Paladin Cloud, an enterprise-grade, cloud-native and open-source security platform, today announced it launched with $3.3 million in seed funding led by Okapi Ventures and Bowery Capital.

SaaS Ventures, Touchdown Ventures, Samsung Next, T-Mobile Ventures and UST also participated in the funding round.

The company describes itself as a “security-as-code” model that is designed to give businesses greater control over their cloud environments in order to eliminate misconfigurations, maintain proper security policies and best practices.

Paladin was co-founded by Chief Executive Daniel Deeney and Chief Technology Officer Steve Hull with the goal of giving developers and businesses a fighting chance in increasingly complex cloud environments and a growing number of applications.

“We launched the company to change the security paradigm for developers and security teams by providing a holistic approach to cloud security through a modern open-source platform that functions as a policy management plane across multicloud and enterprise systems,” said Deeney.

Paladin’s security platform assists developers by allowing them to scan and cover cloud environments through continuous monitoring without the need for manual automation, eliminating the need for tedious reporting. And it is also available for all major cloud environments including Amazon Web Services, Microsoft Azure and Google Cloud.

Misconfigurations in cloud resources are a primary security issue, Hull said, because a single risk in an application could leave data exposed to potential attackers.

To provide context to this problem, cloud misconfigurations have continued to be an issue for years, according to a 2021 report from Rapid7 Inc. In 2020, an average of 10 incidents a month and 62% were reported by citizen researchers (rather than attacks by hackers). Amazon Web Services Inc. S3 public cloud storage “buckets” and ElasticSearch databases represented 45% of all reported data breaches throughout the year.

An earlier report from application developer Accurics Inc. in 2020 revealed that a whopping 93% of cloud environments it surveyed had at least one misconfiguration, which jibed with a Verizon study that placed cloud misconfiguration as the second most common security issue for the cloud.

“Our vision for the open-source community is to provide developers a powerful platform with visibility into their cloud environments to identify key risks and protect their applications,” said Hull.

Most of the products currently on the market that developers have access to involve closed-source solutions, which can become extremely costly and lock developers into closed ecosystems. The alternatives are other equally complex open-source tools that require a wide array of knowledge bases in order to successfully integrate them with one another.

To ease these pain points, Paladin uses a “plug and play” architecture for policy authoring that allows developers to quickly write new configurations and workflows for its connectors and management. As result, it has easy, expansible policy management that can be quickly adapted to any cloud environment that users require.

Once deployed it provides self-healing and one-click fixes for some configuration errors when needed so that problems can be smoothed out before they become more significant issues.

Behind the scenes, it also delivers what is called a “single pane of glass” for reporting and management of cloud-based enterprise systems. This visualization provides a prioritization system that displays security policy violations and risks in real time that need to be fixed so that teams can deal with them swiftly if they cannot be automatically repaired.

The open-source product is currently free and available for download on GitHub. The company provides community support to its developers and security teams for its free users via its Slack and Gitter channels. For teams that are looking for enterprise-level support agreements, the company also offers annual contracts as well.

Image: MasterTux/Pixabay