While in Israel late last year, I caught up with Shaked Zin and Avi Shulman, co-founders of security company PureSec. PureSec was in a bit of a conundrum. It was doing important work but in a space that was still nascent: serverless computing. As such, it was having a hard time both articulating its value proposition and getting investors to understand and commit to their story.
I found this conundrum interesting. Serverless computing is, after all, pretty high on the hype cycle. Ever since Amazon Web Services (AWS) introduced the notion of serverless via its Lambda offering a few years ago, all vendors have been rushing to commercialize their own serverless offering.
+ Also on Network World: Serverless computing in practice +
For those not au fait with the term, serverless is a new architecture based on ephemeral compute power that comes into existence on request and disappears immediately after use. Traditional cloud computing, on the other hand, requires organizations to rent virtual servers and put effort and resources into their management as part of the application development process. In serverless computing, each function is a “nano service” that requires no management on the part of the customer.
Since I’m excited by serverless, I was happy to spend time with a company building solutions specifically for serverless. I was also excited by the resumes of the founders. Zin, who is CEO, and Shulman, the company's CTO, gained their cybersecurity background while in the Israeli ministry of defense. Shulman is a cybersecurity expert and brings vast experience from innovative security startups and F5 Networks. Zin graduated the elite training program “Havatzalot,” which is aimed at developing intelligence and technological leadership.
PureSec gets $3 million in venture funding
I doubt it was a function of any advice I gave them, but notwithstanding that or the relative immaturity of the serverless ecosystem, PureSec is today announcing that it has raised $3 million in venture funding to build out its product and business.
What exactly is PureSec is doing? The company is building what it describes as the world’s first security platform for serverless architectures.
PureSec’s rationale for its existence is that security within a serverles construct is fundamentally different than that in a virtual or phsyical world. Since the execution of the code is fully managed by the cloud provider, organizations that are going serverless don’t have control over their end points and network, which makes traditional cloud workload protection platforms irrelevant. PureSec was founded in October 2016 to solve this problem. The company develops a security platform that integrates with serverless applications and provides protection against both known and unknown threats.
“We were passionate about using the same set of skills we gained over the years, to research and define the solution needed for securing this new domain,” said Zin.
Currently, organizations looking to move to serverless have a couple of unpalatable options when it comes to security. They can either build their own, manually crafted solutions or fail to adjust traditional security products to a serverless architecture.
In justifying this perspective that security for serverless is fundamentally different, Shulman said:
“We were thrilled by the challenge of addressing the security needs in serverless—what we believe is an absolute game-changer in the world of cloud computing. Serverless requires us to revise our security state of mind, to think about how we protect distributed, event-driven applications that are fully scalable and contain many entry points.
"While serverless itself helps with some of the server-side security concerns, organizations are still responsible for their sensitive application data and are therefore vulnerable to sophisticated attackers. To solve this problem, we combine innovative machine learning algorithms with deterministic engines, which are all embedded in a solution that scales with your application.”
My POV
Serverless security is certainly a problem that needs solving. The question in my mind is whether it will be solved by the individual cloud vendors as part of their serverless offering or by a third-party provider. The answer to that question determines whether PureSec gets acquired in short order (something I feel is likely) or continues to build a viable business independently. It will be interesting to watch this one develop.