After first learning of Soha nearly a year ago, I immediately began thinking about how they addressed many of the challenges I was currently facing in exposing internal (campus-type) applications to my BYOD Enterprise Users (e.g. Jira, Confluence, Dashboards, IM, etc.). As the months passed and “cloud” utilization conversations resumed to potentially include sensitive customer-facing applications/data, I frequently asked myself, “Would Soha work for this too?” As it turns out I was not the only one asking this question. When I finally circled back with Soha to see what was new, I was surprised to see just how much progress had been made against what I had hoped Soha would develop, and the speed in which it was brought to release.
Enterprises have been through virtualization, consolidation, and now the next big wave of IT transformation is here as companies evolve to integrate various cloud models, and accept that the dominant user access-method to internal resources will be from outside. With the uprising of efforts like Cloud Hosting, DevOps, OpenStack, etc., enterprises are beginning to think in terms of Agility and Continuous Delivery as a path to success…though, if you were to play the psychological “word association” game with Security teams at these same enterprises, the responses will likely be Risk, Data Loss, Loss of Control, Lack of Visibility, and the ever-popular Breach. I believe, despite the risks, the benefits of the transformation to cloud are too great -- it’s incumbent on Security teams to embrace new approaches and adapt.
While architecting security strategies at Walmart, PetSmart, and Freeport-McMoran I’ve helped enterprises adapt and take a more cloud-based approach to application development and delivery. The effectiveness of these security strategies within the context of the larger organization has been borne out from giving consideration to operating securely within environments that may not have all of the "comforts of home”, while being able to take advantage of the benefits cloud environments provide.
So what was it that attracted me to Soha? Was it that Soha allows organizations to effectively eliminate the risks of public exposure, or that they had built a collection of abstracted security services designed to work within the application data path with fractional latency implications, or maybe the ability to drastically reduce operational overhead and costs, while maintaining a high-level of security governance and visibility?
While all true, innovative and impressive, the product was not the deciding factor; it was the People...What I encountered in meeting the Soha team was a very passionate and dedicated group of top-tier Engineers, Developers, and Leaders, who understand that security is not something that is applied as a secondary effort, but developed as an integral part of an entire solution/environment. Numerous security industry white papers, conference tracks, and executive briefings recommended this integrated approach, however the reality is that the practice of it is much more complicated and requires a fundamental change in culture. Soha was created with that very concept in mind and drives every aspect of their technologies and processes in such a manner that aligns innovative principles of infrastructure, applications, and security methodologies in support of a migration to a more cloud-centric operating model.
Helping transform the enterprise security landscape is a heady thing, Soha is primed to play a major role. I’m excited and looking forward to being a part of team here at Soha.
Mark Carrizosa - VP, Security / CISO