DisruptOps Aims to Improve Cloud Security With Guardrails

While Amazon Web Services (AWS) has some intelligent secure defaults, those configurations can shift over time, which is where security startup DisruptOps is looking to make a difference.

DisruptOps

In the world of security, a common tactic is to block malicious actions in an attempt to prevent harm, but that's not the approach that security startup DisruptOps is taking.

DisruptOps is taking a "guardrails" approach as part of the company's in-development cloud management platform for automated security and operations. The company announced on Oct. 17 that it has raised $2.5 million in a seed round of investment led by Rally Ventures to help fund development and the go-to-market plans, as it brings forward a new model for cloud security.

"Every organization that I have worked with over the years that gets to a certain scale of cloud ends up having to build their own automation just to keep their environments running," Rich Mogull, co-founder and vice president of product at DisruptOps, told eWEEK. "Almost always, the first place they start is with a concept called guardrails, which is basically the ability to monitor your environment to keep things in order."

Mogull is well-known in the security industry as the CEO of Securosis, which is a cloud security consulting firm that he is still running as a separate business. He said he had the realization one day that organizations didn't have to run a scanner to find potential cloud misconfigurations; instead, organizations can make use of the APIs that cloud providers already have to determine configuration.

"I really don't need to scan the things. I can just make some API calls, and it tells me exactly the way things are at that point in time," he said.

At DisruptOps, the company is building a platform to automate and enable organizations to implement the guardrail approach, using the native-cloud platform's own APIs to understand and determine configuration.

How It Works

The DisruptOps system is a software-as-a-service (SaaS) platform that runs on Amazon Web Services (AWS). Mogull said there is nothing for users to install and all that is required is the appropriate access to a given cloud deployment. In a demonstration, Mogull showed how the guardrails approach can be used to help set up automated backups as well as prevent the unintended disclosure of information via publicly accessible Amazon S3 storage buckets.

"Why we call these guardrails and not blockers is because the objective is to try to reduce the risk without breaking something," Mogull said.

He added that often when an S3 bucket is opened up, or if an internet-facing administrative server was opened, it's typically a case of where an administrator was just trying to do something for work and got lazy, forgetting to close the access after opening it up.

"What we lock down are the known corporate IP address ranges that are pre-approved," Mogull said. "That's really not as much of a risk at that point because it's not exposed to the internet anymore and perhaps that person can still get their job done."

If the organization wants to take additional action and completely quarantine a session, that's an optional step that the DisruptOps platform enables as well. Mogull said DisruptOps' real objective over time is to have the system almost completely automated as users tune their rules to get the configuration they want.

The guardrails approach is intended to supplement the intelligent secure defaults that are already in place for many AWS services. For example, Mogull said AWS security groups have default settings that are relatively secure and S3 storage buckets that are always default to private.

"The problem is that once you start doing anything at scale in an enterprise environment, that's just not going to last," he said.

Additionally, he said Amazon provides a lot of alerting for different conditions that can be helpful for security. Managing alerts and configuration at scale can be a key challenge for many organizations.

"That's where I think there's room for tools like the ones we're building," he said. 

DisruptOps is set to go into beta soon, and Mogull said there have already been some early users trying out the system. Assuming the beta process goes well, Mogull said a soft general availability of the DisruptOps platform will happen by the end of 2018.

Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.

Sean Michael Kerner

Sean Michael Kerner

Sean Michael Kerner is an Internet consultant, strategist, and contributor to several leading IT business web sites.