CloudPassage Aims to Ease Cloud Server Security Management

For many enterprises, three of the biggest headwinds against public cloud adoption are compliance, security and associated transparency. And organizations, especially those operating in regulated industries, need to have the control over the security configurations of their cloud-based servers.

The challenge is that traditional enterprise security tools don’t always play well in public clouds, if at all. For example, security teams can’t run traditional vulnerability management software, to make certain their systems are up to date with the latest patches. Additionally, the ease that virtual servers can be spun, copied, and moved elsewhere makes for a configuration management nightmare.

“When you move to cloud-based systems, your control over network resources is reduced,” says Pete Lindstrom, research director at Spire Security. That makes it harder for enterprises to control their security posture, Lindstrom says, because they dont have say over many of their network assets. Still, organizations have to patch dated software versions, maintain tight configurations in the cloud just as they do with traditional on-premise software.

“However, unlike on-premises workloads, security policy enforcement in the cloud must be enforceable regardless of location and scalable elastically to potentially thousands of hosts, Neil MacDonald, an analyst at the research firm Gartner, said in a statement.

Security firm CloudPassage, in stealth mode until today, hopes to build itself a market through helping enterprises reign in their firewall and system configuration of cloud servers. The company claims its Halo SVM (Server Vulnerability Management) and Halo Firewall are the first server security and compliance services built specifically for elastic clouds.

“The goal is to help organizations enforce good server security and configuration management in the cloud,” says Carson Sweet, company co-founder and CEO.

The Halo platform consists of a Halo Daemon that is installed on cloud servers and the Halo Grid. The Halo Daemon, a two-megabyte image, essentially gathers security and configuration information about the server and transmits that data to the Halo Grid. The Halo Grid processes the server information sent for policy enforcement on security and configuration levels and well as host-based firewalls.

Sweet contends the Halo Firewall solves a number of challenges associated with hots-based firewall management. First, he says, users can manage the policies of their cloud servers from a single console, which helps to cut down on policy configuration errors. Second, whenever cloud servers are added or moved, the system will automatically update individual firewall configurations.

Lindstrom says that since organizations lose control over the network layer of their public clouds, security needs to be as tightly integrated into host servers as possible. “All control over the network is deprecated, therefore the security you provide has got to be done at the host layer,” he says.

George V. Hulme writes about security, technology, and business from his home in Minneapolis, Minnesota, which he says has too many clouds this time of year. You can also find him on Twitter as @georgevhulme.