Cloud workload protection tool speeds cloud migration, saves time

Informatica deployed Aporeto's IT security tool to protect its cloud servers. It gained peace of mind -- and valuable time.

Alec Chattaway came across cloud security tool Aporeto by chance. The director of cloud infrastructure operations at Informatica was at a technologist meet-up near the data management software vendor's headquarters in Redwood City, Calif. -- "I visit the local ones primarily to look at bleeding-edge technologies, but also they're usually a good place to steal people from -- headhunting-type thing."

He watched a presentation by one of Aporeto's engineers, and that was that. The IT security tool ensures cloud workload protection by allowing only authorized interactions and layering on encryption. "Why wouldn't we use something like this?" he said.

Soon after, he rolled out the tool in a nonproduction environment at Informatica and tested it there for three months to make sure it was "secure, reliable, resilient -- those are the kind of words you can hear from me all the time. That's really what I'm looking for." It went prime time at Informatica in the fall of 2017.

The benefit the product delivers is clear, Chattaway said. The previous technique he employed to protect his cloud infrastructure from attacks was laborious and time-consuming. It called for creating security groups, or sets of rules that control inbound and outbound traffic, known as ingress and egress.

Alec ChattawayAlec Chattaway

"I don't need to worry about that whatsoever anymore. I could create a flat, open network and then allow Aporeto to do this for me by doing policy," Chattaway said, referring to a computing network that's easier to manage but also considered easier for hackers to infiltrate than a network that's cordoned into sections.

Perks of cloud workload protection

A flat network also helps accelerate a move to the cloud, Aporeto co-founder Amir Sharif said -- which should be good news for cloud architects, who are charged with forging cloud strategy and execution. Without the security tool, an organization would have to do a "lift and shift," or move an application as-is from one computing environment to another.

Amir SharifAmir Sharif

"I'm going to do one-to-one mapping from my physical environment to my virtual environment. This is the model that's done," Sharif said. With Aporeto, though, "We know what the application components are; we can write the policy for you, and you don't have to build an infrastructure around it."

Because the tool whitelists applications, or allows only vetted apps to access server workloads, every interaction is surveilled.

"If you're a rogue hacker and you want to break into the guy's database and you start probing it, that rogue hacker has no signature that we recognize so we don't allow that person to actually do the probing," Sharif said. "We allow cloud architects to accelerate migration to the cloud because they don't worry about the infrastructure; they just worry about the application functionality."

The tool also enables cloud architects to bridge newfangled microservices and traditional applications.

"So, if you have a brand-new Kubernetes application running and you need to access some old application in the data center, it's done very easily with us," Sharif said.

Aporeto will prove useful to developers, too, because they can do their thing -- write their scripts, build their software -- in a secure environment without fretting about infrastructure complexities.

They can move "as fast as they want, without being encumbered by organizational bureaucracy or low-level networking constructs that they have no desire or interest in learning," Sharif said.

Greek to IT

Aporeto's cloud workload protection product is available as a SaaS or on-premises software installed in a customer's data center, and it's priced per server the company is protecting, whether in the cloud or in a data center.

As for the mellifluous company-product name, it's Greek, meaning "confidential" or "stealthy," Sharif said. The idea is, cloaking an application in encryption and blocking access to it will keep it safely under the radar. "If something untoward is coming towards it, then it shouldn't respond; it shouldn't even be detected," he said.

Dimitri Stiliadis, another Aporeto co-founder and the company's CTO, who is from Greece, suggested the name for the startup, and it stuck.

"We were looking for a name that started with A, and Aporeto is a good one," Sharif said. "And the domain was available -- let's go."

To find out more about Informatica's experience with Aporeto's cloud workload protection tool and how it works, read part one of this two-part case study.

Dig Deeper on Digital transformation

Cloud Computing
Mobile Computing
Data Center
and ESG