The cloud computing security market is heating up with new startups aiming to address enterprise concerns about...
data security and regulatory compliance in the cloud.
CipherCloud on Thursday launched its data protection technology, a Web proxy that provides encryption and tokenization for data before it’s sent to a cloud application. Encryption keys remain with the customer. Company executives tout the technology as format and function preserving with no impact on application functionality.
Pravin Kothari, founder and CEO of Santa Clara, Calif.-based CipherCloud, said data privacy and security concerns are holding enterprises back from adopting cloud computing. With CipherCloud, he said, enterprises “can have full control of their data” in the cloud.
CipherCloud also allows enterprises to log user activities across cloud applications, which Kothari said is important for meeting compliance and forensic requirements. The technology currently supports Salesforce.com; support for Google Apps is in development. It's offered as a hosted service or virtual on-premise appliance.
Without CipherCloud, the New Democratic Party of Canada would not be able to use Salesforce.com for voter tracking, said James Williamson, IT coordinator. The Ottawa-based organization initially turned down Salesforce.com because it doesn’t have a data center on Canadian soil; NDP was hesitant to have voter data subject to the U.S. Patriot Act.
NDP tried out a tokenization solution from another vendor in order to use Salesforce.com, but the system doubled application access times and was overall problematic. Salesforce.com offers encryption but holds the keys, Williamson said.
“That was a non-starter, but in CipherCloud's case, we hold the keys onsite,” he said. “We don’t deal with the massive latency of tokenization. It’s only a 5% or less performance hit using encryption. …We can keep data in the U.S. but we’re still Patriot Act immune.”
Easing cloud server security
Another new entry into the cloud computing security market is Menlo Park, Calif.-based CloudPassage Inc., which officially launched in late January. The vendor targets cloud service providers with server vulnerability management and firewall products, which it touts as the first security products purpose-built for elastic cloud environments. CloudPassage aims to streamline management of server security in a cloud environment where servers are rapidly created through cloning and bursting, said co-founder and CEO Carson Sweet.
CloudPassage’s platform, which consists of the Halo Daemon, a small software component on each cloud server and the Halo grid, an elastic compute grid that analyzes data collected by the Daemon, works to automatically secure cloud servers when they’re burst or cloned. The Halo grid is in constant communication with the daemons, and does the heavy lifting of pushing out firewall policy updates, Sweet said.
Cloud providers, especially Software as a Service(SaaS) companies, are under pressure from customers to prove they’re implementing data security and maintaining compliance. “Customers don’t want to just see a SAS 70 anymore,” Sweet said. “They want hard proof.”
The approach CloudPassage takes with its grid computing infrastructure and daemons isn’t new, but its application to Infrastructure as a Service is unique, said Ted Ritter, senior research analyst with Mokena, Ill.-based Nemertes Research Group Inc. “They’re essentially building a cloud-based security service for cloud-based services,” he said.
Enterprise adoption of cloud computing-- particularly IaaS -- remains relatively low, Ritter said. “Roughly less than 10% are doing IaaS in anything other than dipping their toes in the water,” he said. “Security and privacy are the top reasons they’re not doing it.”
CloudPassage is ahead of the curve in terms of accounting for the scalability and flexibility of a public cloud environment, he added.
Focus on identity and access management
Last month also saw the launch of Okta, a San Francisco-based provider of an on-demand identity and access management service. The service is designed to speed adoption of cloud applications by allowing enterprises to integrate cloud applications with existing directory services, control access across applications, and quickly provision and de-provision users, the company said in its launch announcement. The technology provides single sign-on across applications, and offers pre-integrated applications from Google, ADP, Salesforce.com and other vendors.
While not new to the market, Irvine, Calif.-based SecureAuth Corp., formerly MultiFactor Corp., boosted the cloud capabilities of its Identity Enforcement Platform, which integrates browser-based strong authentication, SSO and identity management for both cloud and on-premise applications. The new version, announced this week, features Amazon EC2 support and additional preconfigured cloud applications, including ADP and SuccessFactors.
“When moving to the cloud, most organizations don’t want to give up their infrastructure,” said Tom Stewart, vice president of business development at SecureAuth. With SecureAuth’s platform, an enterprise doesn’t have to “reinvent the wheel when moving to the cloud,” he said.
Hosted security services evolution
When it comes to cloud computing security, there are three levels, noted Richard Stiennon, chief research analyst at IT-Harvest, a Birmingham, Mich.-based research firm focused on IT security. Companies like CipherCloud provide security for cloud services, others, such as VMware Inc., Sourcefire Inc. and Reflex Systems LLC, protect cloud implementations, and then there’s cloud-based delivery of security services.
Scott Crawford, research director at Boulder, Colo.-based Enterprise Management Associates Inc., said security vendors are beginning to play a role in shaping what he called an “intercloud,” with hosted services that protect other hosted services. CloudPassage reflects a continuum between IaaS, PaaS, and security SaaS, he added.