the company is building a platform to automate and enable organizations to implement the guardrail approach, using the native-cloud platform’s own APIs to understand and determine configuration.

      How It Works

      The DisruptOps system is a software-as-a-service (SaaS) platform that runs on Amazon Web Services (AWS). Mogull said there is nothing for users to install and all that is required is the appropriate access to a given cloud deployment. In a demonstration, Mogull showed how the guardrails approach can be used to help set up automated backups as well as prevent the unintended disclosure of information via publicly accessible Amazon S3 storage buckets.

      “Why we call these guardrails and not blockers is because the objective is to try to reduce the risk without breaking something,” Mogull said.

      He added that often when an S3 bucket is opened up, or if an internet-facing administrative server was opened, it’s typically a case of where an administrator was just trying to do something for work and got lazy, forgetting to close the access after opening it up.

      “What we lock down are the known corporate IP address ranges that are pre-approved,” Mogull said. “That’s really not as much of a risk at that point because it’s not exposed to the internet anymore and perhaps that person can still get their job done.”

      If the organization wants to take additional action and completely quarantine a session, that’s an optional step that the DisruptOps platform enables as well. Mogull said DisruptOps’ real objective over time is to have the system almost completely automated as users tune their rules to get the configuration they want.

      The guardrails approach is intended to supplement the intelligent secure defaults that are already in place for many AWS services. For example, Mogull said AWS security groups have default settings that are relatively secure and S3 storage buckets that are always default to private.

      “The problem is that once you start doing anything at scale in an enterprise environment, that’s just not going to last,” he said.

      Additionally, he said Amazon provides a lot of alerting for different conditions that can be helpful for security. Managing alerts and configuration at scale can be a key challenge for many organizations.

      “That’s where I think there’s room for tools like the ones we’re building,” he said. 

      DisruptOps is set to go into beta soon, and Mogull said there have already been some early users trying out the system. Assuming the beta process goes well, Mogull said a soft general availability of the DisruptOps platform will happen by the end of 2018.

      Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.

      Sean Michael Kerner
      Sean Michael Kerner
      Sean Michael Kerner is an Internet consultant, strategist, and writer for several leading IT business web sites.

      Get the Free Newsletter!

      Subscribe to Daily Tech Insider for top news, trends & analysis

      Get the Free Newsletter!

      Subscribe to Daily Tech Insider for top news, trends & analysis

      MOST POPULAR ARTICLES

      Artificial Intelligence

      9 Best AI 3D Generators You Need...

      Sam Rinko - June 25, 2024 0
      AI 3D Generators are powerful tools for many different industries. Discover the best AI 3D Generators, and learn which is best for your specific use case.
      Read more
      Cloud

      RingCentral Expands Its Collaboration Platform

      Zeus Kerravala - November 22, 2023 0
      RingCentral adds AI-enabled contact center and hybrid event products to its suite of collaboration services.
      Read more
      Artificial Intelligence

      8 Best AI Data Analytics Software &...

      Aminu Abdullahi - January 18, 2024 0
      Learn the top AI data analytics software to use. Compare AI data analytics solutions & features to make the best choice for your business.
      Read more
      Latest News

      Zeus Kerravala on Networking: Multicloud, 5G, and...

      James Maguire - December 16, 2022 0
      I spoke with Zeus Kerravala, industry analyst at ZK Research, about the rapid changes in enterprise networking, as tech advances and digital transformation prompt...
      Read more
      Video

      Datadog President Amit Agarwal on Trends in...

      James Maguire - November 11, 2022 0
      I spoke with Amit Agarwal, President of Datadog, about infrastructure observability, from current trends to key challenges to the future of this rapidly growing...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2024 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.