open source
Auto Added by WPeMatico
Auto Added by WPeMatico
Mirantis has been around the block, starting way back as an OpenStack startup, but a few years ago the company began to embrace cloud-native development technologies like containers, microservices and Kubernetes. Today, it announced Mirantis Flow, a fully managed open source set of services designed to help companies manage a cloud-native data center environment, whether your infrastructure lives on-prem or in a public cloud.
“We’re about delivering to customers an open source-based cloud-to-cloud experience in the data center, on the edge, and interoperable with public clouds,” Adrian Ionel, CEO and co-founder at Mirantis explained.
He points out that the biggest companies in the world, the hyperscalers like Facebook, Netflix and Apple, have all figured out how to manage in a hybrid cloud-native world, but most companies lack the resources of these large organizations. Mirantis Flow is aimed at putting these same types of capabilities that the big companies have inside these more modest organizations.
While the large infrastructure cloud vendors like Amazon, Microsoft and Google have been designed to help with this very problem, Ionel says that these tend to be less open and more proprietary. That can lead to lock-in, which today’s large organizations are looking desperately to avoid.
“[The large infrastructure vendors] will lock you into their stack and their APIs. They’re not based on open source standards or technology, so you are locked in your single source, and most large enterprises today are pursuing a multi-cloud strategy. They want infrastructure flexibility,” he said. He added, “The idea here is to provide a completely open and flexible zero lock-in alternative to the [big infrastructure providers, but with the] same cloud experience and same pace of innovation.”
They do this by putting together a stack of open source solutions in a single service. “We provide virtualization on top as part of the same fabric. We also provide software-defined networking, software-defined storage and CI/CD technology with DevOps as a service on top of it, which enables companies to automate the entire software development pipeline,” he said.
As the company describes the service in a blog post published today, it includes “Mirantis Container Cloud, Mirantis OpenStack and Mirantis Kubernetes Engine, all workloads are available for migration to cloud native infrastructure, whether they are traditional virtual machine workloads or containerized workloads.”
For companies worried about migrating their VMware virtual machines to this solution, Ionel says they have been able to move these VMs to the Mirantis solution in early customers. “This is a very, very simple conversion of the virtual machine from VMware standard to an open standard, and there is no reason why any application and any workload should not run on this infrastructure — and we’ve seen it over and over again in many many customers. So we don’t see any bottlenecks whatsoever for people to move right away,” he said.
It’s important to note that this solution does not include hardware. It’s about bringing your own hardware infrastructure, either physical or as a service, or using a Mirantis partner like Equinix. The service is available now for $15,000 per month or $180,000 annually, which includes: 1,000 core/vCPU licenses for access to all products in the Mirantis software suite plus support for 20 virtual machine (VM) migrations or application onboarding and unlimited 24×7 support. The company does not charge any additional fees for control plane and management software licenses.
Powered by WPeMatico
As companies process ever-increasing amounts of data, moving it in real time is a huge challenge for organizations. Confluent is a streaming data platform built on top of the open source Apache Kafka project that’s been designed to process massive numbers of events. To discuss this, and more, Confluent CEO and co-founder Jay Kreps will be joining us at TC Sessions: SaaS on Oct 27th for a fireside chat.
Data is a big part of the story we are telling at the SaaS event, as it has such a critical role in every business. Kreps has said in the past the data streams are at the core of every business, from sales to orders to customer experiences. As he wrote in a company blog post announcing the company’s $250 million Series E in April 2020, Confluent is working to process all of this data in real time — and that was a big reason why investors were willing to pour so much money into the company.
“The reason is simple: though new data technologies come and go, event streaming is emerging as a major new category that is on a path to be as important and foundational in the architecture of a modern digital company as databases have been,” Kreps wrote at the time.
The company’s streaming data platform takes a multi-faceted approach to streaming and builds on the open source Kafka project. While anyone can download and use Kafka, as with many open source projects, companies may lack the resources or expertise to deal with the raw open source code. Many a startup have been built on open source to help simplify whatever the project does, and Confluent and Kafka are no different.
Kreps told us in 2017 that companies using Kafka as a core technology include Netflix, Uber, Cisco and Goldman Sachs. But those companies have the resources to manage complex software like this. Mere mortal companies can pay Confluent to access a managed cloud version or they can manage it themselves and install it in the cloud infrastructure provider of choice.
The project was actually born at LinkedIn in 2011 when their engineers were tasked with building a tool to process the enormous number of events flowing through the platform. The company eventually open sourced the technology it had created and Apache Kafka was born.
Confluent launched in 2014 and raised over $450 million along the way. In its last private round in April 2020, the company scored a $4.5 billion valuation on a $250 million investment. As of today, it has a market cap of over $17 billion.
In addition to our discussion with Kreps, the conference will also include Google’s Javier Soltero, Amplitude’s Olivia Rose, as well as investors Kobie Fuller and Casey Aylward, among others. We hope you’ll join us. It’s going to be a thought-provoking lineup.
Buy your pass now to save up to $100 when you book by October 1. We can’t wait to see you in October!
Powered by WPeMatico
Explosion, a company that has combined an open source machine learning library with a set of commercial developer tools, announced a $6 million Series A today on a $120 million valuation. The round was led by SignalFire, and the company reported that today’s investment represents 5% of its value.
Oana Olteanu from SignalFire will be joining the board under the terms of the deal, which includes warrants of $12 million in additional investment at the same price.
“Fundamentally, Explosion is a software company and we build developer tools for AI and machine learning and natural language processing. So our goal is to make developers more productive and more focused on their natural language processing, so basically understanding large volumes of text, and training machine learning models to help with that and automate some processes,” company co-founder and CEO Ines Montani told me.
The company started in 2016 when Montani met her co-founder, Matthew Honnibal in Berlin where he was working on the spaCy open source machine learning library. Since then, that open source project has been downloaded over 40 million times.
In 2017, they added Prodigy, a commercial product for generating data for the machine learning model. “Machine learning is code plus data, so to really get the most out of the technologies you almost always want to train your models and build custom systems because what’s really most valuable are problems that are super specific to you and your business and what you’re trying to find out, and so we saw that the area of creating training data, training these machine learning models, was something that people didn’t pay very much attention to at all,” she said.
The next step is a product called Prodigy Teams, which is a big reason the company is taking on this investment. “Prodigy Teams is [a hosted service that] adds user management and collaboration features to Prodigy, and you can run it in the cloud without compromising on what people love most about Prodigy, which is the data privacy, so no data ever needs to get seen by our servers,” she said. They do this by letting the data sit on the customer’s private cluster in a private cloud, and then use Prodigy Team’s management features in the public cloud service.
Today, they have 500 companies using Prodigy including Microsoft and Bayer in addition to the huge community of millions of open source users. They’ve built all this with just six early employees, a number that has grown to 17 recently (they hope to reach 20 by year’s end).
She believes if you’re thinking too much about diversity in your hiring process, you probably have a problem already. “If you go into hiring and you’re thinking like, oh, how can I make sure that the way I’m hiring is diverse, I think that already shows that there’s maybe a problem,” she said.
“If you have a company, and it’s 50 dudes in their 20s, it’s not surprising that you might have problems attracting people who are not white dudes in their 20s. But in our case, our strategy is to hire good people and good people are often very diverse people, and again if you play by the [startup] playbook, you could be limited in a lot of other ways.”
She said that they have never seen themselves as a traditional startup following some conventional playbook. “We didn’t raise any investment money [until now]. We grew the team organically, and we focused on being profitable and independent [before we got outside investment],” she said.
But more than the money, Montani says that they needed to find an investor that would understand and support the open source side of the business, even while they got capital to expand all parts of the company. “Open source is a community of users, customers and employees. They are real people, and [they are not] pawns in [some] startup game, and it’s not a game. It’s real, and these are real people,” she said.
“They deserve more than just my eyeballs and grand promises. […] And so it’s very important that even if we’re selling a small stake in our company for some capital [to build our next] product [that open source remains at] the core of our company and that’s something we don’t want to compromise on,” Montani said.
Powered by WPeMatico
Databricks, the open-source data lake and data management powerhouse has been on quite a financial run lately. Today Bloomberg reported the company could be raising a new round worth at least $1.5 billion at an otherworldly $38 billion valuation. That price tag is up $10 billion from its last fundraise in February when it snagged $1 billion at a $28 billion valuation.
Databricks declined to comment on the Bloomberg post and its possible new valuation.
The company has been growing like gangbusters, giving credence to the investor thesis that the more your startup makes, the more it is likely to make. Consider that Databricks closed 2020 with $425 million in annual recurring revenue, which in itself was up 75% from the previous year.
As revenue goes up so does valuation, and Databricks is a great example of that rule in action. In October 2019, the company raised $400 million at a seemingly modest $6.2 billion valuation (if a valuation like that can be called modest). By February 2021, that had ballooned to $28 billion, and today it could be up to $38 billion if that rumor turns out to be true.
One of the reasons that Databricks is doing so well is it operates on a consumption model. The more data you move through the Databricks product family, the more money it makes, and with data exploding, it’s doing quite well, thank you very much.
It’s worth noting that Databricks’s primary competitor, Snowflake went public last year and has a market cap of almost $83 billion. In that context, the new figure doesn’t feel quite so outrageous, But what does it mean in terms of revenue to warrant a valuation like that. Let’s find out.
Let’s rewind the clock and observe the company’s recent valuation marks and various revenue results at different points in time:
The company’s 2019 venture round gave Databricks a 31x run rate multiple. By the first quarter of 2021, that had swelled to a roughly 66x multiple if we compare its final 2020 revenue pace to its then-fresh valuation. Certainly software multiples were higher at the start of 2021 than they were in late 2019, but Databricks’s $28 billion valuation was still more than impressive; investors were betting on the company like it was going to be a key breakout winner, and a technology company that would go public eventually in a big way.
To see the company possibly raise more funds would therefore not be surprising. Presumably the company has had a good few quarters since its last round, given its history of revenue accretion. And there’s only more money available today for growing software companies than before.
But what to make of the $38 billion figure? If Databricks merely held onto its early 2021 run rate multiple, the company would need to have reached a roughly $575 million run rate, give or take. That would work out to around 36% growth in the last two-and-a-bit quarters. That works out to less than $75 million in new run rate per quarter since the end of 2020.
Is that possible? Yeah. The company added $75 million in run rate between Q3 2020 and the end of the year. So you can back-of-the-envelope the company’s growth to make a $38 billion valuation somewhat reasonable at a flat multiple. (There’s some fuzz in all of our numbers, as we are discussing rough timelines from the company; we’ll be able to go back and do more precise math once we get the Databricks S-1 filing in due time.)
All this raises the question of whether Databricks should be able to command such a high multiple. There’s some precedent. Recently, public software company Monday.com has a run rate multiple north of 50x, for example. It earned that mark on the back of a strong first quarter as a public company.
Databricks securing a higher multiple while private is not crazy, though we wonder if the data-focused company is managing a similar growth rate. Monday.com grew 94% on a year-over-year basis in its most recent quarter.
All this is to say that you can make the math shake out for Databricks to raise at a $38 billion valuation, but built into that price is quite a lot of anticipated growth. Top quartile public software companies today trade for around 23x their forward revenues, and around 27x their present-day revenues, per Bessemer. To defend its possible new valuation when public, then, leaves quite a lot of work ahead of Databricks.
The company’s CEO, Ali Ghodsi, will join us at TC Sessions: SaaS on October 27th, and we should know by then if this rumor is, indeed true. Either way, you can be sure we are going to ask him about it.
Powered by WPeMatico
When Cloudera announced its sale to a pair of private equity firms yesterday for $5.3 billion, along with a couple of acquisitions of its own, the company detailed a new path that could help it drive back toward relevance in the big data market.
When the company launched in 2008, Hadoop was in its early days. The open-source project developed at Yahoo three years earlier was built to deal with the large amounts of data that the internet pioneer generated. It became increasingly clear over time that every company would have to deal with growing data stores, and it seemed that Cloudera was in the right market at the right time.
And for a while things went well. Cloudera rode the Hadoop startup wave, garnering a cool billion in funding along the way, including a stunning $740 million check from Intel Capital in 2014. It then went public in 2018 to much fanfare.
But the markets had already started to shift by the time of its public debut. Hadoop, a highly labor-intensive way to manage data, was being supplanted by cheaper and less complex cloud-based solutions.
“The excitement around the original promise of the Hadoop market has contracted significantly. It’s incredibly expensive and complex to get it working effectively in an enterprise context,” Casey Aylward, an investor at Costanoa Ventures told TechCrunch.
The company likely saw that writing on the wall when it merged with another Hadoop-based company, Hortonworks, in 2019. That transaction valued the combined entity at $5.2 billion, almost the same amount it sold for yesterday, two years down the road. The decision to sell and go private may also have been spurred by Carl Icahn buying an 18% stake in the company that same year.
Looking to the future, Cloudera’s sale could provide the enterprise unicorn room as it regroups.
Patrick Moorhead, founder and principal analyst at Moor Insight & Strategies, sees the deal as a positive step for the company. “I think this is good news for Cloudera because it now has the capital and flexibility to dive head first into SaaS. The company invented the entire concept of a data life cycle, implemented initially on premises, then extended to private and public clouds,” Moorhead said.
Adam Ronthal, Gartner Research VP, agrees that it at least gives Cloudera more room to make necessary adjustments to its market strategy as long as it doesn’t get stifled by its private equity overlords. “It should give Cloudera an opportunity to focus on their future direction with increased flexibility — provided they are able to invest in that future and that this does not just focus on cost cutting and maximizing profits. Maintaining a culture of innovation will be key,” Ronthal said.
Which brings us to the two purchases Cloudera also announced as part of its news package.
If you want to change direction in a hurry, there are worse ways than via acquisitions. And grabbing Datacoral and Cazena should help Cloudera alter its course more quickly than it could have managed on its own.
“[The] two acquisitions will help Cloudera capture some of the value on top of the lake storage layer — perhaps moving into different data management features and/or expanding into the compute layer for analytics and AI/ML use cases, where there has been a lot of growth and excitement in recent years,” Aylward said.
Chandana Gopal, research director for the future of intelligence at IDC, agrees that the transactions give Cloudera some more modern options that could help speed up the data-wrangling process. “Both the acquisitions are geared towards making the management of cloud infrastructure easier for end-users. Our research shows that data prep and integration takes 70%-80% of an analyst’s time versus the time spent in actual analysis. It seems like both these companies’ products will provide technology to improve the data integration/preparation experience,” she said.
The company couldn’t stay on the path it was on forever, certainly not with an activist investor breathing down its neck. Its recent efforts could give it the time away from public markets it needs to regroup. How successful Cloudera’s turnaround proves to be will depend on whether the private equity companies buying it can both agree on the direction and strategy for the company, while providing the necessary resources to push the company in a new direction. All of that and more will determine if these moves pay off in the end.
Powered by WPeMatico
As companies increasingly rely on data to run their businesses, having accurate sources of data becomes paramount. Stemma, a new early-stage startup, has come up with a solution, a managed data catalogue that acts as an organization’s source of truth.
Today the company announced a $4.8 million seed investment led by Sequoia with assorted individual tech luminaries also participating. The product is also available for the first time today.
Company co-founder and CEO Mark Grover says the product is actually built on top of the open-source Amundsen data catalogue project that he helped launch at Lyft to manage its massive data requirements. The problem was that with so much data, employees had to kludge together systems to confirm the data validity. Ultimately manual processes like asking someone in Slack or even creating a Wiki failed under the weight of trying to keep up with the volume and velocity.
“I saw this problem firsthand at Lyft, which led me to create the open-source Amundsen project with a team of talented engineers,” Grover said. That project has 750 users at Lyft using it every week. Since it was open-sourced, 35 companies like Brex, Snap and Asana have been using it.
What Stemma offers is a managed version of Amundsen that adds functionality like using intelligence to show data that’s meaningful to the person who is searching in the catalogue. It also can add metadata automatically to data as it’s added to the catalogue, creating documentation about the data on the fly, among other features.
The company launched last fall when Grover and co-founder and CTO Dorian Johnson decided to join forces and create a commercial product on top of Amundsen. Grover points out that Lyft was supportive of the move.
Today the company has five employees, in addition to the founders, and has plans to add several more this year. As he does that, he is cognizant of diversity and inclusion in the hiring process. “I think it’s super important that we continue to invest in diversity, and the two ways that I think are the most meaningful for us right now is to have early employees that are from diverse groups, and that is the case within the first five,” he said. Beyond that, he says that as the company grows he wants to improve the ratio, while also looking at diversity in investors, board members and executives.
The company, which launched during COVID, is entirely remote right now and plans to remain that way for at least the short term. As the company grows, they will look at ways to build camaraderie, like organizing a regular cadence of employee offsite events.
Powered by WPeMatico
Databricks launched its fifth open-source project today, a new tool called Delta Sharing designed to be a vendor-neutral way to share data with any cloud infrastructure or SaaS product, so long as you have the appropriate connector. It’s part of the broader Databricks open-source Delta Lake project.
As CEO Ali Ghodsi points out, data is exploding, and moving data from Point A to Point B is an increasingly difficult problem to solve with proprietary tooling. “The number one barrier for organizations to succeed with data is sharing data, sharing it between different views, sharing it across organizations — that’s the number one issue we’ve seen in organizations,” Ghodsi explained.
Delta Sharing is an open-source protocol designed to solve that problem. “This is the industry’s first-ever open protocol, an open standard for sharing a data set securely. […] They can standardize on Databricks or something else. For instance, they might have standardized on using AWS Data Exchange, Power BI or Tableau — and they can then access that data securely.”
The tool is designed to work with multiple cloud infrastructure and SaaS services and out of the gate there are multiple partners involved, including the Big Three cloud infrastructure vendors Amazon, Microsoft and Google, as well as data visualization and management vendors like Qlik, Starburst, Collibra and Alation and data providers like Nasdaq, S&P and Foursquare
Ghodsi said the key to making this work is the open nature of the project. By doing that and donating it to The Linux Foundation, he is trying to ensure that it can work across different environments. Another big aspect of this is the partnerships and the companies involved. When you can get big-name companies involved in a project like this, it’s more likely to succeed because it works across this broad set of popular services. In fact, there are a number of connectors available today, but Databricks expects that number to increase over time as contributors build more connectors to other services.
Databricks operates on a consumption pricing model much like Snowflake, meaning the more data you move through its software, the more money it’s going to make, but the Delta Sharing tool means you can share with anyone, not just another Databricks customer. Ghodsi says that the open-source nature of Delta Sharing means his company can still win, while giving customers more flexibility to move data between services.
The infrastructure vendors also love this model because the cloud data lake tools move massive amounts of data through their services and they make money too, which probably explains why they are all on board with this.
One of the big fears of modern cloud customers is being tied to a single vendor as they often were in the 1990s and early 2000s when most companies bought a stack of services from a single vendor like Microsoft, IBM or Oracle. On one hand, you had the veritable single throat to choke, but you were beholden to the vendor because the cost of moving to another one was prohibitively high. Companies don’t want to be locked in like that again and open source tooling is one way to prevent that.
Databricks was founded in 2013 and has raised almost $2 billion. The latest round was in February for $1 billion at a $28 billion valuation, an astonishing number for a private company. Snowflake, a primary competitor, went public last September. As of today, it has a market cap of over $66 billion.
Powered by WPeMatico
As cloud-native apps continue to become increasingly central to how organizations operate, a startup founded by the creators of a popular open-source tool to manage authorization for cloud-native application environments is announcing some funding to expand its efforts at commercializing the opportunity.
Styra, the startup behind Open Policy Agent, has picked up $40 million in a Series B round of funding led by Battery Ventures. Also participating are previous backers A. Capital, Unusual Ventures and Accel; and new backers CapitalOne Ventures, Citi Ventures and Cisco Investments. Styra has disclosed CapitalOne is also one of its customers, along with e-commerce site Zalando and the European Patent Office.
Styra is sitting on the classic opportunity of open source technology: scale and demand.
OPA — which can be used across Kubernetes, containerized and other environments — now has racked up some 75 million downloads and is adding some 1 million downloads weekly, with Netflix, Capital One, Atlassian and Pinterest among those that are using OPA for internal authorization purposes. The fact that OPA is open source is also important:
“Developers are at the top of the food chain right now,” CEO Bill Mann said in an interview, “They choose which technology on which to build the framework, and they want what satisfies their requirements, and that is open source. It’s a foundational change: if it isn’t open source it won’t pass the test.”
But while some of those adopting OPA have hefty engineering teams of their own to customize how OPA is used, the sheer number of downloads (and potential active users stemming from that) speak to the opportunity for a company to build tools to help manage that and customize it for specific use cases in cases where those wanting to use OPA may lack the resources (or appetite) to build and scale custom implementations themselves.
As with many of the enterprise startups getting funded at the moment, Styra has proven itself in particular over the last year, with the switch to remote work, workloads being managed across a number of environments, and the ever-persistent need for better security around what people can and should not be using. Authorization is a particularly acute issue when considering the many access points that need to be monitored: as networks continue to grow across multiple hubs and applications, having a single authorization tool for the whole stack becomes even more important.
Styra said that some of the funding will be used to continue evolving its product, specifically by creating better and more efficient ways to apply authorization policies by way of code; and by bringing in more partners to expand the scope of what can be covered by its technology.
“We are extremely impressed with the Styra team and the progress they’ve made in this dynamic market to date,” said Dharmesh Thakker, a general partner at Battery Ventures. “Everyone who is moving to cloud, and adopting containerized applications, needs Styra for authorization—and in the light of today’s new, remote-first work environment, every enterprise is now moving to the cloud.” Thakker is joining the board with this round.
Powered by WPeMatico
AWS announced today that it’s releasing a tool called AWS SaaS Boost as open source distributed under the Apache 2.0 license. The tool, which was first announced at the AWS re:Invent conference last year, is designed to help companies transform their on-prem software into cloud-based software as a service.
In the charter for the software, the company describes its mission this way: “Our mission is to create a community-driven suite of extensible building blocks for Software-as-a-Service (SaaS) builders. Our goal is to foster an open environment for developing and sharing reusable code that accelerates the ability to deliver and operate multi-tenant SaaS solutions on AWS.”
What it effectively does is provide the tools to turn the application into one that lets you sign up users and let them use the app in a multi-tenant cloud context. Even though it’s open source, it is designed to get you to move your application into the AWS system where you can access a number of AWS services such as AWS CloudFormation, AWS Identity and Access Management (IAM), Amazon Route 53, Elastic Load Balancing, AWS Lambda (Amazon’s serverless tool), and Amazon Elastic Container Service (Amazon’s Kubernetes Service). Although presumably you could use alternative services, if you were so inclined.
By making it open source, it gives companies that would need this kind of service access to the source code, giving them a comfort level and an ability to contribute to the project to expand upon the base product and give back to the community. That makes it a win for users who get flexibility and the benefit of a community behind the tool, and a win for AWS, which gets that community working on the tool to improve and enhance it over time.
“Our objective with AWS SaaS Boost is to get great quality software based on years of experience in the hands of as many developers and companies as possible. Because SaaS Boost is open source software, anyone can help improve it. Through a community of builders, our hope is to develop features faster, integrate with a wide range of SaaS software, and to provide a high quality solution for our customers regardless of company size or location,” Amazon’s Adrian De Luca wrote in a blog post announcing the intent to open source SaaS Boost.
This announcement comes just a couple of weeks after the company open-sourced its Deep Racer device software, which runs its machine-learning fueled mini race cars. That said, Amazon has had a complex relationship with the open source in the past couple of years, where companies like MongoDB, Elastic and CockroachDB have altered their open-source licenses to prevent Amazon from making their own hosted versions of these software packages.
Powered by WPeMatico
Each of the big cloud platforms has its own methodology for passing on security information to logging and security platforms, leaving it to the vendors to find proprietary ways to translate that into a format that works for their tool. The Cloud Security Notification Framework (CSNF), a new working group that includes Microsoft, Google and IBM is trying to create a new open and standard way of delivering this information.
Nick Lippis, who is co-founder and co-chairman of ONUG, an open enterprise cloud community, which is the primary driver of CSNF, says that what they’ve created is part standard and part open source. “What we’ve been really focusing on is how do we automate governance on the cloud. And so security was the place that was ripe for that where we can actually provide some value right away for the community,” he said.
While they’ve pulled in some of the big cloud vendors, they’ve also got large companies who consume cloud services like FedEx, Pfizer and Goldman Sachs. Conspicuously missing from the group is AWS, the biggest player in the cloud infrastructure market by far. But Lippis says that he hopes, as the project matures, other companies including AWS will join.
“There’s lots of security programs and industry programs that get out there and that people are asking them to join, and so some companies want to wait to see how well this pans out [before making a commitment to it],” Lippis said. His hope is, that over time, Amazon will come around and join the group, but in the meantime they are working to get to the point where everyone in the community will feel good about what they’re doing.
The idea is to start with security alerts and find a way to build a common format to give companies the same kind of system they have in the data center to track security alerts in the cloud. The way they hope to do that is with this open dialogue between the cloud vendors and the companies involved with the group.
“So the structure of that is that there’s a steering committee that is chaired by CISOs from these large cloud consumer brands, and also the cloud providers, and they provide voting and direction. And then there’s the working group where all the work is done. The beauty of what we do is that we have now consumers and also providers working together and collaborating,” he said.
Don Duet, a member of ONUG, who is CEO and co-founder of Concourse Labs, has been involved in the formation of the CSNF. He says to keep the project focused they are looking at this as a data management problem and they are establishing a common vocabulary for everyone to work within the group.
“How do you build a consensus on what are the types of terms that everybody can agree on and then you build the underlying basis so that the experts in your resource providers in this case, Cloud Service Providers, can bless how their data [connects] to those common standards,” Duet explained.
He says that particular problem is more of an organizational problem than a technical one, getting the various stakeholders together and just building consensus around this. At this point, they have that process in place and the next step is proving it by having the various companies involved in this test it out in the coming months.
After they get past the testing phase, in October they plan to actually demonstrate what this looks like in a before and after scenario, with the new framework and without it. As the group works toward these goals, the hope is that eventually the framework will become more established and other companies and vendors will come on board and make this a more standard way of sharing security alerts. If all goes well, they hope to build in other security information into this framework over time.
Powered by WPeMatico