As we continue into 2021, we're seeing a rapid rise of new applications being built with modern tools. And in this industry, that's where Data Theorem comes into play, as the company leads the way in providing modern application security. To that end, the company announced a new solution called Cloud Secure, which is focused on cloud data protection. To find out more about what the company has been up to, VMblog reached out to Doug Dooley, Data Theorem's chief operating officer.
VMblog: It has been about nine months since we've last spoken. What
has Data Theorem been up to?
Doug Dooley: The pandemic has posed a variety of opportunities and challenges. Many of
our customers have shifted their budgets, resources and focus on building
better applications that bring them closer to their customers. More attention
on securing applications and protecting data privacy has happened during the
pandemic because it is essential when working from home. As a result, 2020 was
Data Theorem's best year of growth and 2021 is shaping up to be even stronger
than last year.
VMblog: Tell me about this new solution you are launching to
protect and secure Cloud environments.
Dooley: Cloud Secure is our newest product focused on cloud data protection
that complements our other three products: API Secure, Mobile Secure, and Web
Secure. We are excited about delivering one of the first app-centric cloud
security products to the market. By 2023, more than 500 million apps
will be developed and deployed using cloud-native approaches - the same number
of apps developed in the last 40 years according to IDC. The app explosion
happening in the cloud is real. And security teams are lagging way behind
DevOps in using effective tools that support this app explosion in the cloud.
We believe Cloud Secure can help a lot of teams dealing with unique app
security problems in the cloud.
VMblog: What is so different about protecting apps built in cloud
environments compared to on-premises data centers?
Dooley: The attack surface is substantially different for cloud-native apps vs
on-premises apps. In the cloud, APIs and microservices are prolific and change
daily. Hackers are taking advantage of the data-in-motion and data-at-rest
layers in the cloud. This is very different than what we see in on-premises
environments. The compute and network layers of cloud apps are ephemeral by
default. These layers spin up and down based on the popularity and usage of
applications in the cloud. In many ways, the host operating system and
traditional perimeter networks have little bearing on securing cloud-native
apps and APIs. In contrast, far too many IT security tools from on-premises
data centers are dependent on host OS agents such as EDR and anti-virus, and enterprise
firewalls, gateways, and proxies that no longer work well in dynamic cloud
networking. The need for Attack Surface Management tools such as analyzers,
hacker toolkits, and defensive toolkits to make cloud-native apps more secure is
in high demand.
VMblog: Aren't there already solutions out there doing this?
Dooley: We have not seen any competitors taking on our technical approach of
deploying cloud security without any use of an agent or change/adding proxies
to the network. Many other cloud security offerings come from a long tradition
of network gateways and host-agent protection products. Our expertise is deeply
embedded in application security, particularly cloud-native apps. We believe
the security industry must go through a reinvention period if we want to take
legacy tools from the data center and make them work effectively for
cloud-native architectures. Case in point, we see large firewall vendors
acquiring many companies in the cloud security space to re-invent themselves.
None of these newly acquired companies have a network-appliance style approach
that worked in traditional data centers. New cloud architectures drive the need
for new security innovation. Hence, the competitive field remains open for
better cloud security tools.
VMblog: How does this add to and enhance your existing AppSec portfolio?
Dooley: I would say most of our customers are in two main camps: (1)
born-in-the-cloud companies and (2) digital transformation companies who are
multi-cloud. Our existing portfolio of Web, Mobile, and API Secure customers benefit
tremendously from Cloud Secure because nearly all the applications our
customers build and update are connected to cloud services specifically running
in AWS, Azure and GCP. Misconfiguration and vulnerable exploits found at the
cloud layers of these applications have and will continue to create
headline-generating data breaches. We want it to be easier and simpler for our
customers to understand and remediate problems in their application stack
starting at the client layer down to the infrastructure layers in the cloud.
For the first time starting this quarter, all of our products can be purchased
in Amazon, Microsoft, and Google's marketplace to make it simple and easy for
any customer to get Cloud Secure for their cloud-native apps.
VMblog: What are some of the key benefits organizations can realize
with your new Cloud Secure solution?
Dooley: The three biggest benefits our customers receive are security automation,
speed, and data protection. More details on Cloud Secure can be found at https://www.datatheorem.com/products/cloud-secure
.
VMblog: Can you describe a typical customer use case for this new
solution?
Dooley: The first use case we have seen is that customers want to simplify and lower
the cost of cloud compliance while cutting the expenses of CSPM (Cloud Security
Posture Management) tools. We think the price of CSPM today is far too high for
most customers so we will help reduce that expenditure. Our on-demand
compliance reports make the cost of auditing significantly easier and faster.
Further, Cloud Secure helps with third party and supply chain risk management,
data privacy protection, and overall vulnerability management in the cloud.
VMblog: And I can't let you go without asking, what can we expect to see
from Data Theorem during the rest of 2021?
Dooley: We hope 2021 will be a year of transformation and re-evaluation. As
customers see positive returns on their investments in cloud and app
modernization to serve their customers better, we want to be one of their most
important partners for modern application security. We plan to automate more of
the security tooling than we have ever done before. And DevSecOps will not just
be an aspirational goal but becomes the normal daily practice when rolling out
cloud-native apps.
VMblog: It has been great speaking with you. Anything you want to add or
leave our readers with before we wrap up?
Dooley: Doing your own free trial of Data Theorem is probably the best way to get to
know us and see if we are a good fit for you. Data Theorem setups on AWS,
Azure, or GCP are ready to go by clicking here: https://www.datatheorem.com/trial/
##