From the Dark Ages of Cloud Workload Security to Enlightenment

Crepuscular_rays_color

The Idea of transforming Cybersecurity

End of 2009, we started to test AWS EC2 (Amazon Web Services Elastic Cloud Compute). I had quit a great job as CTO of an anti-spam company, having felt in love with the benefits of the nascent market of IaaS (Infrastructure as a Service) and looking for a new challenge.

Buying hardware and waiting for it, going to the datacenter, having to cable it, configuring and maintaining it for a software company did not make sense anymore. Deploying a new customer with a dedicated appliance took at that time more than 1 month, and now it was possible in 5 min.

Our EC2 tests showed that IaaS would rise a lot of security challenges for enterprises that had no solution yet.

Therefore, I’ve joined about 30 worldwide security experts and together we founded the Cloud Security Alliance to analyse IaaS Security and to help elaborate the first guidelines for Cloud Security.

“Know your terrain” – Sun Tzu

Once we started digging within the CSA and talking to potential customers, one question arose frequently: “IaaS Security is such a challenge, where do we start?”.

So, I got some inspiration from Sun Tzu and the Art of War and I partnered with the Eurecom research lab, we launched all public virtual images in Amazon EC2 (more than 8000) and analysed them.

We need to know our terrain before launching the battle. We published our results in a scientific conference (ACM SAC 2012) and we had launched the company in 2011.

The goal was to build fully automated software that helps enterprises using IaaS with security. In the new shared responsibility model, enterprises need to tackle their share and we are here to help.

The name SecludIT

I get a lot of questions about our name here in France. Secluded meaning by Google is:

“not seen or visited by many people; sheltered and private.”

The goal since day one has been to create a fully secure IT when using a shared infrastructure such as (public) IaaS or even a virtualized infrastructure.

Lessons learned in a 6 years ride

I’m writing this post to celebrate our 6th anniversary! Rather than congratulate ourselves for building a 15 people company from scratch, I prefer to share some hard lessons learned as a tech guy founding a company:

Customer is king. Nothing very original, but I’ve learnt to love our customers and their needs more than technology.

Timing is hard to grasp. We developed a great solution but it was then too early for the market.

Hiring is tricky. We have the chance to work with extraordinary people. This implies some selection and I had to learn that some people do not have what it takes to take a bumpy road.

Innovation is great but it does not appeal to people that do not take risks. It makes sense but you have to focus on early-adopters and open minded. You can spend a lot of time being dragged down by laggards.

A great product is not only one that customers love but one they must be willing to pay for. Well, to be here writing this article after 6 years, someone has to pay the bills 🙂

Continuous rebirth

To finish, I was wondering how there is a parallel between building a company and cloud workload protection (I’m a security geek I must say :-)). Sorry for that, but I fight everyday to make enterprises learn and fix their IT vulnerabilities:

– Like vulnerabilities, the important is to detect errors ASAP and correct them.

– Like vulnerabilities, it takes more time to handle than initially planned.

– Like vulnerabilities, if you do not correct errors, they will kill you one day or the other.

– Like vulnerabilities, sometimes scanning and correcting do impact your IT.

– Like vulnerabilities, new technologies bring shifts that cannot be handled like before.

– Like vulnerabilities, sometimes the ride is rough but the journey is worth it.

So, instead of doing psychoanalysis, just use Elastic Workload Protector 🙂 (ok, I go out 😀 )

 

This story is my everyday life

Sergio Loureiro SecludIT-Sergio Loureiro serves as Chief Executive Officer of SecludIT Inc. Mr. Loureiro has worked in network security for more than 15 years. He has occupied top management positions in 2 startups where he was responsible for email security products and services, and security gateways. Before he served as the lead architect for a number of security products such as SSL VPNs, log management, web security and SSL crypto accelerators. His career started in several research labs, where he participated in European projects focusing on security. He is the holder of 3 patents. Mr. Loureiro holds a Ph.D. in computer science from the ENST Paris and MSc and BSc degrees from the University of Porto (Portugal).

Leave a Reply