We are big supporters of open-source security tools and even employ some of them ourselves. However, it’s not always the right answer. Deploying and managing the infrastructure and software updates becomes your responsibility. These tools don’t always scale effectively and may lack a complete user experience. Furthermore, you shoulder the cost of the infrastructure, and even top-notch tools often lose their maintainers and lack support.
Going Free Instead of OSS
When we made the decision to contribute to the community, we contemplated open-sourcing all or part of our platform. However, due to its complexity, it wasn’t well-suited for that kind of release, and creating a version fit for release would have required a significant amount of additional effort. We simply didn’t have enough developers to convert it over, and user maintenance would have been quite extensive. Instead, we chose to release a free version. While it may not offer all the bells and whistles, it’s free, has unlimited scope, and will remain free indefinitely without inundating you with marketing messages.
Users still have access to a comprehensive suite of assessments (perhaps even too many—we’re about to make some adjustments to reduce noise) and all the benefits of an enterprise-grade tool. However, Cloud Defense Free does have certain limitations to enable its continued operation. It only checks your deployments once a day, lacks our real-time capabilities, and maintains inventory for a shorter period. For obvious reasons, it doesn’t include everything we’ve developed (such as Just-in-Time authorizations for AWS). After all, we need to support our families. Nevertheless, Cloud Defense Free was designed for those of you that simply require basic CSPM without the burden of paying the ridiculous security tax to get it.
(Seriously, cloud providers should be giving this much away for free).
Benefits Over Open Source CSPM
The advantages are clear: you don’t need to manage infrastructure, host or pay for it, learn how to deploy or configure anything, worry about updates, you can switch it off whenever you want if it isn’t working for you, and you get a constantly updated library of checks. In under 10 minutes, you can be up and running, scale to thousands of accounts, eliminate maintenance concerns, enjoy a pretty good user experience, never spend a dime, and avoid being incessantly bombarded with upgrade emails.
We’re not attempting to compete with open-source CSPM. Some of you may have excellent reasons to choose that route, particularly if you have the time and technical skills and desire things to operate in a specific manner. However, we believe there’s a significant segment of organizations and individuals who could benefit from something more accessible and cost-effective to maintain. This is where Cloud Defense Free comes into play—a valuable addition to your toolkit and our way of supporting the community, even though releasing open source software wasn’t the right fit for us. You can check the cloud security box in 10 minutes or less, for free.