Tufin Unifies Management of Cloud Cybersecurity Policies
Tufin today announced the availability of Tufin SecureCloud, which combines two existing offerings to manage cybersecurity policies for both monolithic applications and emerging microservices-based application environments.
Company CTO Reuven Harrison said rather than moving forward with separate products, previously known as Tufin Orca and Tufin Iris, Tufin is aiming to appease IT organizations that prefer a unified approach to managing all their applications.
Tufin SecureCloud provides the single pane of glass that IT organizations require to secure cloud applications regardless of the underlying architecture employed, he said, noting a single offering provides the added benefit of reducing the total cost of securing those cloud applications.
Part of the Tufin Orchestration Suite of cloud security tools, Tufin SecureCloud is planned to support for instances of Kubernetes running in on-premises IT environments. Kubernetes has emerged as the dominant platform for deploying microservices-based applications built using containers. By extending the current support Tufin provides securing Kubernetes instances in the cloud to on-premises IT environments, it will become possible to secure hybrid cloud computing environments as well, added Harrison.
Because Tufin SecureCloud automatically generates, provisions and synchronizes security policy changes across multiple IT environments, Harrison said the platform will enable organizations to more easily further adoption of best DevSecOps processes spanning both application development teams and cybersecurity professionals. Tufin SecureCloud also provides integration with a variety of continuous integration/continuous delivery (CI/CD) platforms to make it easier to attach cybersecurity policies to application workloads as they are developed and deployed, he added.
Tufin is clearly wading into one of the more contentious issues in cybersecurity. Short-handed cybersecurity professionals need to rely on developers to programmatically embed cybersecurity controls into applications. However, many cybersecurity professionals have historically viewed developers as being the root cause of the cybersecurity problem because of all the vulnerabilities that are inadvertently introduced into application code. Tufin SecureCloud provides a mechanism to verify the proper policies and associated controls have been properly implemented by developers. Unfortunately, the adoption of best DevSecOps processes remains uneven at best. Most organizations are still working through their initial transition to DevOps so it may be years before most organizations are able to extend those practices into the realm of cybersecurity.
In the meantime, the amount of application code that needs to be secured will continue to pile up. Thanks to the rise of agile programming techniques and best DevOps practices, there is more application code to secure than ever. Most cybersecurity teams are already struggling to keep pace. The challenge is that as developers embrace microservices, not only will the rate at which applications are being deployed increase, but also will the number of updates being made to existing applications. Clearly, most tools for currently assessing cybersecurity posture are not going to be able to keep pace. In fact, many organizations are likely to find themselves hard-pressed to audit their application environments, much less actually able to secure them.