Paladin Cloud is now available. The platform recognizes and secures all data sources in a cloud environment, including repositories, API gateways and Kubernetes clusters.
Cloud security is challenging. APIs and integrations are used at scale, which can reduce visibility into individual systems. Misconfigurations and vulnerabilities slip under the radar. Paladin Cloud addresses the problem.
The platform is now available. The technology starts with an automatic scan of all components that make up a cloud environment, including repositories, API gateways and Kubernetes clusters. Users define a security policy, after which the technology recognizes every violation. Think of misconfigurations, suspicious traffic and unauthorized access.
AWS, Azure and Google Cloud are supported, but since Paladin is open-source, the platform can be extended to on-premises environments. The first version is available on GitHub. The platform includes a UI, pre-configured security policies, priority-based alerts and role-based access control (RBAC).
Paladin describes the concept as ‘security-as-code’. The term is derived from ‘infrastructure-as-code’. The latter technology provides a uniform way of deploying workloads on the hardware of various vendors. AWS Lambda and HashiCorp Terraform are examples. Paladin does the same with security. The platform provides a uniform way to apply security to various cloud environments.
Founders Daniel Deeney and Steve Hull recently received $3.3 million in seed funding. Samsung Next and T-Mobile Ventures contributed. The founders will use the money to develop a SaaS model. The current team is small. The company has no capacity to help customers configure, host and use the technology. That’s what the founders hope to change.
The platform currently has one commercial customer. The rest of the users are developers that deploy the technology on their own initiative. They take care of hosting, integrations and maintenance. Paladin is looking for employees to provide the same to customers. The company wants to offer a managed service, wherein the platform remains open-source and users are unburdened by infrastructure concerns.