Prior to using Helix, we were using all of the cloud native solutions available at a time from AWS and Microsoft Azure. Even then, they were fairly immature, as it was a new space before they started releasing some capabilities. This was before their cloud security model to manage cloud native resources, like serverless computing and others. It was the traditional methodology of managing virtual machines like you would do on-premises.

We used some of the BMC automation solutions dating back to BMC BladeLogic to manage those workloads. But those solutions were not meant for cloud native resources, dealing with things like serverless computing, Lambda Functions, and so forth in a cloud construct. Before, there was really nothing that we were using except for good old best practices and human intervention.

We were using the solution before it was BMC Helix and TrueSight Cloud Security. It was always cloud native. However, BMC unified their branding messaging, releasing new products on the BMC Helix platform. They brought cloud security into it. About a year and a half ago, it was made available and we've been using it from the early days. We have been providing feedback from the beta phase to where it is today.

Scale helped us come to the realization that we needed something like Helix Cloud Security. With manual labor and referenceable cloud architecture best practices, you can deploy it once and it's hard to track over time, especially when there is a DevOps methodology involved. So, it was scale and agility of the cloud. The rate that new services are released by cloud vendors made it almost impossible to do anything else.

We didn't have a previous cloud solution. We had the responsibility ourselves. When we would set up an account or a resource in the cloud, we would go through what needed to be done to secure it. Having Helix Cloud Security saves us time it would take us to do that. We still have to do some setup of proper protocols, but when you attach this tool and scan your resources, it catches things you may have never seen: an open S3 bucket, or that the routing security groups to AWS are wide open. We know what we need to do, but sometimes that doesn't get transferred to the keyboard to do it. This tool is like that double-checker in the back of the room saying, "Hey, by the way, you forgot to do this." It really catches those potentially big vulnerabilities that may be detrimental to our organization.

We realized we needed a tool like this as we moved more to the cloud. More companies are going to the cloud and using the cloud on a more frequent basis. We all know that there are vulnerabilities out there that people would want to access and use to do things that shouldn't be done. So we needed to have a tool in place to be that "big brother" to catch the things that we didn't catch, or that we didn't do during the creation of the resources.