Concept: Illinois’s cybersecurity startup oak9 has launched an industry-first infrastructure as code remediation technology to help developers automatically maintain security and compliance without sacrificing speed. The platform helps to accelerate cloud-native application development.

Nature of Disruption: The platform provides developers with suggested changes directly within their code repository along with a pull request created by oak9. It offers a side-by-side comparison showing compliant code against security gaps. The platform also explains why the code was flagged and then empowers developers with the choice to remediate the code with one click. oak9 monitors security changes on a recurring schedule throughout the entire DevSecOps lifecycle, including post-deployment where developers can continue to take advantage of automatic remediation. Oak9 claims that the new technology can reduce costs and increase time to market. Users can easily integrate the platform into the software development lifecycle, consistently analyze infrastructure as code (IaC), and natively incorporate security based on a holistic view of an application’s architecture and components. oak9 is available on the Amazon Web Services (AWS) marketplace and Azure marketplace.

Outlook: Cloud-based application development is gathering traction as many enterprises are moving to cloud operations. This has increased the necessity to guarantee cloud-native application security at the earliest stages in the development lifecycle. oak9 claims that the new automated remediation capability can enable accelerated cloud-based application development while maintaining security and compliance. The new platform points out security and compliance issues as soon as code changes and also provides insights to developers, enhancing the applications. In June 2022, oak9 raised $8 million in an additional round of financing including Cisco Investments and Morgan Stanley’s Next Level Fund. The startup aims to use the funding to expand its free community version and introduce a new generation of Security as Code offerings.

This article was originally published in