Why We Need the Open Cloud Security Movement

I’ve spent the last 26 years working with Open Source—UNIX and Linux, Apache and nginx, Docker and Kubernetes, Envoy and Istio. Always building security solutions. Always working with companies that elevate user and customer experiences through Open Source innovation.

Thankfully, we no longer have to convince anyone that Open Source makes life better. That’s not an opinion—it’s a fact. But when it comes to cloud security and Open Source, I believe we need to reinforce some key principles.

The Cloud Security Challenge

Securing cloud environments is one of the biggest challenges organizations of any size face today. It reminds me of the early days of Windows, Linux, and even UNIX—configuring and securing them properly was (and still is) no small feat. (Hola, XDR vendors!)

To put things in perspective:

• Linux 6.x has around 550 system calls
• Windows 10 has 1,500
• Solaris has 300

Now, think about cloud service providers (CSPs) as the new operating systems. We use AWS, Azure, GCP, and others to build applications, migrate workloads, and solve new problems using their pay-per-use services.

And here’s where it gets wild:

• AWS supports over 15,000 actions
• Azure has nearly 19,000
• GCP exceeds 10,000

That’s before you even account for all the operating systems running on top. If we compare CSP actions to OS system calls, the sheer scale of complexity becomes clear. This is the massive surface area we have to understand, configure, and secure. It’s overwhelming.

The Open Source Imperative

The opportunity here is huge. Companies of all sizes are stepping up to help customers secure cloud environments—and yes, making a good profit while doing so (which is totally fair). Just look at recent headlines about multi-billion-dollar acquisition offerings in cloud security.

But here’s the thing: There’s no way to secure this scale of reality without Open Source.

And I’m not just talking about the thousands of helpful scripts on GitHub that save us time automating tasks. I mean entire Open Source applications and platforms that solve real, complex security problems.

This is why we believe in the Open Cloud Security movement—and why we’ve written the Open Cloud Security Manifesto:

Open Cloud Security Manifesto

Empowering Cloud Security through Transparency and Collaboration

This manifesto outlines our foundational beliefs and strategic direction, aiming to catalyze widespread support and participation in securing the cloud through open source principles.

Introduction

We are pioneering a movement that champions the integration of openness, transparency, and collaborative innovation in the field of cloud security. The Open Cloud Security movement is not just about protecting systems and data, it’s about building a foundation of trust and resilience that spans across enterprises, public organizations, small businesses, cloud security community of practitioners and individual users globally.

Our Vision

We envision a world where cloud security is no longer siloed but is a shared responsibility, achieved through the power of open source collaboration and innovation. Our movement aims to ensure that every organization, regardless of size or industry, has access to world-class security tools (like Prowler) and practices that are robust, transparent, and helpful. Our commitment is to lead this movement to protect data and systems in the cloud.

Core Principles

1. Transparency and Openness: Security tools should be open for review. We believe transparency leads to trust and better security outcomes. By making our products fully transparent, we enable users to understand, evaluate, and contribute to their security mechanisms.
2. Collaboration: We view the challenges of cloud security not as competitive edges but as common hurdles. Security is a collective challenge that benefits from diverse perspectives. We will foster an environment where businesses, developers, security experts, practitioners, and end-users collaborate freely to identify vulnerabilities, provide detections, devise remediations, solutions, and strengthen defenses.
3. Accessibility: We commit to making our security solutions accessible to all. This includes providing open source licensing that encourages innovation and application in any context, from enterprise to personal use, without financial barriers.
4. Innovation: By harnessing the collective intelligence of the global tech community, we will continuously advance and refine our security tools (Prowler and py-ocsf-models so far). We encourage experimentation and innovation to address emerging threats and changing landscapes.
5. Education and Advocacy: We will actively work to educate the market and community about the importance of Open Cloud Security. Sharing tools along with knowledge and best practices will be central to our approach, ensuring that everyone is empowered to protect themselves in the cloud.
6. Resilience and Adaptability: In a rapidly evolving digital world, adaptability is key to resilience. We commit to adapting our tools and strategies in response to new threats and technologies, ensuring our community is never left behind.

Commitments

• Open Source: All our tools are released under permissive licenses to encourage widespread use and improvement.
• Community Engagement: We will maintain active dialogue with our user community to guide our development priorities and strategies.
• Standards and Best Practices: We will lead by example, adhering to high standards of security and ethical practices, and will advocate for these standards throughout the industry.
• Privacy and Security by Design: Privacy will be a cornerstone of our development philosophy, ensuring that user data is protected by default.

Join us in this vital movement. Whether you are a cloud practitioner, a developer, a business leader, a security expert, or a user. Contributing code, using our tools, or advocating for open security practices, your participation is vital. Together, we can build a safer, more transparent cloud environment that serves everyone, everywhere, without compromise.

The Open Cloud Security movement is about more than just software, it’s about setting a new standard for how technology is integrated into our businesses then into our customers/citizens. It’s about building trust and creating a secure foundation for the future of the internet. We are more than a startup; we are a community of innovators committed to securing the cloud through open source collaboration. Let’s protect our digital future together.