As more organizations adopt the cloud for their applications, developers and administrators are tasked with working with security tools that weren't designed specifically for the cloud. Former IBM executive Lance Crosby's latest venture is StackPath, a startup delivering cloud-focused security tools to enterprise as part of a security-as-a-service offering.
"[The internet] may be the single most important utility supporting businesses today, yet we continue to overtax the aging infrastructure and struggle to make it secure," said Crosby, StackPath's CEO.
Crosby envisions StackPath as a frictionless and scalable security platform specifically designed to accommodate heavy internet traffic, increasingly complex web applications, explosive growth in number of devices, and a rapidly evolving threat landscape.
Companies don't trust developers to build with security in mind, so they have to build their own security controls and tools, Crosby said. Developers frequently skip over enterprise security controls in order to deliver as fast as possible. StackPath addresses the problem with a group of cloud security services that work with both on-premise infrastructure and public clouds, including Amazon Web Services, Microsoft Azure, Google Cloud, IBM SoftLayer, Rackspace, and others. The massive security platform provides developers best-of-breed security tools that can work with any cloud environment minus the traditional barriers.
Many of the security tools organizations rely on are designed for on-premise workloads and not suitable for the cloud. Many of these tools are designed to bolt on security after the fact, which is difficult enough to do with on-premise applications and challenging with the cloud. StackPath aims to be a one-stop cloud security shop with the same tools for private, public, and hybrid clouds. Enterprises will be able to trust their developers are building security in to the applications because the services will be optimized to work with existing enterprise controls, Crosby said.
StackPath's suite of security services, available as an integrated suite of services as well as standalone products, will be delivered as APIs that developers layer onto systems. The company plans to address security in microservices and containers, as well. The platform uses machine learning to use the data collected from each service and threats against each customer, to make the services smarter in how they monitor and detect threats.
"It effectively deputizes each service on the host network with the authority to identify and communicate real-time threats against it to an intelligent data repository," Crosby said.
While these services will tackle a broad spectrum of cyberthreats, at launch time, the company is focusing on five technologies: secure content delivery, web application firewall, protection against distributed denial-of-service attacks, and virtual private networks. Toward this goal, the company has already made four acquisitions: MaxCDN, Fireblade, Cloak, and Staminus.
MaxCDN, a content delivery network built on Varnish and Nginx, uses caching to accelerate the delivery of websites and applications. The MaxCDN technology is presumably part of StackPath's first service, a Secure Content Delivery, slated for August availability. Pricing will depend on factors such as bandwidth size but would start at $20 user per month.
Fireblade, Israeli-based web application firewall provider, processes traffic data in real time and lets enterprises respond to emerging threats and botnet attacks. Consumer VPN provider Cloak, which StackPath acquired back in April, provides secure networking platform for customers. Cloak positions StackPath well to target small and medium-sized businesses as well as enterprises. The anti-DDoS technology from Staminus has already been integrated into StackPath's network.
Crosby co-founded SoftLayer in 2005, then sold the cloud platform to IBM for $2 billion in 2013. SoftLayer formed the core of IBM's cloud business unit, and Crosby could have stayed on to be Big Blue's top cloud chief. Instead, he left after 20 months to found StackPath. StackPath is not an ordinary startup, as it launches with nearly 30,000 customers and $180 million in venture capital funding.
The time is ripe for StackPath's security-as-a-service platform, with the huge growth of connected devices changing how people work and enterprises increasingly buying security software and other IT services under a pay-as-you-go model. Developers are comfortable with the cloud model where they can get the resources they need when they need them; with StackPath, security services are now part of the mix.