Anitian automates cloud security with ‘DevSecOps in a box’
When you’re a software-as-a-service startup, getting security and compliance certified for government contracts is a bit like combining a hula-hoop contest with the limbo. It requires focus and time, pushing you outside your comfort zone.
Traditionally, SaaS vendors looking to tap into the lucrative market of the public sector had two ways to navigate the process: Go it alone (time consuming), or hire a consultant (costly). Now, there’s a third option that offers not only compliance, but automated cloud application security.
“Think of us as ‘DevSecOps in a box’ that we can deploy that helps the customers get to market faster,” said Rakesh Narasimhan (pictured), president and chief executive officer of Anitian Inc., describing the company’s SecureCloud compliance and security automation platform.
In anticipation of the second AWS Startup Showcase: The Next Big Thing in Security, AI and Life Sciences event — set to kick off on June 16 — John Furrier, host of theCUBE, SiliconANGLE Media’s livestreaming studio, spoke with Narasimhan for a special CUBE Conversation on how Anitian is disrupting security and compliance certification by automating the process. (* Disclosure below.)
Simple and fast FedRAMP compliance
Amazon Web Services Inc. is known for its public sector connections, with over 6,500 government agencies using its services. These agencies naturally look to the AWS Marketplace for SaaS vendors to fulfill their cloud application needs. Linking buyers and sellers is relatively simple in the private sector, but the public sector has certification standards that companies have to meet. Possibly the best known is the United States Federal Risk and Authorization Management Program, which is normally called by its acronym FedRAMP.
Anitian saw a market niche and set out to simplify the FedRAMP and other public sector requirement processes with its compliance automation platform. They were successful: Companies using the service saw the time it took them to gain certification drop dramatically, which positively impacted its bottom line through faster time-to-market.
“We’ve taken a ton of SaaS companies who were trying get into the market and we got them into compliance within 60 to 90 days … and the cost of doing it is recouped in the first deal that they make,” Narasimhan stated.
From compliance automation to full service ‘DevSecOps in a box’
The company expanded from compliance automation into the wider field of cloud security thanks to an “aha” moment sparked by customer feedback. “They said, ‘I like what you did for compliance automation. Can you do that for other applications?’” Narasimhan said.
The result was the Anitian SecureCloud, which delivers an out-of-the-box application security solution that not only makes developers happy by automating application security in the DevOps pipeline, but gets a thumbs up from business as well. Security likes that it complies with security controls, business likes that it keeps to budget and timeline, and, most importantly, the developers appreciate that it provides a secure environment to develop in, according to Narasimhan.
The company’s solution is now based on three pillars. First is that the company’s solution is pre-integrated into the AWS environment, explained Narasimhan, who described being part of the AWS ecosystem as “standing on giant’s shoulders.”
“When we go deploy for the customer’s application, that’s not something they have to worry about. It’s already there. The licensing is there. The deployment is ready. They don’t have to do any of that,” he said.
Second is Anitian’s innovative platform, which automates all the security controls and standards required by programs such as FedRAMP. Third, and based on top of the platform, is a SecOps service that relieves the business of the ongoing responsibility for threat hunting and threat mitigation itself.
“We provide a pre-engineered solution that integrates all the value of partners along with Amazon and bring those applications from government agencies to the cloud,” Narasimhan said. “Whether you’re a commercial SaaS vendor or if you’re on the agency side, we are sort of a one-stop-shop to get you there in compliance.”
Security and scalability in a ‘one and continue’ world
In today’s dynamic technological landscape, companies can’t provide a static solution and expect it to stay relevant.
“The apps are changing. The functionality is changing. The things they interact with are changing. That’s the beauty of the cloud,” said Narasimhan, describing how “one and done” has moved to a “one and continue” mindset. This is especially true in the constantly evolving threat landscape of application security.
“Our job is to make sure that we’re keeping up with you not just in securing you and making you compliant, but also keeping you compliant so that you’re not running afoul in terms of all these other standards,” Narasimhan stated.
But, as with all business endeavors, the final proof of a solution’s efficacy is shown in the bottom line. Narasimhan is confident in Anitian’s abilities to perform.
“If you want to make more money, we can get you there faster, quicker than anybody else. And then keep you there,” he concluded.
Watch the complete video interview below, be sure to check out more of SiliconANGLE’s and theCUBE’s CUBE Conversations, and tune in to theCUBE’s live coverage of the AWS Startup Showcase: The Next Big Thing in Security, AI and Life Sciences event on June 16. (* Disclosure: Anitian Inc. sponsored this CUBE Conversation. Neither Anitian nor other sponsors have editorial control over the content on theCUBE or SiliconANGLE.)
Since you’re here …
Show your support for our mission with our one-click subscription to our YouTube channel (below). The more subscribers we have, the more YouTube will suggest relevant enterprise and emerging technology content to you. Thanks!
Support our mission: >>>>>> SUBSCRIBE NOW >>>>>> to our YouTube channel.
… We’d also like to tell you about our mission and how you can help us fulfill it. SiliconANGLE Media Inc.’s business model is based on the intrinsic value of the content, not advertising. Unlike many online publications, we don’t have a paywall or run banner advertising, because we want to keep our journalism open, without influence or the need to chase traffic.The journalism, reporting and commentary on SiliconANGLE — along with live, unscripted video from our Silicon Valley studio and globe-trotting video teams at theCUBE — take a lot of hard work, time and money. Keeping the quality high requires the support of sponsors who are aligned with our vision of ad-free journalism content.