RUGGD: A DevSecOps platform
Our guiding principle is that infrastructure and code (and thus applications) should be resilient and durable, able to withstand sustained attack and misuse. This is by far the most effective way of protecting data. The Rugged Manifesto is our North star.
We believe that to become resilient at scale, security and compliance has to become an integral part of the development process - to be consumed as a service by development.
To provide this service, security teams need visibility of the entire development pipeline, how & where code is committed, as it's being committed - as well as who is committing code, and what tools and libraries are being used. They also need to understand how the infrastructure is configured and built.
With this data, they can create security & compliance policies which orchestrate security testing and monitoring, providing instant feedback to developers - and allowing for data-driven decisions on compliance or security risks to be made at the speed of code, thus maintaining development velocity.
Our ambition is to mitigate or remediate vulnerabilities automatically, through a combination of AI and runtime prevention.
But first, organisations need to gain visibility and control of their application development process and ecosystem.
RUGGD is a platform which allows security and compliance to be consumed as a service by development teams. Application security at the speed of code.
We live in an application economy. The emergence of cloud platforms and practices such as DevOps have taken the software world by storm, enabling organisations to rapidly build software to engage and transact with their customers.
But as development velocity accelerates, security and compliance concerns become a blocker to the business, and a major constraint to cloud adoption and application delivery.
Organisations lack scalable processes & tools to understand their security and risk exposure across the application supply chain - and fixing vulnerable code is becoming prohibitively slow, complex and expensive, particularly as development speeds up.
Companies know this is a problem. In the short term, they are deploying security ‘babysitters’ to sit in the DevOps team, & hiring specialist consultancies to help build a security mindset.
But this is not sustainable at scale.
Digital transformation & Cloud adoption
Many organisations are undergoing digital transformation, and cloud has become an enabler to organisations. Yet compliance and security concerns hold many companies back from truly benefiting from cloud.
Cloud providers have a shared security model whereby the cloud providers assume responsibility for the infrastructure, but customers must manage their data and, critically, their applications built or hosted on those providers.
Gartner states that "Through 2020, 95% of cloud security failures will be the customer's fault"
Thus organisations must build new compliance and risk models that give them the visibility and control they need to fully realise the benefits of cloud.
RUGGD helps organisations manage their application security, compliance and risk
RUGGD will allow developers to focus on developing quality code, while AppSec policies are continuously enforced - giving the business the visibility and control they need to make risk-based decisions.
RUGGD integrates tightly with cloud providers, DevOps tooling and AppSec tools - as well as customers own tools and risk frameworks, to ensure organisations have the visibility & control they need to manage risk effectively.