The adoption of cloud services and SaaS products has changed the security conversation in the enterprise. Palerra is launching its LORIC product to automate security for the cloud stack.
The advent and growth of cloud computing impacted almost every aspect of enterprise IT. Perhaps one of the biggest unresolved issues raised in the wake of the cloud revolution is how it has changed the way businesses look at security.
On Tuesday, November 4, Palerra came out of stealth with its LORIC product to take a stab at fixing some of the security problems in the cloud stack. Palerra, formerly known as Apprity, was founded by enterprise software veterans Rohit Gupta and Ganesh Kirti with the goal of automating security in the enterprise.
"Holistically, the ability to automate forensics and automate incident response in this dramatic threat landscape that we live in, we think is absolutely critical for the health of the enterprise," Gupta.
According to Gupta, security requirements have evolved from being inline in the network with early web apps, to the edge with mobile devices, and are now needed at the source, meaning the source of the data or application you are managing. Palerra focuses on "at the source" security.
At the source
Currently, many security officers or IT managers look to access controls or cloud access control providers to go solve security issues raised by the introduction of SaaS products and cloud tools.
While they're useful, Gupta said, they do have some limitations. These include lack of protection against compromised credentials, disruption of user experience, and not much information on user activity details and security controls, among others.
When something bad occurs, it takes too much work to do the forensics and actually figure out what happened. IT or security officers don't want to hear about the number of alerts that were discovered — they want to hear what happened, what it meant, and what was done to fix it.
Palerra is hoping to solve some of these problems with LORIC, which it bills as a cloud security automation platform. LORIC provide four key services:
- Threat detection
- Predictive analysis
- Security configuration management
- Automated threat response
While Palerra operates at the source, it is not inline with cloud services. Users get a full view of all the cloud services they assign to LORIC as well as automatic forensics, incident response, and user activity inspection.
According to Gaurav Garg, founding partner of Wing Ventures and an investor in Palerra, moving security to the source of the application is the best option to maintain a consistent experience.
"As usage of services and applications becomes more mobile, the services themselves are moving to the cloud to support a distributed workforce," Garg said. "While the traditional security answer is to move the perimeter into the cloud, redirecting traffic artificially to multiple successive locations in the network for multiple functions is unwieldy and hugely slows performance. The best solution is to move perimeter security to the source of services and applications and continue to provide and security at the client."
Behind the scenes
One of Palerra's major value adds for LORIC is that it runs in the background, meaning that user behavior is virtually unaffected. LORIC tracks and handles all threats, which are available to administrators in a single window.
Being that LORIC runs behind the scenes, users are unaware that they are actually being monitored. This has the potential to create some privacy concerns.
Gupta said Palerra deal with North American and global clients, including clients in the EU where privacy sensitivity is higher. According to Gupta, the enterprise owns that asset, that experience so it is their choice to monitor.
"As part of the agreement of their employees, or their collaborators, or their suppliers interacting with those services, the enterprises are generally entitled to have the ability to assess, monitor, do that surveillance, fundamentally with the notion of insuring that there's no data leakage or there's no intellectual property that has been compromised," Gupta said.
Typically, he said, the security monitoring is handled as part of standard employment agreements.
The pricing model is subscription-based, scaling up based on the number of users being monitored and number of applications being managed. While Gupta didn't mention specific early customers, he did note that Palerra has customers in a variety of markets, including financial services, defense, higher education, and hospitality.
According to Garg, Palerra will need to cut through the noise generated by large vendors around the concept of cloud security. If they can do that, though, Garg said the long-term opportunity is a large one, "between 10 and 25 billion dollars per year."