Paladin Cloud launches open source platform for cloud security and governance – TechCrunch


As the cloud plays an increasingly central role in the modern business world, companies migrating to a remote infrastructure are faced with a multitude of challenges, the main one being arguably the issue of security.

Hosting applications and data in the cloud is now a reality for countless companies. But knowing exactly what’s going on under the hood isn’t always easy due to the complexity of in-game integrations covering everything from API gateways to Kubernetes. The result is that identifying security policy violations can get a bit tricky.

It’s a problem Paladin Cloud is working to solve, with an open-source “security-as-code” platform launching to the public today.

Paladin Core purpose is to help developers and development operations (DevOps) teams protect their applications and data, in both test and production environments, by providing complete visibility into the security posture of their countless cloud services and enterprise systems. Ultimately, it’s about automating the detection and remediation of security policy violations, which can include everything from unauthorized access or misconfigurations to insecure APIs.

To help take the open source project to the next stage and further towards commercialization, the Piscataway, New Jersey-based startup announced today that it has raised $3.3 million in a ‘a seed funding round co-led by Okapi Venture Capital and Bowery Capital, with participation from a host of notable backers including Samsung Next, T-Mobile Ventures, SaaS Ventures, Touchdown Ventures and UST.

Plugin architecture

Paladin adopts a plugin-based architecture that helps developers connect and ingest data from a myriad of sources, spanning code repositories, threat intelligence systems, API gateways, Kubernetes, etc Paladin can then discover all assets, assess and establish policy violations, and run any pre-configured automatic fixes.

While Paladin is designed to secure all major public clouds, including AWS, Azure, and Google Cloud, as an open source project it is flexible and extensible. This means it can be used as part of companies’ hybrid cloud strategies, where some of their data and applications are hosted between public and private cloud infrastructures. Paladin can be used to bridge these disparate systems.

To get a better sense of the world Paladin has entered, there are a number of other similar players in the space – including Wiz, a $6 billion company; Bridgecrew, recently acquired by Palo Alto Networks for $156 million; and Accurics, which was acquired by Tenable for roughly the same amount. Not to mention other fledgling startups like Jit, which recently sneaked out with a hefty $38.5 million in seed funding.

It is therefore clear that there is a real demand for cloud-native security in the age of DevOps. However, Paladin touts its open source foundation as one of its key differentiators. The benefits are the usual advantages that open source solutions bring to the table, including the fact that open source is an incredibly attractive proposition for developers who prefer to tinker and test software themselves, without having to jump through giant corporate hoops.

“Developers prefer to deploy open source solutions rather than closed ones,” Paladin co-founder and CEO Daniel Deeney told TechCrunch. “Currently, closed-source players sell their products to CISOs or security teams as paid enterprise solutions. Many developers don’t use these products because they often don’t have the budget to buy expensive enterprise solutions, and these products aren’t flexible to integrate into other cloud-based systems.

While there are other open source players in the space (including VC-backed Stacklet), Paladin touts its “holistic approach” to cloud security which includes the aforementioned connector-based architecture that extends security not only to major public clouds, but a wide range of cloud technologies such as Kubernetes.

The story so far

Paladin has been around in stealth mode as a self-funded project since late 2021, and in the months since, the founders — Deeney and CTO Steve Hull — have been developing the product in conjunction with partner customers and community developers.

Today’s announcement heralds the official launch of the core Paladin open-source project on GitHub, which includes a set of out-of-the-box features including a UI management dashboard; best-practice security policies covering major clouds; a policy management plan to connect directly to cloud-based enterprise systems; role-based access control (RBAC); prioritize policy violations based on severity; and more.

Paladin Dashboard

It also marks the start of what will eventually be a fully commercialized product. This will include an enterprise-grade offering with a self-service SaaS platform and premium features such as service level agreements (SLAs), AI-based risk scoring and enhanced compliance reporting.

Paladin says it already provides business support to at least one publicly traded company.

“In addition to many developers using the beta version of the OSS (open source software) product, Paladin signed a multi-year OSS support contract with a public company based in Philadelphia to launch the open source product,” Deeney said. “Due to a confidentiality agreement, the company is not authorized to release the customer’s name at this time.”

But ahead of the big monetization push, Paladin is now well funded to fund its growth in the open source community by building its team.

“The company plans to use proceeds from the seed round to hire a few key positions, such as developer relations manager, and to bolster its development team,” Deeney said.


Comments are closed.