Goal: Easier firewall management in public-private clouds

While cloud computing simplifies aspects of IT management, keeping servers secure across cloud and on-premise deployments is easier said than done.

Today, start-up cloud security provider Dome9 Security announced a cloud server security service it hopes will ease firewall management in public and private cloud environments.

“Cloud, in many ways, is making firewall management more complicated as enterprises find that they have to keep certain ports open just to manage their server security,” says Dave Meizlik, VP of marketing at Dome9.

Another challenge managing firewalls in cloud environments is that the firewalls provided by cloud computing have to be managed in isolation.

Using what it calls Secure Access Leases, Dome9 provides time-limited secure access to cloud servers so that the security polices of the native firewall can be updated and managed. According to Meizlik, Dome9 closes administrative access to cloud servers by default, making them available only when needed.

The firewall management system is administered through the “Dome9 Central” Web service, which manages policies for the firewall management agent that can be deployed within virtual machines in public and private clouds, in both Linux and Windows servers, operating in VMware, Citrix XEN, KVM, Parallels and Microsoft’s Hyper-V).

More on cloud computing and security

• Cloud security predictions for 2011
• Cloud Security Alliance updates controls matrix
• Survey finds companies still struggling with cloud security

Two other features that would be of interest to security managers and administrators include Dome9’s ability to tier administration and its account activity logging. Enterprises can set tiers of administrative control that would provide so-called “super users” full control over cloud services while others could be granted limited access to only the machines for which they’re responsible. Dome9 can also gather details about which users have accessed the system, changed polices and accessed cloud machines.

Dome9 is a monthly subscription service that starts at $20 per server per month, based on the number of servers and administrators. There is also a free personal use version that supports one user and one server.

Scott Crawford, managing research director Enterprise Management Associates, says the market for hosted firewall management services has a chance at success. “Companies have been outsourcing firewall management to external providers for years, and the advantages of such services can reach across multiple cloud providers with greater capacity and centralized auditing,” he says.

George V. Hulme writes about security and technology from his home in Minneapolis. He is so paranoid he has four firewalls on his home network, and found it difficult getting through them all to file this story. Fortunately, he doesn’t use firewalls on Twitter, where he can be found at @georgevhulme.