Prancer Enterprise

CEOCFO-Members Login

October 7, 2019 Issue



Prancer Enterprise provides a Pre-Deployment and Post Deployment Multi Cloud Validation Framework for Secure Cloud Implementation




Founder & CEO


Prancer Enterprise



Farshid Mahdavipour

(424) 666-4586


Interview conducted by:

Lynn Fosse, Senior Editor, CEOCFO Magazine, Published – October 7, 2019


CEOCFO: Mr. Mahdavipour, what is the vision behind Prancer, Inc?  

Mr. Mahdavipour: Nowadays companies are moving their on-premise workloads to the cloud and they are using various techniques for doing that. For example, some companies are using manual provisioning of resources in the Azure or in the AWS cloud. To do that, they are browsing the cloud portal interface and then click and create resources and configure them. Other companies could use more advanced methods, because of their requirements to have more resources available in the cloud, so they are using some sort of automation. They may have engineered a solution for the automation or they may use provisioning engines like Terraform or some other types of available framework out there. By running the code, they can potentially provision a thousand different resources in the cloud.


The problem is applying security guardrails to the code to be deployed to the cloud. An engineer with the right access to the cloud could potentially deploy resources and apply configurations, which is not complied with the security standards of the company.


Prancer is doing the pre-deployment validation of the infrastructure code that is being deployed to the cloud. It does pre-deployment security scanning of the code to make sure the code complies with the company security guardrails. And also post deployment scanning of the monitored resources in the cloud. In this term, we are a continued compliance security software scanning the cloud to make sure all the resources over there are up to the standards and there is no configuration drift in the cloud provider, either code or manually changing the attributes.


CEOCFO: How are you able to do that? 

Mr. Mahdavipour: In the Prancer framework, we have different connectors to connect to various cloud providers. Those cloud providers could be Azure, AWS or google cloud. And also Prancer has a connector to connect to the git repositories and file system. Prancer can crawl the cloud provider to find resources available there. And based on the available compliance tests, it does the validation of the resources to make sure those monitored resources are up to the standards. Any out of compliance item will be reported to the parties.   


CEOCFO: Are people aware of Prancer today? What is the market like today?

Mr. Mahdavipour: For that, scanning of the code for the infrastructure deployment, Prancer is the only player in the market and there is no other product that can do the pre-deployment scanning based on the compliance that the company has. However, for the post deployment and continued compliance there are other software available in the market. So there is no product in the market that can do both pre-deployment and post deployment security scanning of the monitored resources.


Usually, enterprises are interested in this product because if they have a huge implementation in the cloud with thousands of resources, it is hard or nearly impossible for the human to check all the attributes and all the configurations on a daily basis and make sure that everything is up to their standards. They should have some automation for their validation based on the infrastructure code being deployed to the cloud and also post deployment validations. Therefore, the market is any enterprise utilizing the cloud for their business. And as you are aware of that, the market cap is hundreds of billions of dollars!


We are promoting Prancer validation framework through social media, local events, conferences and exhibitions. And since the core framework is open source, we are relying on the open source community to spread the word.


CEOCFO: There are so many types of security and so many claims made. Do people recognize the value? Are they skeptical it can be done? 

Mr. Mahdavipour: Security is a general term and it can color so many different things. When we start talking about security we can talk about different layers and levels of that. The good thing about the Prancer framework is that those security rules are not hard coded into the heart of the product. We have a JSON file, and in that JSON file we coded the security rules that we are checking. Based on those rules, we will do the security scanning. So it is flexible. For example, tomorrow a new vulnerability is out or if we understand that we need to check another configuration on top of the current ones that we are doing, the customer can easily add the new rule for the security scan that Prancer can do for them. Then after that, the new rule is in place as well and used in tests.


For the Prancer framework, we have different compliance rules available to use, like HIPPA, PCI or SCI. Then based on the experience of the internal security group of the company, if they want to add something on top of that, with the simple JSON format they can add new rules. Then afterwards, it will check for their new security rules as well.


Obviously the security subject is an evolutionary subject to talk about. Everyday new vulnerabilities come out and security software adjust themselves accordingly. Moving forward, the available compliances should evolve also to support detecting the new vulnerabilities.


CEOCFO: You recently released a new version of your cloud validation framework. What have you added? What can you do now that you did not before? 

Mr. Mahdavipour: The new version is all about the scalability. Companies who want a more scalable implementation for their cloud validation requirements can now use the Prancer framework with the built-in support for scalability. With the new release, it is possible for companies to put their Prancer container to run in a Kubernetes environment. Prancer pods can run in Kubernetes and all of them connect to a single NoSQL database to store the snapshots of monitored resources. By using the Kubernetes infrastructure, companies can easily scale up and scale down based on their needs.


CEOCFO: How do you reach out to potential customers? 

Mr. Mahdavipour: We have different venues for that. The base framework is open source. We are seeking brand awareness at this stage of the framework. We attend local events, conferences and exhibitions to promote the product.

Since we are in the open source community we talk about it in local meetups and also the conferences for different cloud provider and the demo and the presentations. We are using the network effect of the open source community to spread the word and find potential customers.

On top of that we have focused marketing campaigns to attract enterprise customers


CEOCFO: How is business? 

Mr. Mahdavipour: Because the cloud implementation is a rapidly growing sector in IT and so many companies are moving to the cloud and this is like the new norm for so many companies, they have started thinking about how to secure everything up there. There are huge demands out there and there are companies that are looking for us, but since it is an enterprise tool usually it is like a B2B business for companies to start fully utilizing the tool. They go through different approval process like the evaluation by the security team that they have and then doing some proof of concept of the product, and then based on the result of that, implement that for a section of the business and then using that companywide. Therefore, it is a process that takes time, but we have started this process for our enterprise customers. We are also negotiating to other potential customers to be able to implement this solution for those companies.


CEOCFO: What are you surprised we can do today with technology? What are you surprised we cannot do yet? 

Mr. Mahdavipour: When it comes to the cloud and cloud computing, the surprising fact is we still do not have any standards or a unified way for infrastructure as code. Enterprise companies are using various techniques and some of them are engineered solutions by themselves. In contrast, when it comes to the application level programming, there are so many standards available, but infrastructure as code is still a new section, when you are using the code to deploy the resources to the cloud. There is no unified way of doing that in compare with the maturity level that we have in the application layer. Therefore, that is one thing that all of us should work on in order to have a better approach when it comes to the cloud deployment models.      

One thing that always amazes me is the speed of cloud innovation. And also the speed we can deploy resources to the cloud. It is a blessing time for startup companies to embrace the power of the cloud and using for their advantages. In 90’s, for a software startup company, one of the major costs was the cost of the hardware they should acquire to scale out. But now they can start on free tiers of the cloud providers and build their business on top of that.


CEOCFO: Are you seeking funding, investment or partnerships as you move forward in growing?

Mr. Mahdavipour: funding is a subject that a founder is thinking of all the time. You should have the required funding to be able to fuel your company and make sure you can overcome all the hurdles. But for now, I am not looking for funding. We are a well-funded startup and I don’t need extra funding at this stage.


Obviously, if I have excessive funding available to use we can accelerate the growth of the business and scale out at a higher rate. For example, we are currently supporting Microsoft Azure, Amazon AWS and Google Cloud providers. We have plans to add other cloud providers as well, like the IBM and Oracle, or the private clouds like VM Ware. We are using a special and unique technique to convert the configuration of resources in the cloud to the code and then keep that code inside the database. This approach can be applied to so many cloud providers out there. Therefore, if we have the funding we can accelerate the innovation, super charge our marketing campaigns and reach out to other focused markets.     


CEOCFO: What, if anything, might people miss or misunderstand when they look at Prancer? 

Mr. Mahdavipour: This is a very good question. And it depends on the company and the maturity level of the people that are using the cloud in those companies. If they are using their infrastructure as code and using devops pipelines to deploy resources to the cloud it is usually easy for us to describe the benefit of the Prancer and they immediately grasp the idea. Because what Prancer can do in this scenario is to map the resources between your Infrastructure as a code and cloud resources and find any discrepancies. However, if they are not using these automated tools for the deployments or not using the infrastructure as code, it is harder to explain.


People could also confuse Prancer with the continuous compliance products as well. It is kind of hard to make the distinction between those two approaches, because what Prancer is focused on is pre-deployment validations that prevents you proactively from putting something bad in the cloud. On the other hand, continuous compliance which other products could provide is about monitoring the cloud for known issues. It is the continuous compliance, so it is like a reactive approach if something bad happens in your configuration in the cloud, after some lag time, for example seven minutes, the software can detect the item that is not in compliance for you and then send the alert or notification to the group that is defined. That is the difference between Prancer and those continuous compliance products.



“Prancer is a pre-deployment and post deployment validation framework that can help you to have a secure cloud implementation. This multi cloud validation framework scans your Infrastructure as Code implementation and compares it with your deployed resources in the cloud. Moreover, Prancer can be used as a continuous compliance tools for various clouds based on available compliance and custom rules.”- Farshid.Mahdavipour







© CEOCFO Magazine - All rights reserved

Any reproduction or further distribution of this article without the express written consent of is prohibited.



Cloud Validation Plan, Prancer Enterprise, Cloud Governance Model, Farshid.Mahdavipour, Prancer Enterprise provides a Pre-Deployment and Post Deployment Multi Cloud Validation Framework for Secure Cloud Implementation, CEO Interviews 2019, Technology Companies, cloud validation framework, cloud governance framework, cloud governance and compliance, multi cloud validation framework, Infrastructure as Code, IaC, cloud implementation, validate cloud implementation, connect to multiple cloud providers, validation across multiple cloud providers, Prancer Enterprise Press Releases, News does not purchase or make
recommendation on stocks based on the interviews published.