Orca Powers Cloud Security for Digital Turbine

Digital Turbine Connects the Mobile Ecosystem through Innovative Experiences

Digital Turbine (NASDAQ: APPS) powers superior mobile consumer experiences and results for the world’s leading telcos, advertisers and publishers. Its end-to-end platform uniquely simplifies the ability to supercharge awareness, acquisition and monetization — connecting Digital Turbine’s partners to more consumers, in more ways, across more devices. DT’s platform sits at the heart of the world’s most popular connected devices. The company’s technology is embedded in over 800 million mobile devices globally – and its app advertising solutions reach over 1.2 billion users each month.

Digital Turbine has been a cloud-native business from the beginning. At this writing, the assets and workloads are predominantly on AWS, but the company is transitioning part of the workloads to GCP for long-term strategic reasons. One of those factors is Google’s expertise in Kubernetes orchestration through Google Kubernetes Engine (GKE). Digital Turbine has a directive to containerize its apps as much as possible.

All in all, the company has a very modern tech stack that allows Digital Turbine to be as nimble as possible. Partial transition from AWS to GCP is an opportunity to modernize the cloud architecture even more by utilizing features that GCP has around continuous orchestration.

“With assets on both AWS and GCP, we need a multi-cloud security solution. Orca fills that need.”
Vivek Menon


Orca Security is Key for Digital Turbine’s Cloud Security and Compliance Efforts

Enabling agility through security automation is a high priority for Vivek Menon, the company’s Vice President and Chief Information Security Officer. As the top executive responsible for cybersecurity and IT compliance, Menon is always looking to improve the company’s security posture and level of IT compliance with important security frameworks. He has a relatively small staff, so automation in their chosen security tools is important. This is one of the factors that led them to Orca Security.

“We have to do more with less,” says Menon. “We don’t have a lot of people who can inventory all our assets and figure out what new instances were spun up last night, or how many new instances are running today. One of the first things that attracted us to Orca is that we don’t have to worry about keeping an asset inventory because a lot of this will be done by Orca itself. Plus, the fact that Orca is agentless is great.”

Orca Delivered Value Almost Immediately

Menon first took notice of Orca when it helped Fyber, a recently acquired company, identify all the Log4j issues they had. “There was a lot of momentum on how quickly the Fyber team was able to react and fix things. We thought, if Orca can do this for Fyber, the rest of Digital Turbine should try it too.” They did, and they were hooked.

Menon was impressed with the onboarding process. He says it took just a day or two to get Orca up and running and returning valuable data showing areas for improvement. “Orca delivered value practically from the first day,” says Menon.

One of the main uses for Orca was detecting vulnerabilities in the cloud workloads. Digital Turbine uses a lot of vendor images to drive their containers. “We were seeing that most of the vulnerabilities we have are because some of the vendor images are out of sync from a versioning point of view,” Menon says. “Before Orca, it required a manual effort to figure out where those vulnerabilities were. But now with Orca, we know exactly which vendor has the vulnerabilities we are trying to mitigate. Orca provides us with a log trail that enables us to have discussions with the vendors about upgrading their images.”

“Orca pinpoints the vulnerabilities in containers so we can mitigate them quickly.”
Vivek Menon


A remote worker is sitting at cafeteria and typing report or project on a laptop while sitting in coffee shop.

Orca Measures Alignment to Critical Security Framework

Menon has several compliance goals for the organization he leads. When he first joined the company, his team agreed to anchor their security program on the NIST Cybersecurity Framework, leveraging the framework to write security policies and objectives. “Orca tells us our percentage of alignment to NIST CSF,” says Menon. “It tells us whether we are doing all the right things, whether there is adherence to the framework, whether we need to course-correct, and whether we need to talk to a particular business unit on what they need to do to get us back in alignment.”

Digital Turbine is a public company, so compliance with SOX regulations is a must. “The Chief Accounting Office handles the financial components of SOX, and my team ensures that we meet the SOX IT General Controls,” says Menon. Orca helps with those requirements by persistently monitoring the security status of the cloud estate.

And while it’s not mandated, Digital Turbine and the security team are targeting SOC 2 compliance in the future. “We leverage Orca’s compliance alignment feature to make sure we are on track and improving every month,” says Menon. “When we go for our SOC 2 attestation, Orca will put us in a position where the attestation will come through readily.” 

“We can easily measure our progress toward regulatory requirements and the NIST security framework.”
Vivek Menon


The Relationship with Orca Is a Differentiator

Menon values the relationship he has with Orca. “More than anything else at this juncture, it is the relationship we enjoy with Orca that matters more than tool features and functionality,” according to Menon. “When we are in a situation where we need some additional help or special consideration as a customer, Orca is willing to help us. That matters more at this point than product features.”

He cites an example of Orca’s reporting capabilities. Menon would like to see a dashboard or a report that can take the common metrics that the Board of Directors at his company would care about and translate how Orca is able to help improve conditions behind those metrics. “I talked to our Orca representative about this request and he reports that they are making progress on delivering it. That’s a good example of the relationship we have with Orca. Their success is based on our success.”