Providing a robust cloud-native application protection platform, Tenable helps to secure cloud resources, container images and cloud assets
“Channel partners need to recognize that the market for managed services isn’t diminished with the new approach to security.”
VP of Engineering,
In a special interaction with SME Channels, Piyush Sharma, VP of Engineering, Tenable, sheds light on the cloud industry, the benefits of Infrastructure-as-Code, solutions from Tenable’s stable to address business pain points, and, last but not the least, opportunities for the channel partners. Edited excerpts…
What is Infrastructure-as-Code?
IaC is an IT practice that codifies and manages underlying IT infrastructure. It is a strategic approach for DevOps teams that want to maintain their infrastructure with the trouble of manual provisioning. Managing IT infrastructure is a time-consuming process and requires IT teams to physically put the servers in place, configure them and then deploy the application. This often results in discrepancies, hampers agility and is also expensive.
IaC resolves this cumbersome process by using software tools to automate specific tasks through a version control system. This means that IT infrastructure can be written and described in code, and this code can be executed to make changes to the infrastructure. IaC offers speed and scalability to efficiently meet customers’ needs in a timely and seamless manner. But there is another larger problem at hand. The speed at which DevOps teams are rapidly pushing out new products and features is outpacing security. Therefore, it is critical that CISOs adopt security solutions that enable DevOps teams to continue production while applying security practices at the time of writing the code — a shift left approach.
What is the market size for the cloud in India?
The cloud market in India witnessed massive growth since 2020 with an annual growth rate of 24%. The public cloud market in India alone is expected to reach $10.9 bn by 2025. In India, the need for improved infrastructure, the economic benefits of cloud computing, and the government’s efforts to promote digital India and IT infrastructure are propelling the market growth. Innovative technologies such as AI, deep learning, advanced analytics, and immersive media in the IT ecosystem are contributing to the need of IaC which also increases the importance of involving security from the onset as infrastructure is being developed.
Who are the ideal customers for IaC security?
Any organization with hosting infrastructure on public cloud and teams developing in-house apps or using the cloud-native technologies.
What is the offer from Tenable?
Tenable.cs is our cloud-native application protection platform designed to help organizations secure cloud resources, container images and cloud assets. It provides end-to-end security from code to cloud to workload. With Tenable.cs, organizations can programmatically detect and fix cloud infrastructure misconfigurations in the design, build and runtime phases of the software development lifecycle. This prevents unresolved insecure configurations or exploitable vulnerabilities from reaching production.
Tenable.cs secures IaC) before deployment and maintains a secure posture in runtime. It enables IaC to remain secure by eliminating the need for complex and manual processes. Our solution also offers continuous visibility to assess cloud hosts and container images for vulnerabilities without having to manage scan schedules, credentials, or agents.
What are the opportunities for the channel partners?
Organizations need to reduce cloud security complexity with solutions that support both developer and security workflows — both in development and in runtime. IaC needs to be born secure so that there is a single source of truth. From there, run-time needs to be continuously monitored for changes to the infrastructure against the same set of policies. This developer-first approach enables cyber resilience through self-healing as organizations embrace cloud-native infrastructure.
Channel partners need to recognize that the market for managed services isn’t diminished with this new approach to security. It requires more consulting and services to build developer-friendly, self-healing processes as it is critical to understand the culture and requirements. This creates stronger relationships with clients; delivers more value, and builds an added layer of security.