The Architectural Divide: Observability without Enforcement
I spent years building Splunk into one of the most important visibility platforms in enterprise security. And one thing I learned that I’ve never been able to un-learn: being able to see everything in your environment is necessary, but not sufficient.
If observability doesn’t translate into enforcement, you’ve got expensive situational awareness and an unsolved problem. This is what I call the Architectural Divide, the growing structural gap between the rate at which organizations deploy cloud workloads and the ability of their security architecture to enforce consistent, real-time policy across them. The root cause isn’t talent or tooling. It’s architecture. The security models most enterprises rely on were designed for a world that no longer exists.
The most effective CISOs I know build security from the same three-legged foundation: identity and access, endpoint, and network. In the on-premises world, all three legs held. In cloud, things are different.
Endpoint, the second leg, is in structural decline. Serverless functions execute in milliseconds. Containers spin up and disappear before an agent can install. Ephemeral AI workloads process data through API calls that never touch a surface where traditional endpoint security operates. You cannot install an agent on what you don’t control, and in cloud, the list of what you don’t control grows with every deployment.
At the same time, network, the third leg, has been widely overlooked as enterprises raced to adopt cloud. In every organization that I’ve met with in my 2+ years at Aviatrix, I’ve seen first-hand that an uncomfortable volume of high value traffic flows laterally between workloads without ever crossing a traditional inspection point. Policy must be re-expressed differently across every environment, and that inconsistency is exactly where attackers, and now agents, find the seam.
That’s the context in which I backed Native, which launched this week with $42M and a clear architectural thesis: a Cloud Security Control Plane that translates security intent into the native enforcement controls cloud providers have already built.
Native and Aviatrix: Securing Identity, Endpoint, and Network
I want to be direct about something: Native’s Cloud Security Control Plane is a complement to what we’re building at Aviatrix, not a competing architecture. They operate at the identity and access configuration layer, ensuring the controls that AWS, Azure, GCP, and Oracle have already built are actually operationalized at scale across multicloud environments. This is precisely where the first leg of the stool needs strengthening, and it’s a foundation most organizations are standing on unevenly.
AWS, Azure, GCP, and Oracle have invested billions in security primitives: IAM, security groups, service control policies, network policies, and more. The uncomfortable truth is that most enterprises leave an enormous amount of that protection on the table. Not because they don’t want it, but because operationalizing those controls consistently, across multiple clouds, at the pace modern development demands, has proven to be nearly impossible. Native solves that by starting with the security outcome, translating it into provider-specific configurations, simulating impact before deployment, and continuously keeping controls aligned as environments evolve.
Amit Megiddo led GuardDuty at AWS before founding Native. His co-founders Eyal Faingold and Gal Ordo led cloud security engineering at Check Point and built AWS Security Hub, respectively. These are people who built cloud security infrastructure at its source, not consultants wrapping a problem in a dashboard. That depth is the moat.
At Aviatrix, we work on the third leg: the network. Zero trust network segmentation, workload identity that isn’t tied to IP addresses, distributed policy enforcement across every cloud and every generation of workload. Native’s Cloud Security Control Plane strengthens the identity and access foundation. Aviatrix’s Cloud Native Security Fabric enforces the network layer.
These are not competing visions. They are the two foundations that cloud security has been missing in parallel, and which agentic AI has now made urgent in a way that every security leader needs to reckon with before their next deployment, not their next breach.
Consolidation is Coming
The Architectural Divide is not a future risk. It grows wider with every new cloud deployment, every new workload type, every AI agent that moves data across an environment that was never designed to see it. The consolidation that closes this divide is coming, just as consolidation came to network security, endpoint security, and every infrastructure domain before them.
The organizations that recognize this inflection point early will choose their architecture deliberately. Those that don’t will have it chosen for them by an audit finding, a compliance failure, or a well-meaning agent that didn’t know what it wasn’t supposed to share.
Pay attention to what Native is doing. Congratulations Amit, Gal, Eyal, and the whole team on an exceptional launch.
