In this Q&A with Ruvi Kitov, CEO and co-founder, Tufin we discuss the company's newly launched cloud-native product SecureCloud, the importance of security policy automation, cloud security trends and more.
Let's talk Tufin. What challenges does Tufin solve for organizations? What kind of organizations use Tufin?
Tufin helps to eliminate the security bottleneck and increase the business agility of an organization. We enable organizations to automate security policy visibility, risk management, provisioning and compliance across their entire multi-vendor, hybrid environment. With Tufin, companies gain visibility and control, empowering them to ensure continuous compliance with security standards and embed security enforcement into workflows and development pipelines. Changes can be implemented in minutes instead of days, saving time and valuable resources while maintaining compliance.
We mainly work with large organizations that have diverse, complex networks to manage. That said, most every business these days is facing some of the same security problems – lack of visibility into what’s on their networks, the need to make sure security policies are consistently applied to all elements of the network and the devices and hardware that access them, and the need to ensure programming and development is done securely. We work with companies across several different vertical industries, from technology to transportation to manufacturing, to financial services, healthcare and energy. Security is a common language.
Tell me about your new product Tufin SecureCloud. What purpose does it serve and who would benefit from using it?
In short, SecureCloud helps companies establish and manage security policy across their on-premise, cloud-native, and hybrid cloud networks. It grants companies with a “single pane-of-glass” view into all assets deployed, configurations, and security settings, enabling you to detect policy violations and ensure only trusted workloads and traffic are permitted, making sure everything is properly configured and secure.
The reason this is important is because in today’s dynamic cloud development environments, developers often are empowered to build and deploy applications, totally bypassing security. This is great for business agility, but not great for company security, who often find themselves with complex, fragmented networks, and lack the visibility and control required to ensure security and compliance. SecureCloud provides security policy visibility, automated security policy discovery and generation, and the ability to establish a zero trust security model, without compromising business agility or developer productivity.
Automation is a big theme in cybersecurity. Why is security policy automation important?
Existing manual approaches to managing network changes can take weeks and introduce errors that result in security risks. By automating visibility, provisioning and change requests across firewalls, rules and security groups, companies can quickly increase their team’s productivity while improving overall security posture. Some of the benefits are establishing semi-manual to fully automated (zero-touch) provisioning, driving partial to 100% adherence to your security policy (with easy-to-find documentation of exceptions), giving the team a way to receive real-time alerts of compliance violations, and speeding the process for decommissioning, cloning, and recertification.
Disparate cloud architecture leads to great productivity and scalability, but also potential security risk. What makes cloud security challenging to organizations?
You’re 100% correct – and that is the very challenge that most organizations are grappling with – how can they enable fast, agile development and business evolution, while still retaining strong security. People hesitate to push security at times, because they’re afraid of the business consequences of slowing development down. The first – and greatest – challenge is coming to grips with the idea that you need to do this. Granting a pass on security never ends well. Once that’s been accepted, the next greatest challenge is discovering what’s running where on your networks – so you can move forward. Gaining manageable visibility into everything isn’t a simple task – but one very necessary for success.
What are Tufin's future plans for SecureCloud? What kind of features can we expect down the line?
Tufin SecureCloud will continue to evolve to meet the needs of our customers as they increase their adoption of cloud-native approaches to application development and deploying those applications in a hybrid-cloud manner. Specifically that means continued investment in compliance and visibility of cloud-native applications in the form of industry benchmark reports, continuous alerting, and best practices templates for creating security policies. We will also be making it easier for our customers to use the entire Tufin Orchestration Suite by building tighter integration between SecureCloud and SecureTrack and SecureChange - unified views of security policy, more automation across processes (DevOps and ticketing systems) and best-practices help across the entire product suite. Lastly, SecureCloud will evolve significantly in its support of Kubernetes and all the platforms that embed Kubernetes, both in the cloud and on premises. We think Kubernetes is the foundation of the computing platform of the future, and we believe SecureCloud should be an integral part of every company’s security strategy if they are using Kubernetes. We simplify the use and monitoring of security in Kubernetes without compromising on business agility and the investments companies are making in microservices and cloud platforms today.