NetApp Inc. today debuted Spot Security, a new cybersecurity service aimed at advancing the company’s effort to grow its public cloud business to $1 billion in annual recurring revenue over the next few years.

Publicly traded NetApp is best known as a provider of storage systems for enterprise data centers. Like other data center suppliers, the company is increasingly shifting the focus of its product roadmap to the public cloud as more of its enterprise customers move workloads off-premises.

Spot Security is a cybersecurity service designed specifically to protect public cloud environments. It maps out all the components of a cloud environment and identifies resources with insecure configuration settings that could potentially be used by hackers to launch cyberattacks. Spot Security also detects anomalous user behavior that suggests a breach may have occurred.

One of the service’s most valuable features is that it not only finds but also prioritizes potential cybersecurity issues. A common challenge for information technology teams is that their cybersecurity tools generate a large number of alerts about issues with a low chance of leading to a data breach, if at all. Administrators spend a significant portion of their work week investigating false positives instead of fixing more urgent issues. According to NetApp, Spot Security’s ability to highlight the most severe vulnerabilities eases IT teams’ work.

Spot Security determines which issues are most urgent by analyzing the topology of a company’s cloud environment. The service maps out how a vulnerable resource is connected with the other components in the environment to estimate the impact of a potential breach. Spot Security makes decisions by evaluating multiple types of operational data including information about network traffic and user activity, as well as data from cloud providers’ application programming  interfaces.

The ability to find and fix cybersecurity issues quickly is especially important in the public cloud because organizations’ deployments change often, sometimes as frequently as several times a day. Every configuration change or application update has the potential to introduce cybersecurity vulnerabilities into an environment. Issues have to be detected and fixed quickly before hackers find them. 

One of the reasons cloud environments change often is the growing adoption of continuous integration and continuous delivery, or CI/CD, tools among enterprise software teams. CI/CD tools automate so much of the manual work historically involved in updating an application that developers can now release new code every few hours. More frequent code updates mean more opportunities for vulnerabilities to find their way into the environment.

The applications running in a cloud environment aren’t the only IT assets that are updated frequently. In some cases, the underlying infrastructure resources are modified on a regular basis as well.

Many organizations reduce their cloud bills by using spot instances, which are essentially excess capacity in cloud providers’ data centers. Spot instances cost less than standard virtual machines but come with a catch: Cloud providers can reclaim the excess capacity on a short notice if they need it. When that happens, a company’s spot instances stop, which is one of the factors behind why the configuration of enterprises’ cloud infrastructure resources can change fairly often. 

Helping companies make use of spot instances is a key focus for NetApp’s Spot business unit, the developer of the newly debuted Spot Security service. The unit became part of the company through an acquisition last year. Alongside the new cybersecurity service, Spot offers tools that make it easier for enterprises to use spot instances and help them run software container clusters. 

“We’re going to leverage the market credibility that NetApp … has in the market and we’re going to use Spot as a brand to lean forward and lead with cloud native applications,” Amiram Shachar, senior vice president and general manager of Spot, said on SiliconANGLE Media’s theCUBE not long after the startup was acquired by NetApp in 2020. Shachar founded Spot in 2015. 

The unit has emerged as a core component of NetApp’s strategy to put a bigger emphasis on the public cloud in its growth strategy. The company’s Public Cloud revenue segment, of which Spot is part, jumped grew 155% year-over-year last quarter to $79 million. NetApp Chief Executive Officer George Kurian told investors in August that the plan is to grow annual recurring revenues from public cloud products to $1 billion by the company’s 2025 fiscal year.

Kurian said NetApp intends to deliver “best-in-class organic and inorganic innovations” to advance the effort. The reference to inorganic innovations suggests that the company could make more acquisitions. NetApp had acquired three startups last year and, this June, purchased Kubernetes-powered analytics and machine learning specialist Data Mechanics.

Photo: NetApp