If you tap into the chatter on Cloud Computing, you will hear lots of concerns about the security issues, regulatory issues, etc.. Even though some of the negative chatter are totally overblown, one cannot reject these security concerns, especially in the case of enterprises. Off late, we are seeing tremendous progress on the security front but it is still a long way to go before the enterprise customers are convinced. Government adoption of Cloud Computing helps in this regard but technological solutions go a long way in convincing enterprises.

In October last year, I talked about VPN-Cubed, a neat perimeter kind of security by CohesiveFT.

Today’s release of VPN-Cubed will offer a security perimeter covering the IT assets deployed in any kind of ecosystem (cloud or managed). One of the biggest worries for enterprise customers is the need to cede control of the security of their data to the cloud provider. With this solution, the company can retain the control of security even inside the cloud. VPN-Cube uses the popular Open Source VPN software, OpenVPN, to act as an encrypted LAN inside a single cloud or as an encrypted WAN across multiple clouds. This allows the cloud based clusters or the hybrid cloud-enterprise datacenter ecosystem to appear as a single physical network similar to Enterprise 1.0 infrastructure.

Their approach simulated a network similar to traditional datacenters and enterprise infrastructure facilities. In this post, I am going to briefly discuss about another Cloud Computing Security vendor called Third Brigade. Third Brigade takes an altogether different approach. They believe in tackling the security at the virtual machine level. Their product, called Third Brigade VM Protection, is free for companies up to 100 virtual machines. It is available for Microsoft Windows Server 2003, Microsoft Windows Server 2008 and RedHat Enterprise Linux 5.0 platforms.

In the traditional datacenter world, the servers are protected using a perimeter level security like firewall with the usual security tools like IDS, IPS, etc.. With the use of public clouds, the idea of perimeter, as we know from the previous era, vanishes because the third party cloud infrastructure providers use multi-tenancy to offer cost savings. Multi-Tenancy brings in risks like attacks from other virtual machines in the same physical hardware, either by a rogue admin of other virtual machine(s) in the hardware or through remote exploitation of scripts present in the other virtual machine(s) in the same hardware. This makes traditional perimeter based security totally meaningless. Even though the cloud infrastructure provider may secure the physical server, they wash their hands off from the security, patch management, log monitoring, etc. associated with the virtual servers. This puts the burden of security on the Cloud users and calls for a new approach to the Cloud Security.

Third Brigade considers implementing security at the virtual machine level as the correct approach to Cloud Security and offer an easy solution that secures each and every virtual machine without the associated labor intensive tasks. They make VM security deployment easy from a centralized location. Their security product consists of the following essential components.

• A powerful bidirectional Firewall with a centralized facility to manage the firewall policies and templates
• An IDS that could offer protection against exploits and zero day attacks minimizing risks associated with any delayed deployment of vendor patches
• Data integrity monitoring for compliance and regulatory purposes
• Log inspection for security related admin purposes

The other advantages of Third Brigade VM Protection product, apart from offering the Cloud Security, are seamless deployment across multiple virtual machines and easy mobility of virtual machines. A virtual appliance setup and secured using Third Brigade’s product can be easily moved to another physical server or even an altogether different datacenter. In addition to these advantages, Third Brigade VM Protection can be easily deployed even if the virtual machines are spread across different datacenters.

The Cloud Security is getting better and better. Soon, we will be talking about security as a benefit of Cloud Computing along with usual suspects like cost, scalability, redundancy, etc.. It is time for enterprises to map out their Cloud Strategy to avoid being a loser in this dull economy and competitive marketplace.