Application Security Comes into Further Focus with Intent to Acquire Portshift

Blog Post by Liz Centoni Senior Vice President and General Manager IoT at Cisco

As the proliferation of cloud-native apps continues to accelerate with the aim to transact business efficiently and securely from anywhere, the security landscape is converging toward protecting both people and applications. Business agility requirements are pushing security up the stack and earlier in the application development lifecycle​, accelerating time to results. As these cloud-native apps become more pervasive, application and workload security take on a higher priority.

Given these motions, Platform Engineers and Cloud Architects have been focused on value-added services that provide:

  • Velocity, with visibility and control
  • Simplicity, along with security
  • Flexibility and portability, without any lock-in
  • Minimal-toil operating model, with ‘as-as-Service’ consumption

In order to help and empower our customers and partners, Cisco aims to deliver security solutions for these cloud-native development environments and to add application security constructs much earlier in the development lifecycle – a paradigm being referred to as Shift Left. We want to empower enterprise application developers by increasing agility and time-to-market, while significantly mitigating the risk of developing across multiple API environments.

From the Velocity and Simplicity perspective, this implies developing new application and workload security​ software services that provide seamless button-click deployment of a robust security framework into customers’ CI/CD pipelines and their eventual production runtime environments​.

From the flexibility, operating model and teams standpoint, it implies providing the application developers, the security teams, the platform teams and all SRE teams in the dev-deploy chain, the appropriate context, policy enforcement, vulnerability management, risk management, and runtime security and observability hooks. This also implies providing SecOps teams and CISOs the continuous and real-time compliance reporting they need.

Cisco plans to tap into our enterprise experience and market leading assets in security, visibility and insights, application performance management, and networking and build on what has been already deployed in this space. This will act as a catalyst for providing end-to-end application and API security solutions for cloud-native, application-first businesses.

I am pleased to announce that we have officially entered into an agreement to acquire Portshift, a privately held company based in Tel Aviv, Israel, specifically focused on application security solutions. Today, the application security space is highly fragmented with many vendors addressing only part of the problem. The Portshift team is building capabilities that span a large portion of the lifecycle of the cloud-native application. They bring cloud native application security capabilities and expertise for containers and service meshes for Kubernetes environments to Cisco, which will allow us to move toward the delivery of security for all phases of the application development​ lifecycle.

Portshift aligns to Cisco’s approach of providing secure connectivity between users, devices and apps, wherever they reside; visibility and actionable insights from the end user to the application; a simplified consumption model that includes cloud-first Secure Access Service Edge (SASE) capabilities; commitment to an open source and open standards philosophy; and breaking down the siloes between developers, security teams, infrastructure teams, operations and SRE teams.

When the acquisition closes in the first half of Cisco’s FY21, the Portshift team will join Cisco’s ET&I group. We are thrilled to have the Portshift team join Cisco!