COLUMN

Cloud-based security services should start private

By Eric Ogren 13 Jul 2009 | SearchSecurity.com Security Wire Daily News Digg This!     StumbleUpon     Del.icio.us

Many early stage cloud vendors have it backwards when it comes to offering cloud-based services. They implement Software as a Service (SaaS) first to demonstrate their vision and then develop enterprise integration features. But the right way to go about it is to support corporate clouds in early product releases.

SearchSecurity.com: To get security news and tips delivered to your inbox, click here to sign up for our free newsletter.

IT is typically conservative about business risk and likes to retain control over sensitive data and applications. Security SaaS vendors may be better served by allowing IT to start by hosting its own private cloud service, integrated with existing data repositories and administrative systems and then provide a path to the full cloud application environment.

Security SaaS vendors placing services in the cloud have had to overcome the barriers posed by conservative IT practices. Qualys Inc., one of the earlier vendors offering a vulnerability scanning service, overcame risk management objections to having corporate vulnerability details accessible off-site in the cloud. IT does embrace the concept once they become comfortable with the security, operational savings and pay-as-you-go cost structure. A quick survey of young privately-held security SaaS vendors shows progress in segments, such as identity management and access control, log management, secure document handling and virtual desktop distribution. They serve as early examples of the variety and innovative ideas in security:

• Alert Logic Inc. manages log management as a service to help companies meet compliance obligations. Instead of investing in servers, storage and personnel, the AlertLogic service transmits data from customer premise equipment through the cloud where the data is stored, archived and compliance reports generated. Security is paramount to customer acceptance since attackers could build a blueprint of the business infrastructure from log data.

• Confidela offers secure document services that allow sharing of confidential information while protecting against unauthorized printing, faxing, forwarding or saving to local storage. The SaaS approach allows Confidela to deliver RMS features without the need for a kernel-mode agent or the need to deliver the confidential document to the endpoint. The challenge will be convincing corporations to place their sensitive documents in the hands of a SaaS service.

• Moka5 Inc. provides a service optimizing delivery performance of clean virtual desktops. The SaaS model allows MokaFive to distribute reference copies of virtual desktops throughout the cloud where authenticated end users can rapidly stream their desktop to locally execute business applications from home or other remote locations. The company will have to overcome IT resistance to hosting corporate desktops in the cloud.

• Symplified Inc. manages corporate identity and access control as an Internet service. The Symplified "identity cloud" supports authenticated identity services to end users including access control to SaaS and Web applications, single sign-on, and full usage auditing. The hurdle that must be cleared is assuring IT that corporate identities can be securely maintained in a cloud service and the business will not be at risk due to a breach in the Symplified service.

• FastScale Technology Inc. is not a SaaS vendor, but is a vendor enabling cloud applications in a manner that virtual machine management products will mimic. FastScale automates the creation of server systems with compliant configurations of software packages. In addition to saving IT effort in creating physical and virtual servers, the company also creates servers compliant with EC2 for deployment in the cloud. This makes it easier to migrate existing applications into the cloud and is on the leading edge of a compelling trend.

Tags: Secure SaaS: Cloud services and systems,  Enterprise Data Governance,  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Secure SaaS: Cloud services and systems Cloud computing data security starts with internal strategy, experts say Network security expert urges hardening of cloud protocols Security challenges with cloud computing services Is Identity Management as a Service (IDaaS) a good idea? Burton Group warns of cloud computing risks Researchers say search, seizure protection may not apply to SaaS data McAfee to acquire email SaaS vendor MX Logic How secure is 'Platform as a Service (PaaS)?' When to use the service features of the Metasploit hacking tool Cloud computing security: Infrastructure issues Enterprise Data Governance Creating an enterprise data protection framework Analyst DLP study finds maturity, ranks top DLP vendors Voltage, RSA spar over tokenization, data protection Twitter gets condemned by CISOs at Forrester forum PCI DSS compliance requirements: Ensuring data integrity Trustwave acquires data loss prevention vendor Vericept Data has become too distributed to secure, Forrester says Compliance in the cloud How to write technology outsourcing contracts Risk management must include physical-logical security convergence

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary cut-and-paste attack  (SearchSecurity.com) data masking  (SearchSecurity.com) data splitting  (SearchSecurity.com) deperimeterization  (SearchSecurity.com) Google hacking  (SearchSecurity.com) masquerade  (SearchSecurity.com) snooping  (SearchSecurity.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary