This is a guest post for the Computer Weekly Developer Network written by Tomer Weingarten is his position as CEO of endpoint security and ‘threat lifecycle’ specialist SentinelOne.
Weingarten argues that when you (any of us) have been in the tech industry for any period of time, you quickly grow tired of the word ‘platform’.
As we know, the tech industry consists of many organisations who all claim to have the same capabilities… and unfortunately platforms (and the claims that surround them) are often no different.
As the developer community in particular knows, not all “platforms” are equal. In fact, many of those vendors who say they have a platform may indeed have something that is platform-esque… but it is not a true platform.
It is very common to find companies who have purchased and installed products from several of these vendors find they still have several critical capability gaps. In most cases the promise of a platform turns out to be very limited, or overstated at best.
Weingarten writes as follows…
Many organisations use the word platform in their marketing simply because it sounds better, when what they actually have is a product.
In fact many “products” are, in reality, not even a fully capable product and are what I call a product feature. They exist as a stand-alone product because they were able to get funding and create a company. The problem is that you begin to have dozens of products installed, each one handling its own specific use case without greater integrated capabilities or benefits.
A platform eliminates this problem because you have a single product with mature, robust capabilities. In the security space the result is less management overhead with better security efficacy.
A true platform is open and has easy integration options. Some vendors out there are still touting an old product (sorry, platform!) developed many years ago – meaning their ‘platform’ is not open at all and can’t be integrated with anything easily.
If you don’t have a true, actionable platform, then you can’t have things like software development kits (SDKs) and open APIs. The importance of an API is significant because it affects security workflow by opening the path to integration with the ecosystem. A robust API also opens the door to greater automated workflows.
It’s nice to be niche
The lack of an SDK and full API can also affect security coverage. While many vendors support the major operating systems, such as Linux, Microsoft and Mac OS X, they do not have a good solution for niche operating systems such as an old Unix IBM system or a NetApp file server. In those cases a platform that offers an SDK dramatically increases the customisation of security operations or strategies.
A platform can be extended and integrated into the environment itself, not just the workflows.
For developers, without APIs and SDKs, products can be a bit of a dead end. In this new age of multi-vendor environments, you often find tens if not hundreds of different vendors in one organisation, meaning integration is a must. Our management platform has over 300 APIs. Those APIs allow us and our customers, to integrate, interoperate and automate with other security solutions, but also other types of systems.
APIs also enable you to build your own customised reports.
You can also query using the API in a flexible way based on your organisation’s needs and security policies. For example, you could ask for a monthly report on the admin users that have been created on a CEO’s machine to check it for anomalies.
For larger customers, you can use open APIs to stream data to your private cloud data lake.
Third-party hostage situation
Many companies sell software which they have built by relying on third-party software libraries that are obtained either open source or via OEM agreements. In order to truly be a platform it needs to be your own intellectual property. Companies should not have the possibility of being held hostage by excessive third-party software which they cannot control and influence.
But what does this mean in real terms?
Well, if you don’t actually own the platform you’re working on, you don’t have 100% control of it. So you could say that those vendors out there who are putting the time and effort in to painstakingly create their own platforms from the ground up are inherently more secure – because they’re in control.
They have also gained flexibility and agility. Features can be enhanced or created and bugs can be fixed at the drop of a hat because there is no need to wait for your third party developer to get up to speed. You can develop your product at a much, much quicker rate when you are independent in this way. The predictability and performance will be greater.
So next time you’re considering adopting a new technology, ask yourself this: is it something that your developers can talk to, interact with and harness information from, or is it a ‘platform’ in name alone, outdated and likely unfit for purpose?