Press "Enter" to skip to content

Aqua Security Acquires CloudSploit

Aqua Security announced today it has acquired CloudSploit, a provider of tools for monitoring configurations of cloud services.

This acquisition further extends the reach of an Aqua Security portfolio beyond containers, virtual machines and serverless computing frameworks to include service posture management, says Rani Osnat, vice president of strategy for Aqua Security.

The acquisition of CloudSploit marks the second acquisition Aqua Security has made this year at a time when many of the pioneers of cloud-native security platforms such as Aqua Security are being acquired themselves. Aqua Security last August acquired Trivy, a provider of an open source tool for scanning open source code.

Misconfiguration of cloud services has become a major issue because most of the developers that employ public cloud computing services are not experts when it comes to provisioning IT resources. Many of them assume that cloud service provider is proactively managing security on their behalf only to discover when it’s too late that, for example, a port has been left wide open. That creates an opportunity for channel partners to add monitoring tools such as CloudSploit to their services portfolio.


Are you struggling to execute the mechanics of your channel strategy?

If so, check out Channel Mechanics, they offer a complete line of SaaS solutions to manage all aspects of your channel. Demos, NFRS, MDF, Promotions, Partner Leveling… they have over 20 specific solutions to help you get the most out of your partner ecosystem.


The overall goal is to provide tools that make it possible to shift responsibility for application security as far left as possible on to the shoulder of developers, says Osnat. By making those tools available to developers, security then becomes an integrated element of a set of best DevSecOps practices. Cybersecurity teams are still typically responsible for monitoring security once an application is deployed in a production environment.

“We think there will be more segmentation of duties,” says Osnat.

The approach should greatly reduce the number of vulnerabilities that could be potentially exploited by cybercriminals.

Of course, there will never be such a thing as perfect security. Nevertheless, channel partners should be paying close attention to how the way cybersecurity is managed and maintained is evolving if they hope to say relevant. After all, providing a service that solves a problem that has already been relegated back to the application developer may have limited appeal. On the plus side for managed security services providers (MSSPs) may one day soon discover the overall IT environment a lot less painful to secure than it is today. In the meantime, managed service providers (MSPs) should be more aggressively scanning the environments they support for misconfigurations that will inevitably create a problem at the worst time possible.

Be First to Comment

Leave a Reply