Erkang Zheng, Founder and GM
Today, a typical cloud-based software company with sizeable operations has thousands to millions of resources and entities that change frequently. In such a complex scenario, what this translates for the security and compliance teams is the difficulty in ascertaining whether these entities are correctly configured and compliant, and understanding the numerous interconnections between them. “It is nearly impossible to have the relationship and context-driven visibility of the entities because of the humongous amount of data,” begins Erkang Zheng, Founder of JupiterOne. Another bottleneck stems from the fact that the competent accomplishment of security and compliance drastically slows down the business in a scenario where speed is of the essence. “We are simplifying security by leveraging automation,” begins Zheng.
JupiterOne’s unique API-based, data-driven platform uses an innovative graph data model to enable security at DevOps speed while facilitating holistic management of an organizations’ cloud-based infrastructure. The relationship and context-driven visibility provides cloud and SaaS providers, irrespective of domain, an understanding and insight into their digital environments in terms of entities, and their relationships.
Elaborating on their key differentiating points, Zheng says, “Humans can’t analyze huge volumes of data from an Excel spreadsheet. Even a traditional database fails in garnering insights into the interrelationships between the data.” The impossibility of analyzing large amounts of data using a traditional database is eliminated with JupiterOne, which aggregates the data and captures every single element’s configuration, plotting the relationships using a graph data model. “We have developed a query language on top that allows us to get robust responses from the data trove,” adds Zheng.
JupiterOne’s architecture is designed to be a single source of truth for all security operations and compliance.
JupiterOne’s extensive integration and automation capabilities enable users assess their security posture across all of their environments from a single location, in real-time
The data aggregation platform integrates with more than a dozen AWS services, as well as more than a dozen security and DevOps tools. “JupiterOne’s extensive integration and automation capabilities enable users to assess their security posture across all of their environments from a single location, in real-time,” explains Zheng.
JupiterOne’s automation approach helped one of their customers reduce 90 percent of their manual effort in collecting compliance evidence. In yet another instance, a customer had found it extremely difficult to quickly search and understand their environment comprising more than 50 AWS accounts and millions of entities. Today, with JupiterOne, they can get their answers within seconds.
The user-friendly approach of JupiterOne enables customers to connect their data using the APIs on its open platform merely with an account. Also, the user has the flexibility to extend and develop on the platform and query the data across the entire digital environment with JupiterOne’s simple query language. Just like in Google Search, a user can ask questions and view results as a list, or as a visual representation of interrelationships and connections of the environment through a graph, similar to Google Maps.
The company takes a data-driven, non-discriminant approach to compliance in which a user can import compliance frameworks that apply to their organization. The platform permits users to customize the uploaded compliance framework and further map the data using queries to provide data-driven evidence to each compliance requirement. Furthermore, JupiterOne’s automated approach facilitates continuous compliance with the users notified about any change in their cloud environment. JupiterOne is helming a compliance evolution with its continuous governance.
JupiterOne has scaled its platform to cover millions of resources in its graph database. On an innovation spree, the company’s short-term plans include the addition of advanced analytics capabilities to discern more insights from the data.