By William Choe, VP Marketing/Product for Octarine
We are at a unique inflection point both in the market, as cloud-native applications start to take off, and with our company, as we publicly launch our cloud-native security platform. On the precipice of this gigantic IT shift and company milestone, I thought it would be good to capture the moment, so I sat down with Octarine’s two founders, Shemer Schwarz (SS) and Haim Helman (HH) to get their perspective on what’s going on. Here’s what they had to say:
You two have known each other and worked together for a long time, is there anything about this moment that stands out?
SS: We met 25 years ago, back in the Israeli army, so we’ve been friends since the age of 18. We’ve seen all sorts of change, but it’s been a long time since we’ve been so excited about a new technology – cloud-native promises to revolutionize IT.
HH: Yes, we started our first company, XIV, back in 2002, which we sold to IBM in 2008. We wanted to do something new together, and cloud-native created that opportunity.
What did you see as the opportunity?
SS: We are both very passionate about cloud-native. We saw it as the right way to build applications to truly get the scalability, agility, and resiliency organizations want, however, we also saw the huge security gap that existing network security technologies would never be able to fill. We saw that as the opportunity for us.
HH: I was coming from the infrastructure side, while Shemer was looking at it from the application side. We quickly recognized that before organizations could adopt cloud-native apps in a meaningful way, they would need to be secure, but the way security is currently done is simply not relevant for distributed applications.
When you say traditional security solutions can’t protect cloud-native apps, what do you mean?
SS: Traditional security solutions use fixed network policies to try to protect a perimeter and API gateways to protect against known threats. This might have worked for monolithic apps running on dedicated servers, but not now. New cloud-native apps are made up of many microservices working with one another, across a mix of clouds, containers and serverless environments, so there is nothing fixed about them and there is no perimeter.
HH: In addition, the communications between microservices are typically encrypted, so even if traditional security could track the internal, east-west, traffic – which they can’t - they would have no idea what’s going on. When you don’t know which microservice is talking to which microservice, or what APIs are being used, or what kind of data is being accessed, you have no way to create, manage or enforce effective security policies. And forget about trying to identify threats in that traffic.
SS: We recognized the only way to actually protect these new cloud-native apps was to have security closer to the app. Just as cloud-native apps were turning software norms on their head, we had to do the same thing with security. So, we started looking at how best to secure the interactions between the microservices and apply policies to prevent violations and cyberattacks that put the business at risk.
How did you come up with what you are doing?
HH: We came up with the idea by borrowing from the models that other tools and services used, such as application performance monitoring. Basically, we wanted to offload authentication, access control, and policy management, so it wasn’t the developer’s responsibility, but could be super-imposed upon the application.
SS: We knew we could do it because we had built successful enterprise-grade solutions in the past. We set out to create cloud-native security that fit with cloud-native apps. We came up with our application-level security platform that both makes life easier for the developers and apps more secure and compliant for the security team.
How did you know you were on to something?
SS: After the initial development, we went to get feedback from potential customers. We talked with early adopters of cloud-native apps, who were just starting to realize the security problems themselves. We told them what we were doing, and they were extremely receptive. Everyone we talked to signed up to work with us and provide feedback as we developed the platform.
HH: Our approach and what we were trying to do really resonated with them. They had seen that what they had wasn’t going to work to secure cloud-native applications and was creating a huge management burden. They liked how easy we were making it for them to identify zero-day threats, enforce policies and protect the privacy and integrity of sensitive data, so they could confidently adopt cloud-native apps.
What do you see as your mission?
HH: We are looking to reinvent the concept of application security, so it meets the needs of these new cloud-native applications. That means it must be simple to deploy and use and provide immediate value, at very low overhead.
SS: The cloud-native revolution is just beginning. As more and more companies adopt the cloud-native approach, we plan to be there to ensure they remain secure.
What’s the culture of the company you’ve created?
SS: We’re a group that likes a challenge. We’re problem solvers, but we’re not looking to solve academic problems, we want them to be customer driven. So, everything we do centers on whether the result will help our customers do what they want to do. Because of our engineering background, I think you could describe our overall approach and environment is grounded in engineering, in a good way. It’s very open, collaborative and innovative.
HH: Because this is the second time around, we made the conscious decision to work with people we like. I would say everyone is an easy going, overachiever. That may not seem to make sense, but it works for us. Everyone here thinks making this platform is fun.
SS: We’re looking for great people to join us who are passionate about security and committed to solving tough problems. We want team members who share our enthusiasm and have the same drive to change IT for the better. It’s how we will remain focused on building the innovative, enterprise-grade solutions our customers need.
I can’t end an interview without asking about the name. A lot of people ask ‘why Octarine?’ How did you come up with it?
HH: When you solve a really hard problem and make it look easy, it’s like magic. We wanted to solve cloud-native security, which is a really hard problem, in a way that makes it look easy, so Octarine, which is the color of magic in the Terry Pratchett Discworld novels, seemed to fit.
SS: I like to think what we are doing here is a little magical [big grin]. Just kidding!