“It has been a great experience working with the team. They have been an important innovation partner for us: operating with speed, execution agility, and accountability to help produce a high-quality product."
“The Zemoso team has executed very well in getting our versions out. They have been collaborative, iterative, and have delivered on code quality and performance. They have supported us as we take customer requirements and convert them into features that solve real problems. ”
Lorem ipsum dolor sit amet, consectetur adipiscing elit. Suspendisse varius enim in eros elementum tristique. Duis cursus, mi quis viverra ornare, eros dolor interdum nulla, ut commodo diam libero vitae erat. Aenean faucibus nibh et justo cursus id rutrum lorem imperdiet. Nunc ut sem vitae risus tristique posuere.
Lorem ipsum dolor sit amet, consectetur adipiscing elit. Suspendisse varius enim in eros elementum tristique. Duis cursus, mi quis viverra ornare, eros dolor interdum nulla, ut commodo diam libero vitae erat. Aenean faucibus nibh et justo cursus id rutrum lorem imperdiet. Nunc ut sem vitae risus tristique posuere.
The generic “we provide a security platform where one size fits all” approach no longer works. Each cloud, each system, and each cloud-hosted platform, codebase, and application comes with its own set of vulnerabilities. Paladin Cloud addresses that immediate, substantial challenge by identifying and eliminating blind spots in a company’s cloud environment and solving that with an open-source, security-as-code platform for developers and security teams.
With many enterprises accelerating their move to the cloud, “a holistic approach” to cloud security is the only way to ensure real protection for business assets. And Paladin Cloud’s founders wanted to deliver just that with a powerful and impactful security solution, where it’s open-source genesis would be its most incredible strength. It would deliver on every Chief Information Security Officer’s (CISO’s) top cloud security requirements — to detect, fix, and monitor the following five things most judiciously:
● Your security posture across all your enterprise assets (within the cloud environment)
● Misconfigurations within your cloud services and environment
● Unsecured access control points, denial of service attacks, and other vulnerabilities continuously
● Ability to deploy remedial actions to quick fix challenges with adequate alerts and automated fix workflows
After Paladin Cloud raised its Seed funding, our engagement focused on helping them with their product innovation: creating a new product by modernizing an existing open-source project with key features and functionality while upgrading existing services. Using a customized Design Sprint, we reached quick and continuous alignment, and leveraged Paladin Cloud’s domain expertise to launch the new product in three months.
We enabled Paladin Cloud to prioritize the following aspects of the product within that 3-month deadline:
The founding team had a clear vision to ensure that the time to value should be kept as minimal as possible. We worked with the founding team to create methodologies to ensure that users would be able to complete the installation and start securing their cloud in under 60 minutes.
We helped Paladin Cloud expand on its plugin-based architecture. The objective was to make its core adaptable and extensible to prepare not just for a variety of use cases, but to easily integrate with a company’s multi and hybrid cloud product strategy that would extend into an enterprise SaaS solution.
Paying attention to documentation: We helped develop proper documentation in and outside the repository as it plays a crucial role in driving adoption for an open-source project. Documentation minimizes the time spent on addressing fundamental questions from the community so that engineers could focus on larger issues raised. In partnership with the Head of Developer Success, WiKi and user guides became a critical feature of the product and an essential area of collaboration.
Community discussions: We also collaborated with the Paladin Cloud team to encourage community interactions and discussions. We used Gitter, Slack, and GitHub to encourage feedback and work on improvements.
Pull request and issue templates: We supported Paladin’s team to set up pull requests and issue templates with pre-populated information. These helped users capture the appropriate information about an issue quickly, and helped us resolve them faster.
Contributing readme: As part of the deliverables, we also co-generated a CONTRIBUTING.md file with information for the community about any development/release standards that they should be following. This provided clarity to the users and helped align on best practices being followed in the repository.
Release strategy communication: We worked with the customer team to create branching strategies that defined how they plan to release particular versions of their solution. This helped users prepare for what’s to come and plan their usage. During every new release, the team ensured that they highlighted the changes made for the new release to mitigate surprises.
Robust CI/CD pipelines: An intelligent Continuous Integration/Continuous Deployment (CI/CD) pipeline is non-negotiable for any product. We use it to ensure shorter feedback loops and to steadily make progress on product development milestones. It helped avoid long pull request times and having to manually test each community-raised pull request before we process it, streamlining development even more.
● A well-received, successful launch of its open source version in 3 months
● Techcrunch picked up Paladin Cloud’s product launch story and wrote about the technology in glowing terms
● Selected as a 2022 Red Herring Top 100 Global Company
We are lucky to collaborate with such amazing partners, and we're thrilled to continue working with Paladin Cloud in preparing to launch its enterprise version.
Check out the GitHub repo here. Please don’t forget to star. Also, the company has a very informative DevOps content library here. To get up to date with the cloud security do check it regularly.
P.S. Since we work on early-stage products, many of them in stealth mode, we have strict Non-disclosure agreements (NDAs). The data, insights, and capabilities discussed in this blog have been anonymized to protect our client’s identity and don’t include any proprietary information.