The cloud security industry is a tough neighbourhood: players here have two sets of competitors; the normal commercial competition and the hackers who compete constantly to best their technology. It’s an industry where information and data control is all.
It’s no surprise then that earlier this month security start-up Palerra came out of stealth mode, where it was operating as Apprity, to launch its new security automation product LORIC.
LORIC is designed for the new corporate cloud set-up where software is delivered on demand as a service and user experience is king.
Its creator, Palerra, was founded in 2013 as Apprity and is based in Santa Clara California. Since then, according to Forbes, Norwest Venture Partners (NVP) and Wing Ventures as well as other VCs have invested $8 bn in the company.
Palerra is launching into a high demand and high growth market. This year IBM released a survey of network security events within its global client base covering a period from 1 April 2012 and 31 March 2013.
It said that there was an average of 73,400 attacks in a single organisation in that period (the survey covered 130 IBM clients). The report also found that “70 percent [of security events] can be attributed to end-user error and misconfigured systems or applications.” The Ponemon Institute corroborates this: its 2014 survey found that the “malicious insider” was a leading cause of security breach. Although malware code is a growing threat as well.
[Click image for full size Infographic: The State of IT Security]
Access management is Palerra’s area of focus with LORIC. In any enterprise level, operation services will be streamed from the cloud. Users will need instant and direct access to the platform in order to use these services and write data.
Palerra offers two things with LORIC: firstly, C-level control of user access, giving them peace of mind and secondly, doing this without impeding those users from benefiting fully from the client’s cloud services, giving the users maximum convenience. According to Palerra, LORIC will run in the backgroud and it won’t generate downtime when operating.
To achieve this it needs to be proactive and anticipate security threats. In an interview with Gigacom, Palerra CEO, Rohit Gupta said that Palerra’s security product can learn user’s behaviour using advanced data modelling and predictive analytics.
Knowing a users behaviour history when accessing the cloud will enable the application to recognise any anomalous activity which can then be reported back to the enterprise. This will anticipate any threat to the operation’s security. Another selling point is the detailed graphics giving visibility to user behaviour.
Given the sheer scale of the demand on many cloud services, any cloud security software that manages user access has to be able to scale and, as in other areas of technology, this is best achieved by very high levels of automation.
IT security teams have finite resources but an ever growing quantity of security alerts. Security breach responses are expensive in time and money. The Ponemon Institute reported in its 2014 Cost of Data Breach: Global Analysis, that, on average, data breaches cost a company US$3.5 million a year. And that’s a 15% increase on the previous year.
The high costs accrue from hiring top grade security people and paying them to protect the platform as well as the cost of increasing cyber insurance. But the Poneman Institute report for 2014 also found that the greater cost resulting from security breaches is in brand damage and loss of customers. So not only does any radical security have to offer advanced automation to control costs, it has to be effective as well.
The best comparison in understanding Palerra’s approach is the US meteorological service. Their business is trying to predict the future actions of the weather system; to do this it developed “automatic early-warning systems and procedures” to identify and respond to the threat of extreme weather. Palerra is trying to do something similar in cloud security and claims that LORIC is the first automated cloud security platform of its kind.“Over-worked, under-staffed IT departments globally are swimming in alerts and notifications. They are often at a loss as to what is to be done and when. When systems and people are overloaded, active management needs to be augmented by automated systems…” Rohit Gupta, CEO Palerra
LORIC’s approach does appear to be a shift of perspective in cloud security. Previously, a company’s network had a perimeter security fence. It managed it to control user access and traffic inflows.
That perimeter’s gone now. The cloud has to offer open access to assure a high quality user experience. LORIC’s non-intrusive security running in the background is made possible by the advances in big data analytics. This enables the software to identify potential security threats by identifying anomalies in huge data streams.
The users are unaware of what occurs in the background and there’s no degradation of their experience, which is in keeping with the new service culture in software development.
This could be a break-through in the science of IT security, in keeping with the new age of the cloud and data analytics. It’s little wonder that Palerra kept it under wraps until launch.