CloudPassage delivers a server security platform that's been "purpose-built for the cloud," according to the company. I spoke at Cloud Expo with Joerg Rathenberg, the company's VP of Marketing. Joerg was with IBM early in his career, "helping to build a new IBM in Eastern Europe as the cold war came to an end," he says.

Today, he focuses on CloudPassage's Halo product, which provides automated vulnerability management, compliance monitoring, network access control, server account administration, and security event alerting through REST APIs in all types of cloud environments.

"CloudPassage is securing cloud servers on the IAAS level," he told me. "Any company that runs its servers in the cloud will need to secure these servers, and CloudPassage will help them do this in an automated and scalable way."

Me: And delivered as SaaS, right?

Joerg: Yes, being a true cloud player, of course our product is delivered as Software-as-a-Service. Pricing is on a utility model - pay as you go - although as you know, we offer a free version as well.

Me: So what sort of customer engages initially with the free version? And how do you convince them to upgrade?

Joerg: The main group of people signing up are the ones responsible for running the cloud servers. In medium and small companies, these can be part of the development team, typically run by DevOps, SysAdmins and others.

In enterprises, often the Business Units go and subscribe to their own cloud servers for development. Here it is often the developers, product managers or product architects who come and sign up for Halo Basic, our freemium product, which is available for up to 25 servers without time limitation. They don't need a credit card or sign contracts, and they can secure their servers within a few minutes.

The upgrade to Halo Professional happens when companies start running more than 25 servers in the cloud. Other features include a very comprehensive API, and full access to two years' worth of detailed security log data. This is important to those companies with compliance requirements like PCI, HIPAA, and others.

Me: What sorts of security and related technical burdens do you eliminate for your customers? And how do you provide them the control they need?

Joerg: Companies go to the cloud to take advantage of economies of scale and flexibility. So, if an e-Tailer does not need the 500 additional cloud servers that the used to get through the holiday season, they simply turn them off and don't have to pay for them any longer.

Any company that subscribes to an Amazon EC2, Rackspace, Terremark, Gogrid or other cloud server solution is sharing the responsibility of securing their cloud servers. The problem is that traditional security systems don't support the architectural challenges and elastic capabilities of the cloud. CloudPassage Halo is the only cloud infrastructure platform expressly designed for the cloud and delivered as a service.

Me: How flexible is this, really?

Joerg: Using Halo, our customers can move their servers from one provider to another anytime they want - such as, if it's cheaper for them to do so - and retain their security. They can scale up and down, automatically deploy thousands of servers and be assured that they are secure. It doesn't matter if these servers are located in the public, private or hybrid cloud.

(Additionally,) a "single pane of glass" allows them to manage their entire cloud infrastructure from one central place. Security functionality includes host-based firewalls, vulnerability scanning, account management, two-factor authentication, and more.

Me: Revisiting an earlier question, then, what sorts of companies - by vertical markets and size - benefit the most from CloudPassage? Put another way, are there any limits to the type of customer that can succeed with your company?

Joerg: Because Halo is delivered as a service hosted in the cloud, it is infinitely scalable. At this stage, a lot of our customers come from business models that are leveraging the cloud. In particular SaaS providers are a perfect match.

Me: Oh, I see...

Joerg: For example, companies like Zappos, Foursquare, Avatar NewYork, ExoIS and others are investing in could deployments and rely on Halo for securing their infrastructure.

Three business models are particularly prominent: App Development - Development shops, integrators, but also Enterprise BU's who need fast, inexpensive and agile environments and need to protect their IP; Permanent App Hosting - these are the SAAS providers, social media and gaming companies that require scalable, elastic computing; Temporary Elastic Workloads - retail, life science, financial services and media companies with seasonal or project-driven spikes who need to protect their IP and their big data deployments.

Me: How do you continue to improve Halo? That is, how much do you learn from your customers? How much additional research are you doing to ensure continuous improvement?

Joerg: We are working closely with a number of Lighthouse customers for different use cases. As an agile development shop we rely on beta programs and are able to react quickly. We also rely on primary research - just  in the process of wrapping up a survey administered to several thousand IT professionals, where we are testing for their cloud plans and their preferences."

Me: What are the Three Big Reasons a company should engage with CloudPassage?

Joerg: First, to remain competitive, companies have to invest in cloud technology today. CloudPassage has everything they need to secure their cloud servers.

Second, to this point CloudPassage offers the only security platform available, that is purpose-built for the cloud and delivered as a service.

Third, we understand that security is one of the main inhibitors for massive cloud deployment. So CloudPassage makes cloud security fast, simple and automated so that companies can leverage the elasticity and the economics of the cloud today.

Follow me on Twitter