2018 was a transformational year for serverless and cloud native applications. I do believe that this is the year that will be remembered as the one that marked the shift of “serverless” from a cool technology buzzword to the ‘go to’ cloud app architecture.
This month, Frost & Sullivan announced that Protego was awarded the Serverless Security New Product Innovation Award for 2018. This is another milestone, not only for us as a player in this space, but for the space itself.
To put the milestone in context, it’s not just that one of the world’s most respected analysts has highlighted what we’re doing for serverless security. It’s not even the fact that Frost & Sullivan have a serverless security category (though that is huge).
The thing that puts the exclamation point on 2018 for us is being on the same list as awesome companies like Zoom, Slack, and Intel. So, I thought I’d take the exclamation point as an opportunity to revisit our 2018 journeys—the journey of a small cloud native security start-up and the journeys of serverless and cloud native computing.
We spent January frantically trying to get all our product ducks in a row. Fresh off of our first re:Invent experience, and with the holidays behind us, we had a long list of design partners asking when they could touch the product. They’d seen enough of our demos and wanted to get in the driver’s seat. When designing our product we made a difficult choice. While it would have been far easier to just roll out posture security or serverless application defense, we chose to try and simultaneously solve all the key pieces of serverless security.
We chose, instead, to try and make Protego a one-stop-shop for serverless, and while I stand by that decision, it put a lot of pressure on us to deliver something so comprehensive, while some of our competitors focused on only one or two key features. Suffice to say, we didn’t sleep a whole lot in January. By the end of February, however, we were able to start putting the full picture in front of customers and it felt both to us and to them like it was worth the wait and the effort.
March was something of a turning point for us. Part of it was that we actually had people using the product, some even on production applications (yikes!). At the same time, there was a more fundamental shift going on in Protego. As we started to interact with and protect real-world applications, we began to understand how much more powerful the notion of security posture was in this new world. Initially, we felt that Protego Proact, our cloud-native code-driven security posture tool, would be the thing that drew customers in, but that the real prevention of attacks was in Protego Defend. What we learned was that, while there is no substitute for inline runtime defense, Proact was able to melt away huge parts of the attack surface by automating least privilege and risk minimization.
Unfortunately, what that meant for us was that while we need to keep up all the WAF- and RASP-replacing defense stuff we were so proud of, we also needed to double down on maximizing what Proact could do. We needed to fully support all the languages people were using. We needed to squeeze out every last drop of misconfiguration, without being overzealous and breaking the application. So, we didn’t sleep much in April or May either.
Looking back, I’d say July was when a few changes in the ecosystem began to accelerate. First, there was a clear shift in people we were engaged with from “I just want to learn about serverless,” to “I actually have something real going on and I need a solution.” While serverless and cloud native are still in their toddler years and most organizations are still just starting on their journey, the middle of 2018 seems to be when things started to “get real” for those that made the move earlier.
The other shift was about cloud providers. AWS is still the dominant force in serverless, and most of what is already out there is on their platform. But for various reasons, over the past 5 to 6 months there has been something of a shift in attitude, and many more customers are asking us when we’re rolling out general availability on Azure, especially on Google Cloud. Maybe it’s just because I was at Cloud Next when Functions came out of Beta, but something felt like it had clicked with the other cloud providers this past summer.
Announcing General Availability (GA) was in some ways inexplicably gratifying, and in other ways wholly underwhelming. On the one hand, it felt great to have the product at the point where we were both able and proud to let people just sign up and start using it. On the other hand, we’d already had quite a few people using it already, and the day after GA-day seemed a lot like all the other days.
Well, in some ways. The day after was when we got to start tackling all the new challenges we had put off until September, like supporting additional cloud providers, adding the ability to enforce security posture in CI/CD, and the many other goodies that are now rolling out.
re:Invent at the end of November was exhilarating and sobering. It is hard to imagine how much we’d accomplished since roaming the halls of the Venetian last year, hard to fathom how much more we can still build and create, and hard to even keep up with the pace of announcements that impact us and our customers. However, when Werner Vogels mentioned Protego in his re:Invent keynote as one of the companies that had been working closely with AWS, you can’t help but do a little dance in your head. Then you get back to work.
Now we’ve received the Frost & Sullivan 2018 Global New Product Innovation Award. This is one of Frost & Sullivan’s Excellence in Best Practices Awards, which are presented annually to companies that are predicted to encourage significant growth in their industries, have identified emerging trends before they became a marketplace standard, and have created advanced technologies that will catalyze and transform industries.
“Protego Labs’ platform was designed specifically for the unique challenges of serverless security. It’s backed by continuous research, offers a holistic approach, was born in the cloud, provides automation dividends, and is feeding the pace of serverless adoption,” said Michael Suby, vice president of research at Frost & Sullivan. “It is for these reasons that Protego has earned our new product innovation award in serverless security.”
2018 was the year that serverless graduated from an idea that might revolutionize cloud software and became an undeniable, full-fledged paradigm shift. 2019 will continue this dizzying pace of innovation in the serverless space. The combination of people and technology rallying around redefining cloud software and the maturity of the ecosystem will lead to 2019 being the year of ‘Serverless First.’
The Innovation Award from Frost & Sullivan is a very welcome recognition for how far Protego has come this year, but it is also recognition of how far the serverless and cloud native industry has come. I am proud to be part of both of those journeys.