As some enterprise IT shops outsource security to the cloud for traditional infrastructures, a few cutting-edge...
companies are combining Security as a Service with Infrastructure as a Service.
Security as a Service is a ripe market for new approaches from emerging companies. One such company, JumpCloud, hopes to snare customers looking for a one-stop Security as a Service monitoring shop. Its agent-based software handles intrusion detection and prevention, data loss prevention, and identity and access management with integrations into Active Directory.
The agent also sends data to JumpCloud via mutual Transport Layer Security, and JumpCloud picks out key issues or attacks and sounds an alarm if a system has been compromised.
One JumpCloud early adopter, Max Parris, director of operations for TapInfluence, a marketing software startup based in Boulder, Colo., is a one-man shop for operations and infrastructure. Therefore, outsourcing security to a service provider makes sense for Parris.
TapInfluence's entire infrastructure, some 40 servers in all, runs on Amazon Web Services (AWS).
"I need one place I can go to that will do the analysis of logs for security events on my systems as well as let me know about security patches that I need to deploy," Parris said.
Attacks on servers are common on AWS, Parris said. It's a big target and a number of plum targets for hackers reside there.
If attackers gain access to a server that's not set up properly from a security standpoint, they can scan some of Amazon's network to look for vulnerabilities. And since Amazon is used by a lot of startups without a dedicated security staff, many times servers are not set up properly and thus access remains open, Paris said.
As a developing product, JumpCloud has some room for improvement, as well, Parris said.
Topping the list is the need for better active response to threats, whether that involves a security patch that needs to be deployed or someone trying to maliciously log in that must be blocked, Parris said. Application-level monitoring would also be a boon, he said.
G6 Hospitality LLC, parent company of Motel 6 and Studio 6 based in Carrollton, Texas, doesn't have Infrastructure as a Service(IaaS) in place today, but Tom Sipes, managing director of IT security and compliance for the company, said developments in Trend Micro Inc.'s Security as a Service software -- specifically, making its Deep Discovery agents able to monitor the full AWS infrastructure -- will make him feel more secure about what he sees as an inevitable need for IaaS.
"I have to use Amazon. It's just the nature of the beast," Sipes said. "It would just give me better comfort with whatever I'd be using in AWS because then I would have the ability to understand from a holistic standpoint what's happening across my entire infrastructure."
Deep Discovery is currently available in a software appliance and virtual machine that can be deployed on IaaS, according to a Trend Micro spokesperson. The company is examining application programming interfaces and plans to add more functionality for cloud-based deployments.
Meanwhile, private and hybrid clouds also get the Security as a Service treatment in some data centers.
"As a fresh startup … we knew that we needed to address the problem of securing our platform, but we needed something that wasn't going to get in the way of our growth trajectory," said Michael Meredith, senior director of IT at Boulder, Colo.-based VictorOps, makers of DevOps collaboration software.
VictorOps plans to become a service provider itself and is building out an infrastructure based on OpenStack, which JumpCloud will monitor, Meredith said.
JumpCloud's software was preferable over an open source approach to intrusion detection that Meredith also evaluated, Snort by Sourcefire Inc.
"With Snort, you have to set up port mirroring on your switches and you have to have a big box that's able to ingest all that traffic at one time and examine it, and then you have to tune it yourself and figure out for yourself what's signal and what's noise," Meredith said.
However, JumpCloud doesn't do it all, either.
"I hope they expand into examining traffic coming into Web servers and looking for dictionary attacks there," Meredith said.
Meanwhile, Security as a Service users are still in the minority, and the lion's share of applications at enterprises that use Security as a Service don't fall under its auspices, according to TechTarget's recent Cloud Pulse survey.
Of the 345 respondents who answered a question on the survey about what cloud services they use or plan to use, 21.4% said they currently use Security as a Service; 10.1% plan to use it in the next six months; and 68.4% do not use it.
To learn more about Security as a Service, click here for part one.