Welcome!

@CloudExpo Authors: Liz McMillan, Zakia Bouachraoui, Dana Gardner, Yeshim Deniz, Elizabeth White

Related Topics: @CloudExpo, Cloud Security

@CloudExpo: Article

CloudPassage: "Only Security Platform Purpose-Built for Cloud"

Company VP Joerg Rathenberg Interviewed at Cloud Expo

CloudPassage delivers a server security platform that's been "purpose-built for the cloud," according to the company. I spoke at Cloud Expo with Joerg Rathenberg, the company's VP of Marketing. Joerg was with IBM early in his career, "helping to build a new IBM in Eastern Europe as the cold war came to an end," he says.

Today, he focuses on CloudPassage's Halo product, which provides automated vulnerability management, compliance monitoring, network access control, server account administration, and security event alerting through REST APIs in all types of cloud environments.

"CloudPassage is securing cloud servers on the IAAS level," he told me. "Any company that runs its servers in the cloud will need to secure these servers, and CloudPassage will help them do this in an automated and scalable way."

Me: And delivered as SaaS, right?

Joerg: Yes, being a true cloud player, of course our product is delivered as Software-as-a-Service. Pricing is on a utility model - pay as you go - although as you know, we offer a free version as well.

Me: So what sort of customer engages initially with the free version? And how do you convince them to upgrade?

Joerg: The main group of people signing up are the ones responsible for running the cloud servers. In medium and small companies, these can be part of the development team, typically run by DevOps, SysAdmins and others.

In enterprises, often the Business Units go and subscribe to their own cloud servers for development. Here it is often the developers, product managers or product architects who come and sign up for Halo Basic, our freemium product, which is available for up to 25 servers without time limitation. They don't need a credit card or sign contracts, and they can secure their servers within a few minutes.

The upgrade to Halo Professional happens when companies start running more than 25 servers in the cloud. Other features include a very comprehensive API, and full access to two years' worth of detailed security log data. This is important to those companies with compliance requirements like PCI, HIPAA, and others.

Me: What sorts of security and related technical burdens do you eliminate for your customers? And how do you provide them the control they need?

Joerg: Companies go to the cloud to take advantage of economies of scale and flexibility. So, if an e-Tailer does not need the 500 additional cloud servers that the used to get through the holiday season, they simply turn them off and don't have to pay for them any longer.

Any company that subscribes to an Amazon EC2, Rackspace, Terremark, Gogrid or other cloud server solution is sharing the responsibility of securing their cloud servers. The problem is that traditional security systems don't support the architectural challenges and elastic capabilities of the cloud. CloudPassage Halo is the only cloud infrastructure platform expressly designed for the cloud and delivered as a service.

Me: How flexible is this, really?

Joerg: Using Halo, our customers can move their servers from one provider to another anytime they want - such as, if it's cheaper for them to do so - and retain their security. They can scale up and down, automatically deploy thousands of servers and be assured that they are secure. It doesn't matter if these servers are located in the public, private or hybrid cloud.

(Additionally,) a "single pane of glass" allows them to manage their entire cloud infrastructure from one central place. Security functionality includes host-based firewalls, vulnerability scanning, account management, two-factor authentication, and more.

Me: Revisiting an earlier question, then, what sorts of companies - by vertical markets and size - benefit the most from CloudPassage? Put another way, are there any limits to the type of customer that can succeed with your company?

Joerg: Because Halo is delivered as a service hosted in the cloud, it is infinitely scalable. At this stage, a lot of our customers come from business models that are leveraging the cloud. In particular SaaS providers are a perfect match.

Me: Oh, I see...

Joerg: For example, companies like Zappos, Foursquare, Avatar NewYork, ExoIS and others are investing in could deployments and rely on Halo for securing their infrastructure.

Three business models are particularly prominent: App Development - Development shops, integrators, but also Enterprise BU's who need fast, inexpensive and agile environments and need to protect their IP; Permanent App Hosting - these are the SAAS providers, social media and gaming companies that require scalable, elastic computing; Temporary Elastic Workloads - retail, life science, financial services and media companies with seasonal or project-driven spikes who need to protect their IP and their big data deployments.

Me: How do you continue to improve Halo? That is, how much do you learn from your customers? How much additional research are you doing to ensure continuous improvement?

Joerg: We are working closely with a number of Lighthouse customers for different use cases. As an agile development shop we rely on beta programs and are able to react quickly. We also rely on primary research - just  in the process of wrapping up a survey administered to several thousand IT professionals, where we are testing for their cloud plans and their preferences."

Me: What are the Three Big Reasons a company should engage with CloudPassage?

Joerg: First, to remain competitive, companies have to invest in cloud technology today. CloudPassage has everything they need to secure their cloud servers.

Second, to this point CloudPassage offers the only security platform available, that is purpose-built for the cloud and delivered as a service.

Third, we understand that security is one of the main inhibitors for massive cloud deployment. So CloudPassage makes cloud security fast, simple and automated so that companies can leverage the elasticity and the economics of the cloud today.

Follow me on Twitter

More Stories By Roger Strukhoff

Roger Strukhoff (@IoT2040) is Executive Director of the Tau Institute for Global ICT Research, with offices in Illinois and Manila. He is Conference Chair of @CloudExpo & @ThingsExpo, and Editor of SYS-CON Media's CloudComputing BigData & IoT Journals. He holds a BA from Knox College & conducted MBA studies at CSU-East Bay.

Comments (0)

Share your thoughts on this story.

Add your comment
You must be signed in to add a comment. Sign-in | Register

In accordance with our Comment Policy, we encourage comments that are on topic, relevant and to-the-point. We will remove comments that include profanity, personal attacks, racial slurs, threats of violence, or other inappropriate material that violates our Terms and Conditions, and will block users who make repeated violations. We ask all readers to expect diversity of opinion and to treat one another with dignity and respect.


CloudEXPO Stories
"There is a huge interest in Kubernetes. People are now starting to use Kubernetes and implement it," stated Sebastian Scheele, co-founder of Loodse, in this SYS-CON.tv interview at DevOps at 19th Cloud Expo, held November 1-3, 2016, at the Santa Clara Convention Center in Santa Clara, CA.
Is advanced scheduling in Kubernetes achievable?Yes, however, how do you properly accommodate every real-life scenario that a Kubernetes user might encounter? How do you leverage advanced scheduling techniques to shape and describe each scenario in easy-to-use rules and configurations? In his session at @DevOpsSummit at 21st Cloud Expo, Oleg Chunikhin, CTO at Kublr, answered these questions and demonstrated techniques for implementing advanced scheduling. For example, using spot instances and cost-effective resources on AWS, coupled with the ability to deliver a minimum set of functionalities that cover the majority of needs – without configuration complexity.
At CloudEXPO Silicon Valley, June 24-26, 2019, Digital Transformation (DX) is a major focus with expanded DevOpsSUMMIT and FinTechEXPO programs within the DXWorldEXPO agenda. Successful transformation requires a laser focus on being data-driven and on using all the tools available that enable transformation if they plan to survive over the long term. A total of 88% of Fortune 500 companies from a generation ago are now out of business. Only 12% still survive. Similar percentages are found throughout enterprises of all sizes.
Here to help unpack insights into the new era of using containers to gain ease with multi-cloud deployments are our panelists: Matt Baldwin, Founder and CEO at StackPointCloud, based in Seattle; Nic Jackson, Developer Advocate at HashiCorp, based in San Francisco, and Reynold Harbin, Director of Product Marketing at DigitalOcean, based in New York. The discussion is moderated by Dana Gardner, principal analyst at Interarbor Solutions.
Atmosera delivers modern cloud services that maximize the advantages of cloud-based infrastructures. Offering private, hybrid, and public cloud solutions, Atmosera works closely with customers to engineer, deploy, and operate cloud architectures with advanced services that deliver strategic business outcomes. Atmosera's expertise simplifies the process of cloud transformation and our 20+ years of experience managing complex IT environments provides our customers with the confidence and trust that they are being taken care of.