Ushering In The Future of Cloud Security: Our Investment in Orca Security

CapitalG
CapitalG
Mar 22 · 4 min read

By Gene Frantz, James Luo and Jamie Rosen, investors at CapitalG.

Securing the Cloud is Critical to Realizing its Potential

Despite the cloud’s numerous advantages, it poses some significant new security challenges. In cloud environments, companies neither own nor maintain their own infrastructure, and developers can easily spin up workloads outside the awareness of security and IT teams. This lack of control and visibility means that CISOs are often fighting the cloud security battle with one hand tied behind their backs, unaware of their risks and unequipped to monitor or protect their cloud assets effectively. In fact, more than 80% of IT professionals are concerned that their organizations have already suffered major cloud breaches that they have yet to discover. As companies move more of their infrastructures to the cloud, security professionals will need solutions to help them view, monitor, and protect their cloud workloads.

Why “Lift and Shift” Doesn’t Work

For starters, using agents for cloud visibility restricts security coverage only to assets that are known and accessible. With fast DevOps-led cloud infrastructure creation, developers become responsible for, but are often not focused on, deploying and managing these agents on VMs, containers, and other resources. Over time, cloud workloads naturally fall through the cracks and become invisible, unseen risks to security teams. Even if teams are able to successfully embed agents across most of their environments, those agents themselves require constant upkeep and maintenance and run the risk of impacting resource and workload performance.

In contrast, traditional networking scanning tools don’t require agents but suffer from limited fidelity into actual resources, may miss critical assets and vulnerabilities, and can even shut down sensitive workloads. Even configuration scanning tools developed specifically for the cloud provide only shallow coverage and cannot get the detailed asset-level data needed to detect critical risks, including unpatched vulnerabilities and malware.

Securing the cloud is materially different from securing on-prem infrastructure and requires a new strategy. Thankfully there’s Orca — and its fundamentally new approach to optimizing security in the cloud.

Orca Security Provides a Radical Improvement to Cloud Security

Orca’s differentiated approach maximizes what it refers to as the ‘3 Cs’:

  • Comprehensive — Orca can detect vulnerabilities, malware, lateral movement risk, unsecured customer data, over-permissive roles and more on a single platform, freeing customers from having to patch together multiple tools for cloud security.
  • Coverage without friction — Orca covers 100% of workloads across cloud environments and requires a quick, one-time infrastructure-level integration regardless of how many workloads a customer has.
  • Contextualized risk assessment — Orca puts an end to alert fatigue by prioritizing the alerts that really matter to security teams. Orca assess risk not just based on the underlying security issue, but also its exposure and impact on the business.

The power of Orca’s technology is evident in talking to its customers. They love Orca — and love is a rarely used word among IT providers discussing vendors! Orca gives customers the visibility and control they want and need. Customers frequently highlight the power of Orca’s seamless implementation and fast time-to-value, as well as its unparalleled breadth and depth of coverage. Orca’s growth has been tremendous, as it has quickly become the central security solution for many forward-thinking enterprises.

CapitalG’s Investment in Orca Security

Read more about what Orca is building here!

CapitalG

Insights from Alphabet’s Independent Growth Fund

CapitalG

We unlock the talent, passion and strategic expertise of Alphabet’s leaders for you. We combine this wealth of knowledge with our own, gained from our portfolio companies’ growth stories, and our own experience as investors, operators, former Googlers and entrepreneurs.

CapitalG

Written by

CapitalG

We are Alphabet’s independent growth fund

CapitalG

We unlock the talent, passion and strategic expertise of Alphabet’s leaders for you. We combine this wealth of knowledge with our own, gained from our portfolio companies’ growth stories, and our own experience as investors, operators, former Googlers and entrepreneurs.

Medium is an open platform where 170 million readers come to find insightful and dynamic thinking. Here, expert and undiscovered voices alike dive into the heart of any topic and bring new ideas to the surface. Learn more

Follow the writers, publications, and topics that matter to you, and you’ll see them on your homepage and in your inbox. Explore

If you have a story to tell, knowledge to share, or a perspective to offer — welcome home. It’s easy and free to post your thinking on any topic. Write on Medium

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store