Last week, my fellow Scyphers and I attended and exhibited at our first Gartner Security and Risk Summit. After attending sessions and interacting with more than 250 security executives at our booth, here are our key takeaways:
- Cloud and container security are a top concern: The rapid adoption of cloud and container-based platforms has created an explosion in complexity and risk for enterprise IT teams. Pretty much all cloud and container-related sessions were packed. If you look at Gartner’s list of Top 10 security project for 2019, four of them covered cloud and/or container security.
For this reason, Scytale Enterprise resonated with the security practitioners we met, as they were able to see how it could help their organization easily and securely extend their existing identity providers to the cloud and container-based platforms.
- Successful implementation of cloud-native application security will require a fundamental shift: “Properly, implemented, cloud-native applications will be the most secure applications your organization has ever developed and deployed,” said Neil MacDonald, a Distinguished VP at Gartner. “But, you must jettison the baggage of your conventional thinking, tools, and processes for security.”
We built Scytale Enterprise for this very reason. As our enterprise customers increasingly adopt dynamic computing platforms, like public cloud, containers, and serverless, they realize their existing security products - such as network/application firewalls and API gateways - and authentication protocols - such as Kerberos and oAuth - are not well-suited to authenticate and protect service-to-service communication. We wanted to see if Gartner attendees agreed, so, we ran a small survey at our booth, and the results speak for themselves: 84% of the respondents agreed that the technologies and processes their organization employs to mutually authenticate their software services is time-consuming and not scaleable as they adopt a hybrid cloud strategy.
- All “non-human” entities should be verified like “humans:” MacDonald spoke about the importance of providing ALL entities with a verifiable identity, particularly mentioning containers, APIs, and serverless. People often forget that identities transcend humans; there are orders of magnitude more “non-human” entities in data centers and cloud. This includes application or middleware services, microservices, etc. Our survey also showed that 94% of the respondents agreed that, like with employee credentials, their enterprise security engineers worry about service credential theft across cloud, containers, and on-premise infrastructure.
- Enterprise security engineers cannot throw ‘flares’ on the DevOps race track but need to provide guide rails: I loved MacDonald’s analogy on how the infamous DevOps loop is like a race track through which developers want to speed through to deliver innovative applications for the business. But, enterprise security engineers typically end up throwing ‘flares’ on the race track when they instead should be providing guardrails. Standard, automated security controls ensure security is not a bump for software engineers.
Scytale is making service-to-service authentication painless for enterprise software and security engineers. Scytale Enterprise provides API-driven automated controls that reduce the time software engineers spend writing software for security or waiting for tickets. It also enables security engineers to deploy, operate, and scale authentication easily across dynamic, heterogeneous infrastructures.
If you attended the conference, please share your takeaways with me on Twitter