Cloud Security, Security Operations
Kivera integrates controls into Cloudflare One to prevent cloud misconfigurations
Michael Novenson (Michael Novenson) •
October 8, 2024
Cloudflare has acquired a cloud security startup led by a former Armis, Tanium and IBM executive to reduce cloud misconfigurations and enhance security while using the cloud.
See also: Webinar | Identity Crisis: How to combat session hijacking and credential theft with MDR
The San Francisco-based cloud connectivity vendor said its acquisition of New York-based Kivera will enable built-in security measures that reduce the risk of misconfigurations and human error in the cloud. Integrating Kivera into Cloudflare One will give businesses enhanced preventative controls, reduce shadow cloud infrastructure risks and simplify compliance enforcement.
“Almost every organization uses multiple clouds now to support their business, but that can translate into more risks and unintended errors,” Matthew Prince, co-founder and CEO of Cloudflare, said in a statement. “By integrating the Kivera team and technology, we will be able to better help all of our customers work with any large cloud provider in the most secure and reliable way.
Terms of the acquisition were not disclosed, and Cloudflare executives were not available for additional comment. Cloudflare stock rose $1.27 — or 1.58% — to $81.76 per share in Tuesday trading (see: Cloudflare Buys BastionZero to Protect Critical Infrastructure).
How customers benefit from using Kivera technology
Founded in 2020, Kivera employs 14 people and completed a $3.5 million seed funding round from General Advance and Round 13 Capital. The company has been led since June 2023 by Joe Lea, who previously served as president of military security company Shift5, vice president of product at Armis, chief product officer at Tanium and director of IBM's WebSphere application server product line management team.
“Current approaches to cloud security don't work, and instead overwhelm security teams with alerts that could and should be prevented in the first place,” Leah wrote on LinkedIn. “Today, our customers implement effective preventative controls that prevent cloud misconfigurations from occurring in the first place and eliminate wasted remediation time.”
Kivera's technology enables cloud configurations to be executed in real-time, preventing security breaches caused by human error such as misconfigurations and policy inconsistency, according to Cloudflare. With misconfigurations accounting for the majority of cloud data breaches, Cloudflare said Kivera's technology will play a pivotal role in addressing security challenges in multi-cloud environments.
“For too long, cloud computing adoption has left security teams within organizations playing catch-up,” Vernon Jefferson, co-founder of Kivera, said in a statement. “While they do their best to ensure that sensitive company data is protected and compliance obligations are met, they are bombarded with alerts that they then have to investigate. We believe there is a better way.”
By 2027, Gartner predicts that 99% of compromised cloud logs will be the result of user misconfigurations rather than cloud provider errors. With Kivera, Cloudflare will leverage its single-vendor SASE platform. Specifically, Cloudflare said Kivera will provide customers with an enhanced ability to detect misconfigurations, enforce data limits, and seamlessly manage cloud security compliance across cloud providers.
What's different about Kivera's approach to cloud security?
With Kivera, businesses can now prevent security misconfigurations and breaches before they happen, which Cloudflare said is a significant step forward from traditional reactive security approaches like cloud security posture management. Once Kivera is integrated, Cloudflare said businesses will benefit from one-click protection that prevents cloud breaches caused by misconfigurations and human error.
Kivera enables companies to define boundaries around cloud resources to prevent unauthorized access to data and reduce risks associated with unmonitored cloud infrastructure by enforcing pre-defined standards for cloud interactions. With Kivera, Cloudflare said customers can automatically enforce compliance with key regulatory frameworks.
Cloudflare said Kivera's proactive approach differs from traditional approaches such as cloud security posture management and infrastructure-as-code tools, which often only alert teams after an issue occurs. Kivera will help enable centralized security management, providing DevOps-friendly preventative controls for cloud deployments and securing the complex landscape of modern cloud infrastructures, Cloudflare found.
Kivera is Cloudflare's fifth acquisition of 2024, and comes just four months after the company purchased zero-trust infrastructure access startup BastionZero for $13.1 million to secure remote access to critical infrastructure. In April 2024, Cloudflare purchased observability startup Baselime to enhance developer experience on serverless platforms as well as open source publishing platform PartyKit (see: Cloudflare Enters Observability Space with Baselime Purchase).
In March 2024, Cloudflare acquired multi-cloud networking startup Nefeli Networks to enable better network management and security within the cloud.
