Mapping the Cloud: Dome9 Security looks to lock down the cloud
Upstart aims to plug the leaky holes it sees in cloud security with more careful monitoring or who gets access to cloud servers—and when
June 24, 2011
Tel Aviv-based Dome9 Security launched in May as a so-called security-management-as-a-service offering, to tackle the hot-button issue of cloud security. We talked to the company’s new VP of marketing, David Meizlik—late of IT security firm Websense—about security lapses and the value of a protective dome.
What was the market need Dome9’s founders were aiming to address?
The company was founded to help secure the cloud. Today, when an enterprise moves to the cloud—whether it’s in Amazon’s EC2, RackSpace, GoGrid, or another service provider—they’re forced to manually configure server security and leave many administrative ports, such as SSH and Remote Desktop, open so that they can connect to and manage their cloud machines. What’s more, because those machines are in the cloud, they’re not secured behind the corporate firewall infrastructure. Unfortunately, this means that too often, the only security that remains is a username and password for a server that has many open ports, and as a result most cloud servers are relatively unsecured.
What’s unique about Dome 9’s approach?
Dome9’s key innovation is its Secure Access Lease technology, which closes all administrative ports by default and opens them only when it’s needed, for as long as it’s needed, and for whom it’s needed. When an administrator or developer needs access to a cloud server, he uses Dome9 to get a time-based Secure Access Lease. The lease allows for access by a specified user, from a specified location, via a specified port, and from a specified location. Once the lease expires, Dome9 automatically reconfigures the cloud server’s security to close the firewall port. Dome9 works across hosting provider platforms—another key innovation, because many organizations that adopt the cloud have multiple cloud providers, and will often move machines across environments. With Dome9, cloud server security is centrally managed across providers, and is retained and persistent no matter what environment the machine is hosted in. This capability helps ensure security while providing flexibility and portability.
What are the company’s target customers?
Dome9 is an on-demand cloud service that can service an unlimited number of dedicated or virtual, private or public environments. We can service any size organization or hosting provider.Dome9 Security is ideal for both the enterprise and hosting providers. Enterprise customers using the cloud can use Dome9 directly from our website, and centrally manage cloud server security across multiple hosting platforms (i.e., centrally manage cloud server security across concurrent deployments in AWS EC2, RackSpace and others). Hosting providers can resell Dome9 as a security add-on, or bundle it into existing packages to help remove the number one barrier to cloud adoption: concern for security. What’s more, when hosting providers use Dome9 they provide customers with the ability to automate self-managed cloud server security, eliminating server lockouts, driving down support costs and providing customers with greater control and a secure cloud environment.
What are those companies’ top concerns when it comes to cloud security?
The top inhibitors to cloud adoption are security and availability. Ironically, the two are inextricably connected, since if a cloud environment is compromised, it’s likely unavailable.
What does your platform replace—what are enterprises doing to address cloud security now, and where are they lacking?
Today organizations are forced to manually configure their cloud server security using the management consoles of each respective hosting provider. When someone needs access to a server, the admin must manually open the port and enable access, and then remember to log back in and manually close the port and disable access once the work is done. Unfortunately, this process is cumbersome and often administrators forget to later close the ports, or leave them open indefinitely so they don’t have to continually repeat the process. This not only leads to unsecured servers, it also puts a real strain on administrators, especially those managing multiple cloud servers across multiple hosting providers. What’s more, it doesn’t provide elastic security to match with the elasticity of the cloud (i.e., scaling from 1 server to 1,000 in the cloud in a few minutes cannot be efficiently secured without a security management as a service like Dome9, which scales automatically).
Why did you join the company? What attracted you?
I joined Dome9 because of the tremendous opportunity we have to help organizations and hosting providers accelerate and secure cloud adoption. Securing the cloud requires a paradigm shift, since the cloud itself is one. Security in the cloud is as much about scale and management as it is about security itself. Traditional security controls weren’t built to scale or be efficient, and thus without a service like Dome9 cloud environments will remain unprotected.
What’s the story behind the name?
We chose “dome” to depict security or protection, and the number 9 because in numerology the number nine is used to depict the ending, transformation, and completion. So in effect, our name means “complete security.”
About the Author
You May Also Like