Accurics rushes out of stealth with cloud security tools for DevOps

Companies are speeding up their plans for complex cloud IT projects but it often risks their security.
Written by Tom Foremski, Contributor

Startup Accurics, headed by veteran IT security execs, emerged from stealth mode this week and announced technology that secures IT cloud deployments in dynamic environments. 

The company raised a seed round of $5m in mid-February from leading VC firms. The founding team includes former senior executives from Symantec and Palo Alto Networks. 

Sachin Aggarwal, co-founder and CEO, has founded and sold four startups. He said that his team — all working from home — pulled out all the stops to launch the company and security offering early.

"We knew it would be needed because of what is going on. During these times, a lot of companies have accelerated their plans forward with respect to the cloud. Good security requires that they need to know what is going in their IT stack as it grows in complexity."

The widespread use of data virtualization technologies such as those from Docker and Kubernetes create a dynamic IT environment with constantly changing permissions and access that can lead to security holes if it isn't monitored.

Accurics says several very large unnamed enterprises have already been running the security offering for several months. It is now available to any company in a free version.

The platform is designed to help Dev/Ops teams tackle the extra work in maintaining the code that manages their IT infrastructure. Accurics says this allows security to be embedded and maintained throughout the DevOps lifecycle.  

Cloud expansion plans often face delays because of the necessity for compliance with federal and state regulations around data;  the Accurics platform checks for compliance, flags problems, and suggests best practices and configurations.  It also finds potential problems from security posture drift.

Aggarwal said the rush to the cloud has meant shortcuts around security and that means costly changes in production. It's better to build it in from the start. "Organizations need a broader approach, in effect, 'code-to-cloud' security," said Aggarwai. "That means seamless governance of infrastructure during development and in production, protection across the full cloud stack."

Editorial standards