December 23, 2021

Deepfactor Rewind…and Fast Forward

Kiran Kamity, Founder & CEO, Deepfactor

Whitepaper: Introducing SCA 2.0: Prioritize Risk, Reduce False Positives, and Eliminate SCA Alert Fatigue

Download Today! >

Deepfactor Founder & CEO, Kiran Kamity, takes a moment to reflect on an exciting year, and discuss what’s next for Deepfactor

 

Whew—2021 was a blur!

  • The application security industry continues to evolve, fueled by the increased development of cloud native applications and the rapid adoption of DevSecOps.
  • COVID has changed the way the world operates, with supply chain impacts, at-home restrictions and restricted travel forever impacting the way we work … and play.
  • Deepfactor—the product and the company—is no longer a toddler, now heading into preschool with months of thoughtful development and nurturing at home.
  • And more personally—as a lifelong student myself—I’ve personally learned and grown, both as an entrepreneur and a human.

Over the course of this year-end blog, I want to take a moment to reflect on many of these subjects and share my perspective on 2021.

 

Microservices Lead to Macro-Events


First, let’s talk about the macro … what events and trends helped shape cloud native application development and the adoption of DevSecOps? Here are some of the highlights:

  • Gartner introduced a new category for emerging technologies focused on the future of cloud native security operations, Cloud Native Application Protection Platforms (CNAPP). This new category groups Application Security Testing (AST), Cloud Workload Protection Platforms (CWPP) and Cloud Security Posture Management (CSPM) into a single, unified solution.
  • Container security platforms saw consolidation (Redhat acquired Stackrox, Suse acquired Neuvector)
  • AppSec testing vendors (Snyk, Contrast) and Container security vendors (Aqua) have raised bigger rounds of funding
  • CNCF continues to emerge as the primary forum for all things Docker, Kubernetes, etc.
  • With 48,418 Commits with 63,540 PRs and Issues as of December 16th,  2021, Kubernetes has cemented its place as the dominant container orchestration platform for the industry
  • We have 25M developers today, with that number predicted to grow to 45M by 2030. Every company really is a software company, with developers creating software at a pace the industry has never seen before … and that pace isn’t showing any signs of slowing down! We’re looking at 500M cloud-native apps by 2025. That’s insane!
  • From SolarWinds to log4j/log4shell, security vulnerabilities have increased rapidly, both in size and number, and breaches have naturally followed, exposing greater and greater amounts of data. This trend, unfortunately, isn’t showing any signs of slowing either.

So, to sum it up—lots of cloud native apps, built by lots of developers, using lots of 3rd-party code, is leading to lots of vulnerabilities, resulting in lots of breaches …creating a need for large companies delivering software to help developers create secure applications, and ensure DevOps can maintain them securely in production.

And while this has been happening in the world of cloud native development and DevSecOps, COVID has truly enabled work from anywhere. In 2020, most companies were still talking about a ‘return to work’ after the pandemic was ‘finished.’ This year, we came to the realization that we are never going to truly ‘return to work’ the way we did in the past. Remote work is here to stay, and has become part of every company’s culture. In many ways, this has truly opened up the world, enabling talent to be recruited from everywhere. And HQs are being broken down into multiple ‘centers of gravity’ with 2 or 3 days in the office each week. It’s a new way of life and –IMHO– it’s progress for the good of humanity!

 

The Deepfactor Perspective


Now…let’s get you a sneak peek of what’s been happening at Deepfactor this year:

  • What we have created, at the heart of it, is a developer security platform for cloud native applications. It enables developers to create secure and compliant cloud native applications, by identifying risks before they ship to production—likely even before AppSec has a chance to review. Our platform seamlessly plugs into your container and Kubernetes workloads, and uses observability to identify risks in both static and running containers.
  • We’ve always been driven by macro events (e.g. see above), and have those trends drive where we’re going. Therefore deciding to focus on creating a developer-focused security platform for cloud native applications is a natural consequence. We think the industry could benefit by “starting left” instead of waiting for existing tools to make the “shift.”
  • We raised a $15M series A, led by Insight Partners, and doubled our team over the last 6 months … and we’re still hiring!
  • Culturally, we have embraced 3 core values—Hungry, Humble and Passionate. If you’re hungry enough to make a difference; humble enough to stay open-minded regardless of titles, and passionate enough to enjoy most Monday mornings, you’ll find synergies with the core team we’ve created.
  • We’ve opened up hiring to ANY location in the US, and created 4 centers of gravity in India (Bangalore, Chennai, Pune and Hyderabad). This has given us access to a wide talent pool across two diagonally opposite time zones, resulting in a continual 24/7 productivity. At the same time, we’ve created a culture where vacations are encouraged and family time is valued. And we hope to keep it this way as we continue to grow the company! In addition, we continue to improve our benefits program with meaningful additions every few months, such as healthcare, 401K, and other exciting programs.
  • On the product-side, we’ve been delivering features at a frantic pace, making a ton of improvements this year. We group our features into four areas—Install, Instrumentation, Insights and Integration. While we’ve released >10 releases this year, some of the core things worth highlighting:
    • We introduced a fully micro-services based architecture that can be set up on any cloud infrastructure, including AWS/Azure/GCP/VMware.
    • The ability to plug-in seamlessly to Kubernetes and observe the specified processes/containers/pods without requiring a host-based agent/kernel module or sidecar. It’s elegant, simple and provides rich insights! Speaking of insights, in addition to our security module, we added a rich supply chain module that offers a full SBOM; and a compliance module to help developers understand where their applications are falling short when it comes to compliance standards and more.
  • Our early customer base has been extremely helpful as development partners, helping us make the product better! We have now onboarded a small, but seasoned, sales and marketing team, and have been very deliberate with respect to our strategy and execution. Customers are loving not just the product, but the team and experience, and we’re naturally experiencing the fruits of those labors!

 

Personal Growth and Thoughts on 2022


As a lifelong student, I personally look to learn a handful of new things each year. I divide my personal time into family, personal health and fun. In 2021, I’m thankful to have gotten an opportunity to spend more time with family, given work-from-home. I’ve added lifting weights to my workouts, and I’ve thoroughly enjoyed some good TV shows (Homeland on Amazon Prime has been my favorite this year!). My favorite book this year is Mindset by Carol Dweck. It spells out the difference between ‘growth mindset’ and ‘fixed mindset,’ and lays out a framework and the benefits of a growth mindset at work, with family and with friends. Give it a read…I think you’ll enjoy it. I certainly did!

As Deepfactor looks forward to 2022, we’ll continue rapid product evolution with more developer-centric offerings; keep the team growing and thriving within our hungry/humble/passionate culture; accelerate customer acquisition; and—hopefully—spend some more time in-person (and online) getting to know each other! And on the personal front, I look forward to more learning(s) … and sharing them with you next year!

Whitepaper: Introducing SCA 2.0: Prioritize Risk, Reduce False Positives, and Eliminate SCA Alert Fatigue

Download Today! >

About the Author

Kiran Kamity, Founder & CEO, Deepfactor

Passionate serial Silicon Valley entrepreneur. Head of product at Cisco Cloud BU. Founder/CEO at ContainerX (acquired by Cisco). Founder/VP at RingCube (acquired by Citrix). TEDx speaker. Loves nature, travel, and food.

Subscribe to our monthly eNewsletter and stay up-to-date on everything Deepfactor has to offer!