The word “cloud” is often uttered up in an almost reverent tone by anyone even tangentially affiliated with the IT world. A big reason for this is because cloud computing has been a tremendous boon for all manner of institutions. Getting away from on-prem servers has reduced cost and increased the speed at which organizations operate as well as the amount of data and applications that can be used to add value. But there is a tremendous amount of complexity in the cloud. With so many developers working in the cloud, there are also many potential access points and, therefore, security vulnerabilities. Ami Luttwak, the Co-founder and CTO of Wiz, explains how cloud complexity increases risks to security.

Main Takeaways

• The Promise and Problem With the Cloud: Use of the cloud can add value to organizations. For instance, the cloud can potentially decrease cost and promote efficiency. It also adds complexity and possible access points. For bad actors, this sort of complexity creates openings to infiltrate systems in order to achieve their malevolent ends.

• Asking the Question Differently: To innovate, sometimes it’s a matter of just asking a question differently. Also, asking the question simply can be helpful too. That said, it may only appear to be an elemental question after it has actually been answered. Wiz asked the basic question: are your cloud databases exposed? Solving this problem has allowed the company to make an impact in cloud security.

• MVP Plus Scale: In startup circles, it makes sense to get an MVP out ASAP. Luttwak suggests that startups must create MVPs that also have the capacity to scale. If they do so, they will save time and put their companies in a better position down the line.

For a more in-depth look at this episode, check out the article below.

Article: 

The word “cloud” is often uttered up in an almost reverent tone by anyone even tangentially affiliated with the IT world. A big reason for this is because cloud computing has been a tremendous boon for all manner of institutions. Getting away from on-prem servers has reduced cost and increased the speed at which organizations operate as well as the amount of data and applications that can be used to add value. But there is a tremendous amount of complexity in the cloud. With so many developers working in the cloud, there are also many potential access points and, therefore, security vulnerabilities. Ami Luttwak, the Co-founder and CTO of Wiz, explained how cloud complexity increases risks to security.

“The cloud is amazing, but there is a problem,” Luttwak said. “The problem is that the cloud — you move so fast [and] you have so many services, right? There’s so much complexity in the cloud and security, and I would say even threats, they always come from complexity. Because that’s what attackers look [for]. They look for complexity. They like complexity. Complexity is where the attacker finds ways to go in. What’s happening right now is that it’s exploding. The cloud is exploding. It’s just exploding in organizations. And the problem is that security teams, they don’t have the knowledge, the processes, the tools, [and] the org structure to take control over this explosion. It’s so different. It has no relation to on-premise data center security. It’s like a new problem, completely new, and it’s exploding. They don’t want to stop the developers, right? They don’t want to say stop working, but they also need to find a way to somehow make sure they’re not exposed.” 

An out-of-the-box comparison would be if a person had the largest, most complicated walk-in closet ever with a massive amount of secret compartments. And then there are voracious moths in the closet. Some are inside bins already wrecking all the clothes and others are desperate to get inside to do their damage. The first step is to determine how many storage boxes are actually in the closet. Only then can the risk of each container be evaluated and you can come up with solutions to lessen the adverse impact of the moths.

On a recent episode of IT Visionaries, Luttwak explained how his company, Wiz, is simplifying cloud complexity with its tool that locates databases and then determines their exposure. With this information, developers can make decisions to secure their network. Ami also shared lessons he learned along his career journey that can be applied to other startups.

Luttwak explained how data center security generally functioned in the past as opposed to how security must be considered involving the cloud.

“In the past, in theory, you had a data center, you owned the data center,” Luttwak said. “You had one entry point to the data center and you could control it…No more choke points. There’s no more control. Developers are building cities. They’re building cities every day and the cities go up and down. They change [and] their agile. So everyday you can build a new city. How can security know if there’s a way to hack into one of the buildings? It’s like almost an impossible task.”

But impossible is not a solution. So Luttwak, and Wiz, decided to ask the question differently and then strive for an answer on that basis. 

“The way we look at it is we start from a simple question that you want to answer,” Luttwak said. “For example, do I have an exposed database? If you look at the news, [an] exposed database, that’s like [the] number one question. The reality is that with existing tools, even answering this question, do I have an exposed database on cloud environments, especially large ones, [is] almost impossible. Why? Maybe it’s running on a VM. Maybe it’s running on a container. Maybe it’s a fast database. There’s so many different types of databases. There’s so many different ways to expose a database. It’s really complex. So we thought about: how can we create a tool that you can deploy in minutes in the cloud native way. So no agents; just the simple hook into the environment and can answer these questions.” 

Wiz has been able to quickly scale. Luttwak gave some advice for other startups that are considering bringing a product to market. He made the point that startups need to consider their MVP alongside its potential to scale.

“If you don’t think about scale, in one year of building a startup, you can build 10 years of technical debt,” Luttwak said. “10 years…But what we understood is that you should not put the feature that cannot scale. This is part of MVP design. If you don’t think about scale, you’re creating a technical debt you will have to pay in six months. And if you want to grow like this, you won’t be able to grow like this because you’ve created too much technical debt.”

For Luttwak, his passion is born from his belief that Wiz is fundamentally serving developers.

“[With] a lot of security tools, the problem with them is that security is not productivity,” Luttwak said. “It’s more of you have to manage risk and you give alerts and you never feel, at least like personally, that I know I’m doing a good job. You never know. Because Wiz is different. [With] Wiz, I really believe [and] I really feel good about it because we are really giving you a good communication with your developers. We are showing you things you have to fix, and we are really making you better. It’s so much different than chasing anomaly detections…I think the passion comes from really feeling [that] this is something good.”

There are several lessons to take from Wiz. Luttwak and Wiz first asked a different question and then answered it. Then, the team at Wiz anticipated scaling their MVP. Lasty, Luttwak’s inspirational passion is derived from his belief in the meaningfulness of WIz’s work. 

To hear more about how Wiz is simplifying the complexity of cloud security, check out the full episode of IT Visionaries! 

IT Visionaries is brought to you by the Salesforce Platform – the #1 cloud platform for digital transformation of every experience. Build connected experiences, empower every employee, and deliver continuous innovation – with the customer at the center of everything you do. Learn more at salesforce.com/platform