Infrastructure as Code (IaC) is increasingly becoming the bedrock for managing and provisioning IT infrastructure. Terraform, AWS Cloud Formation, Pulumi, and Ansible provide strong optionality for developers to spin up IaC. While these IaC platforms are mainstream and maturing, security and compliance have struggled significantly. Security and Developers teams are flying blind on drifts, misconfigurations, vulnerabilities and compliance violations in these environments. These teams lack visibility into these specific pain points, let alone detecting and remediating.
The Chicago Quartet
It required a Chicago quartet who grew up within blocks of each other to come up with the solution. Raj, Om, Aakash and Amit complete each other by bringing developer, security, and big tech backgrounds to solve the IaC pain point. Raj, Om and Akash co-founded the company and soon thereafter Amit joined as Chief Business and Financial Officer. oak9 enables easy-to-use security and compliance for disparate IaC environments in a form that’s embraced by developers and valued by security.
Chicago has a history as an innovation incubator for emerging technologies, making it the ideal location for oak9 to put down roots.
“When we were raising our first round of capital during the pandemic, many investors tried to persuade us to move our operations to Silicon Valley. But Chicago is home to our team and company. Also, being between both coasts provides us with strategic advantages to grow our business across industry verticals," said Raj Datta, co-founder and chief executive officer, oak9.
Security and Compliance Made Easy for Developers
The phenomenon of “Infrastructure as Code” (IaC) has become the new methodology for many companies. Instead of building server rooms and networks, the cloud enables entire infrastructures to be represented as code. Along with that, the previous click-ops approach is no longer efficient, and in just two years, customers have started to move away from that deployment model.
Recognizing this significant shift in the market, it took a team of three founders from security, cloud, and developer backgrounds to build a solution that will reshape the IaC ecosystem. This skill triad enables the oak9 team to keep their Security as Code platform product well-rounded, assigning equal weights to development and security. Development and rapid deployment are paramount, but not without strong attention to identifying and remediating security gaps.
oak9's goal is to be a prominent cloud-native security platform that will help resolve the friction points of IT deployments that developers face constantly. While IaC enables rapid deployment, this increased speed introduces security challenges. Some IaC products can produce over 75,000 lines of code in one application, making it a daunting task for security teams to secure the IaC throughout the software development lifecycle (SDLC). However, if the security is built-in during the development journey, it can reduce costs while protecting the code from unwarranted attacks from bad actors.
Furthermore, the founders of oak9 designed the platform to perform specific actions that developers have identified as gaps in their efforts to secure code and embrace the transition to IaC:
oak9 ingests any developer’s IaC language of choice, performs an analysis, builds the parameters around it, and secures it throughout the development lifecycle.
Rather than identifying misconfigurations and failing to recognize the shared resource model, oak9 understands an application’s entire architecture and its shared resources, working to secure cloud infrastructure holistically.
Auto-remediation functionality not only identifies security errors and provides developers with guidance on how to correct them. What makes the feature unique is that it can be automated, or users can set up their own changes unique to their needs.
oak9 is resonating strongly across the spectrum – from customers born in the cloud to hybrid enterprises with legacy technology debt. For any organization struggling with limited bandwidth, security resources, moving to IaC, and dealing with hybrid environments, oak9’s Security as Code platform has the answer. And for organizations looking to extend oak9’s Security as Code blueprints for additional security guardrails, oak9 will soon release a powerful next-generation offering for customers to leap forward in security maturity of their cloud infrastructures. oak9 is also working on additional integrations to make life easier for developers.
A key ingredient to oak9’s success is nurturing strong relationships across all Cloud Service Customers. oak9 functions agnostically, working with any cloud platform or IaC language used by customers. Cisco Investments’ confidence in the growth of IaC and potential adoption by customers across the Cisco security portfolio, strengthens future collaboration opportunities This is possible through smooth integration, and bidirectional complementary functionality, which is a benchmark of Cisco Security.
The Road Ahead
From a forward-looking perspective, oak9 aims to be the product that helps all customers to secure their cloud native infrastructure now and in the future. We are amid wide IaC adoption, and oak9’s collaboration with Cisco Investments will help the company land in a strong position to flourish in the marketplace.
“Our vision for oak9 over the next several years is to make cloud native security easy for developers,” said Datta. “oak9 is IaC language agnostic, providing developers and security leaders the freedom to create their own security blueprints and put their own guardrails into place to suit their respective organization’s unique requirements.”
In an era of top down and bottom-up motions, oak9’s genesis from Chicago is a reminder that scaling can happen from the center as well. Extremities are not necessary; it just requires an extremely focused team like oak9.
Visit us here to learn more about the Cisco Investments’ security portfolio.