Startup Native Targets Enterprise Policy-to-Architecture Gap Across Clouds
A promising startup, Native, has recently emerged from stealth mode with substantial backing of $42 million, aimed at evolving the way organizations enforce security policies into actionable cloud architecture. The startup was founded by Amit Megiddo, a former product leader at Amazon Web Services (AWS), and is strategically positioned to capitalize on the increasing complexities of security within cloud environments.
The funding, led by Ballistic Ventures, which constituted $31 million of a Series A round, is designed to assist Native in tackling more sophisticated use cases related to artificial intelligence security. Megiddo emphasized that the startup offers organizations the capability to replicate and enforce security architectures across various environments. This innovation aims to enhance operational efficiency while reducing the reliance on specialized personnel.
Megiddo expressed confidence in Native’s potential, stating, "There’s something real here that now we feel is ready for the market." He pointed out that the initial $11 million seed funding was instrumental in forming a robust R&D team, refining a product that holds significant value for enterprises, and facilitating its deployment across various organizations. Founded in 2024, Native has steadily grown its team to 38 employees, led by Megiddo who previously directed the AWS GuardDuty threat detection service and spent over a decade in Israeli Military Intelligence.
Translating Security Policies Into Enforceable Controls
Native’s decision to remain clandestine until it achieved tangible validation from Fortune 100 and Fortune 500 companies highlights its commitment to delivering a product that meets real-world operational standards. Megiddo noted that the company is dedicated to ongoing research and development to ensure that its offerings evolve in response to increasingly complex enterprise needs.
"We wanted to see a certain level of traction in the market and validation from the market working behind the scenes and still in stealth," Megiddo explained. With initial traction secured, the next step for Native involves amplifying its market presence and enhancing distribution strategies.
Many organizations today have broad security policies but face challenges in translating these abstract directives into enforceable, operational controls within intricate cloud environments. Native provides the capability to configure and maintain cloud setups, ensuring that desired security outcomes are inherently upheld through predefined policy frameworks adaptable across different environments.
"Everyone has this policy written somewhere in a document," Megiddo observed. "But turning that into enforceable architecture that evolves with the environment is extremely challenging in one cloud, let alone across clouds." By architecting the environment in a way that inherently enforces security policies, Native addresses a significant gap in cloud security posture management.
Organizations that have heavily invested in securing a single cloud, such as AWS, often find it arduous to replicate those security measures across other platforms like Azure, Google Cloud, or Oracle. This struggle makes Native’s solution particularly valuable for large-scale enterprises; it facilitates the extension and standardization of security architecture across diverse platforms without the need for redundant efforts.
Ensuring AI-Generated Code Doesn’t Violate Security Policy
In addition to enforcing traditional security measures, Native is also expanding its focus to integrate identity and network controls while implementing segmentation between production and non-production environments. The startup aims to enhance security around AI workloads, thereby addressing multifaceted issues that go beyond basic policy enforcement.
Megiddo explained that as businesses increasingly utilize AI, the subsequent code generated can result in misconfigurations or unintended exposure of sensitive data. Native tackles this challenge by instituting guardrails that ensure any modifications driven by AI systems adhere to established security protocols. Businesses need to be assured that their AI systems are functioning within defined parameters, utilizing approved data, models, and environments. Native is committed to translating AI-related policies into enforceable controls, thereby strengthening organizational security.
"As agents and large language models start to write code, the potential impact on infrastructure changes could jeopardize the integrity of their environments," Megiddo warned. "It’s essential to architect environments in ways that prevent such occurrences, allowing organizations to leverage AI effectively while adhering to needed safeguards."
Differing from traditional tools like Cloud Native Application Protection Platforms (CNAPP) and Cloud Security Posture Management (CSPM), which primarily provide visibility into security issues, Native emphasizes the enforcement and orchestration of native cloud controls. While competition will inevitably arise in the coming months, Megiddo believes Native’s first-mover advantage, combined with its comprehensive vision, sets it apart from emerging players.
"In a market defined by need, you can bet that other companies will follow suit in the coming six to 18 months," he asserted. "However, our approach fundamentally differentiates us. We hold a broader vision for addressing these security challenges."
Through its innovative approach, Native aims not just to improve cloud security but also to redefine how enterprises think about policy enforcement in an era dominated by rapid technological advancement.