CloudPassage Looks to Lock Down Cloud Servers
May 29, 2012
For IT pros, the benefits of the cloud are by now familiar. But as enticing as the agility, streamlined management and on-demand provisioning benefits that cloud computing offers, security remains an area of deep concern.
And while leading vendors have made considerable strides in addressing the potential security problems associated with the cloud -- both real and perceived -- the security burden still falls to both suppliers and customers, many of whom have been moving rapidly to embrace the technology but sometimes treat security as an afterthought.
"The race to the cloud is on," says Rand Wacker, vice president of product management at CloudPassage, a two-year-old startup specializing in securing cloud servers. "Companies large and small are scrambling to increase their speed to market, and reduce cost by moving their servers to a cloud-based architecture."
Wacker warns that cloud customers who neglect to secure their servers, often assuming that their provider has taken care of security across all points of the deployment, do so at their own peril.
"The issue is that, especially in the public cloud, with no control over hardware or defined choke points, traditional perimeter- and network-based security solutions no longer work," he explains. "Unsecured cloud servers, particularly when they are cloned, can lead to a dramatically increased risk for companies running their systems in the cloud."
CloudPassage's solution is Halo, a platform for securing servers built on a dynamic architecture that mirrors the automated, self-service features that are a hallmark of cloud configurations.
Halo includes a software component, Halo Daemon, that runs on each server to monitor and report security factors, relaying the data to the Halo Grid, CloudPassage's elastic compute environment. Additionally, the offering includes a centralized user interface through which customers can manage all the features of their Halo deployment.
CloudPassage's Halo product provides an array of security features, including firewall automation, alerts about security events and server account management. Halo is provided through a software-as-a-service (SaaS) model, offering a hardware-free setup and simplified deployment that lay users can handle.
"It allows companies to automatically secure all their servers, regardless of whether they are in the public, private or hybrid cloud -- even in their own data center," Wacker says of the Halo package.
Pricing is based on usage, billed by the hour. The company is built on a "freemium" concept, with Halo available for free on as many as 25 servers. Beyond the basic plan, CloudPassage offers NetSec and Pro options, which scale to larger deployments and include additional features such as a firewall security authentication function to open the network to authorized users and file integrity monitoring, the latter of which is still in beta. Pricing for the NetSec plan is capped at 3.5 cents per server per hour, while the Pro plan costs as much as 10 cents per server hour.
With its narrow focus on securing cloud servers, CloudPassage's sale representatives often find themselves challenged to clear up confusion about who bears the responsibility for securing cloud deployments.
"Providers are very clear that they take responsibility for their physical facilities, hardware and cloud hypervisor," states Wacker, "while the customers are responsible for the security of their virtual servers -- the operating system, application stack and data. Unfortunately, not all cloud users are aware of this shared responsibility."
Indeed, in a recent survey conducted by the company, 31 percent of respondents said they count on their cloud provider to secure their cloud servers, while 20 percent said they have no security at all in place for their virtual machines.
CloudPassage is based in San Francisco, and has won funding from a roster of investors that includes Benchmark Capital and Tenaya Capital.