The other day I saw one of those Facebook question polls asking what was the biggest thing holding you back from moving to the cloud. I forget who actually posted the question but the choices were availability, security, features and cost. Security was still the biggest inhibitor by a large amount. Now granted, Facebook users may not be the demographic that you would rely on for that answer, but it is a data point nonetheless.
But in spite of what the survey says on Facebook, I continue to see cloud security marching on with new offerings and new ways of securing the cloud. I wanted to highlight some of the ones that have caught my eye recently:
Cloud Passage Halo Professional – This company and product have received a lot of attention since coming to market almost a year ago. With the new pro version of Halo announced recently it brings host-based firewall administration, vulnerability management, account auditing, and security alerting capabilities to protect cloud servers.
“The Professional version adds to Halo’s value through comprehensive APIs that extend and integrate these capabilities into existing environments. Professional users also benefit from easier compliance management through instant access to historical cloud server security data, critical to achieving compliance with PCI, FISMA, HIPAA and other industry standards. GhostPorts, another outstanding Professional feature, provides stealth access to network services.”
GhostPorts allow admins to open the firewall to specific IP’s for a set time.
Cloud Passage is a company which has built a cloud solution from the ground up instead of taking a traditional security product and trying to make it fit the cloud. Their use of APIs instead of appliances and virtual appliances is the model to follow I believe. I think they represent a new breed of pure play cloud security provider.
Red Lambda MetaGrid™ – Web applications and the cloud have given rise to a whole new class of programs collectively referred to as “Big Data“. Programs like Hadoop and all of the NoSQL databases have allowed for the collection of massive amounts of data distributed in the cloud on commodity hardware.
Analyzing and securing all of this data creates the same challenges that storing and using it does. Traditional appliances and single server solutions don’t work. Even virtual appliance are not the answer. Instead Red Lambda is using smart grid technology to tackle this big job. Also they do it without signatures or rules because they don’t scale to this level either.
The MetaGrid solution uses another Red Lambda technology they call Neural Foam.
Patent-pending Neural Foam™ uses artificial intelligence to cluster massive amounts of data into its simplest, natural structure without a single rule. Neural Foam’s unique ability to continuously learn all knowledge and anomalies from any data, over any timescale, event by event revolutionizes operations. In one pass, MetaGrid makes it possible to see every aspect of an infrastructure, from the most normal activity, to threats, to things that only happen once or differ by a single unusual bit. Quite simply, it’s the ultimate weapon against the unknown, inside or out.
It is certainly a new approach to the big data security issue which (no pun intended) is big and getting bigger everyday.
Cisco ASA 1000v – Yes that’s right Cisco. They just announced the virtual version of their ASA firewall and security appliance built for multi-tenant cloud environments. ASA 1000V provides firewall capabilities, comprehensive real-time threat defense, always-on remote access and comprehensive network security. Yes it is a virtual appliance, but it works with the Cisco Virtual Appliance Network Management Center to assign policies and rules across multiple virtual instances. It may not be the same as an enterprise class Checkpoint or next gen Palo Alto box, but inexpensive, available virtual firewalls will be commodity items available to every cloud user very soon!
Between the host based firewalls that many companies are using to protect cloud instances and the virtual firewalls from Cisco and others we are seeing the firewall once again play a foundational role, this time in cloud security.
AlertLogic fully managed Security-as-a-Service – Just having security available in the cloud is not enough. Security whether it be virtual or physical, cloud based or on premises is beyond many organizations today. Taking Alert Logic‘s “in the cloud, for the cloud” security offerings and wrapping it with a world class security research team and always on SOC allows any organization peace of mind knowing that security is taken care of.
So while some say security is still a hindrance to cloud adoption, the facts show that the industry is responding. Companies big and small, old and new are bringing new solutions to solve the cloud security issue.
- Announcing the Cisco ASA 1000V Cloud Firewall (blogs.cisco.com)
- Cloud Security Alliance – Looking Out for the Users (rackspace.com)
- vShield App, vShield Edge, vShield Manager, Use Cases and Comparisons (cleanclouds.wordpress.com)
- Security remains a top concern for cloud app builders (infoworld.com)
- A New virtual ASA: On Full Display at VMworld in Las Vegas (blogs.cisco.com)
- How to Secure Federal Data in the Cloud | SmartData Collective (tphnewsfromtheworld.wordpress.com)
- Greatest Threats to Cloud Security (ponderingtechnology.wordpress.com)