“The nirvana is the achieving the principle of least privilege”
Fresh from what looks likely to be a highly profitable exit from RedLock, sold today (subject to normal terms and conditions) to Palo Alto Networks for $173 million, Dell’s venture capital arm Dell Technologies Capital has joined Foundation Capital in backing a new multi-cloud security specialist, CloudKnox Security.
A $10.75 million funding round led by former Blackstone CISO Jay Leek and closed today is underpinning today’s launch of the company’s new cloud security platform.
New Cloud Security Platform Centralises Privilege Authorisation Across Clouds
CloudKnox, led by CEO Balaji Parimi – a VMware veteran who spent four years as VP, engineering and operations at CloudPhysics – is providing a platform that centralises identity privilege authorisation across all private and public clouds, such as VMware vSphere, Amazon AWS, Microsoft Azure and Google Cloud.
“The platform also integrates with existing IT service workflow management tools for escalation approval workflows. It can also run in read-only mode while still providing all the remediation benefits by creating scripts and policies that administrators can apply manually,” CloudKnox said.
CloudKnox: “Addressing One of the Greatest Unmanaged Multi-Cloud Infrastructure Threats”
CloudKnox claimed in a release today to be “addressing one of the greatest unmanaged multi-cloud infrastructure threats — an identity (employee, contractor, service account, API or bot) with excessive privileges.”
The company said: “The common practice is to give identities access to every action on a wide swath of infrastructure. CloudKnox data shows that most of these identities only use 1% of privileges. The nirvana is the achieving the principle of least privilege, which ensures identities only have the permissions needed to perform their work.”
A couple of examples of the risk: in 2014, source code hosting provider CodeSpaces went out of business when a hacker gained admin credentials and used them to wipe out its entire AWS infrastructure, including backups.
In early 2017, meanwhile, an AWS S3 outage resulted from an authorised AWS administrator accidentally inputting incorrect commands.
“As we scale our Enterprise infrastructure, it’s becoming clear that having visibility into how many identities can touch the infrastructure, what privileges they have and what they actually do with them is critical,” an early customer, Prakash Kota, CIO of Autodesk said.
“Managing privileges based on static roles is too complex and tedious and creates the need for a solution that CloudKnox fulfills perfectly. Without the need to write a single line of script or understand multiple private and public cloud authorization models, CloudKnox uniquely and simply enables us to effectively enforce the principle of least privilege at the infrastructure level within our environment.”
CloudKnox, founded in 2016 but funded for the first time today in the $10.75 million venture round, is based in Sunnyvale, California.