CloudPassage Fills Gaps in Private-Public Cloud Security

By Frank Ohlhorst  |  Posted 2012-01-30 Print this article Print

The security as a service (SaaS) vendor combines hosted security with cloud access to build secure environments for public and hybrid cloud users.

When it comes to the cloud, security has always been the No. 1 concern for users. After all, as data travels around the Internet, there are numerous windows of opportunity for data interception or capture. A single weak link can lead to system compromise and lost information.

Now there's a cloud application to handle that. With a new service launch on Jan. 31, 3-year-old CloudPassage aims to solidify security in the cloud with a new offering, Halo Netsec, which features a firewall, two-factor authentication and intrusion-detection capabilities.

At this point, Halo Netsec is unique when it comes to securing cloud services, because it enables administrators to build a perimeter defense without having to worry about the physical network. Thus, it secures everything from the endpoint to the virtual server, even if that traffic is passing over a public Internet-or even from private or hybrid cloud to cloud.

This can prove very important for administrators, especially when managing cloud services, because those administrators have no control or management capabilities for the public portion of cloud communications.

Small Agent Runs Communications

Halo NetSec works by running a small security daemon (in this case, just 3MB) on a virtual server, which handles communications across CloudPassage's computing grid, through which all traffic passes on its way from the endpoint to the host, and vice versa. The small footprint of the security daemon makes it easy to set it up on a virtual server, without impacting performance-and, in most cases, associated hosting costs.

"When people look at adding security to a cloud system, they generally think they're buying a slice of something," CloudPassage founder and CEO Carson Sweet told eWEEK. "So now we're doing full-blown dynamic firewall management, and it's multi-cloud.

"We can have servers in EC2 [Elastic Compute Cloud], in Rackspace and in Terremark, with one policy over all of them. We rolled out new account management, so you can create change management accounts on servers dynamically, no matter where they are. Intrusion detection, which was tough to do in the cloud-given all the technical differences there-is rolling out now in beta.

"The most interesting aspect of all of this continues to be that it all just works in the cloud."

Once installed and configured, administrators are able to apply firewall rules and policies to any connection accessing public, private or hybrid cloud services. The security daemon works hand-in-hand with CloudPassage's computing grid to enforce rules, policy and monitor for intrusions.

"What we've done is create a cloud-ready platform that handles automatically all management and policy controls with a combination of a lightweight host-based agent and software as a service grid," said Rand Wacker, vice president of product at CloudPassage. Halo NetSec also offers two-factor authentication for administrators for accessing servers.

USB Key for One-Time Password

According to Wacker, an administrator goes to CloudPassage's Web portal and uses a USB key to generate a one-time passcode, and then access is granted to the servers.

Halo NetSec is significant in the fact that it brings edge-like security to public cloud-based services. Enterprises looking to leverage public cloud platforms, services and applications can now define the security needed to grant access to users with two-factor authentication-making sure only the appropriate end user and endpoint are granted access to that cloud service. Something, that up until now, was quite difficult to do.

Halo NetSec costs 3.5 cents per server per hour, although volume discounts apply and other discounts are available with a monthly minimum usage commitment.

eWEEK Editor-in-Chief of Features & Analysis Chris Preimesberger contributed to this story.



Frank Ohlhorst Frank J. Ohlhorst is the Executive Technology Editor for eWeek Channel Insider and brings with him over 20 years of experience in the Information Technology field.He began his career as a network administrator and applications program in the private sector for two years before joining a computer consulting firm as a programmer analyst. In 1988 Frank founded a computer consulting company, which specialized in network design, implementation, and support, along with custom accounting applications developed in a variety of programming languages.In 1991, Frank took a position with the United States Department of Energy as a Network Manager for multiple DOE Area Offices with locations at Brookhaven National Laboratory (BNL), Princeton Plasma Physics Laboratory (PPL), Argonne National Laboratory (ANL), FermiLAB and the Ames Area Office (AMESAO). Frank's duties included managing the site networks, associated staff and the inter-network links between the area offices. He also served at the Computer Security Officer (CSO) for multiple DOE sites. Frank joined CMP Technology's Channel group in 1999 as a Technical Editor assigned to the CRN Test Center, within a year, Frank became the Senior Technical Editor, and was responsible for designing product testing methodologies, assigning product reviews, roundups and bakeoffs to the CRN Test Center staff.In 2003, Frank was named Technology Editor of CRN. In that capacity, he ensured that CRN maintained a clearer focus on technology and increased the integration of the Test Center's review content into both CRN's print and web properties. He also contributed to Netseminar's, hosted sessions at CMP's Xchange Channel trade shows and helped to develop new methods of content delivery, Such as CRN-TV.In September of 2004, Frank became the Director of the CRN Test Center and was charged with increasing the Test Center's contributions to CMP's Channel Web online presence and CMP's latest monthly publication, Digital Connect, a magazine geared towards the home integrator. He also continued to contribute to CMP's Netseminar series, Xchange events, industry conferences and CRN-TV.In January of 2007, CMP Launched CRNtech, a monthly publication focused on technology for the channel, with a mailed audience of 70,000 qualified readers. Frank was instrumental in the development and design of CRNTech and was the editorial director of the publication as well as its primary contributor. He also maintained the edit calendar, and hosted quarterly CRNTech Live events.In June 2007, Frank was named Senior Technology Analyst and became responsible for the technical focus and edit calendars of all the Channel Group's publications, including CRN, CRNTech, and VARBusiness, along with the Channel Group's specialized publications Solutions Inc., Government VAR, TechBuilder and various custom publications. Frank joined Ziff Davis Enterprise in September of 2007 and focuses on creating editorial content geared towards the purveyors of Information Technology products and services. Frank writes comparative reviews, channel analysis pieces and participates in many of Ziff Davis Enterprise's tradeshows and webinars. He has received several awards for his writing and editing, including back to back best review of the year awards, and a president's award for CRN-TV. Frank speaks at many industry conferences, is a contributor to several IT Books, holds several records for online hits and has several industry certifications, including Novell's CNE, Microsoft's MCP.Frank can be reached at

Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel