CloudPassage, which came out of stealth mode in late January, was started in October 2009 by Carson Sweet, Talli Somekh and Vitaliy Geraymovych--each of whom has years of technology and IT security experience, including the development of early virtualization security solutions. CloudPassage's new services are aimed at providing security to cloud servers that are supposed to be elastic and flexible. But current security limitations can force companies to curtail that elasticity or spend lots of time performing manual tasks.
According to Sweet, existing security solutions aren't elastic because vulnerability management and firewall configurations have to be individually managed on every new cloned or bursted server. Moreover, organizations aren't able to create perimeters or demilitarized zones (DMZs) to protect their cloud servers because in public cloud infrastructures, such as Amazon EC2, they don't own or control the networks.
Companies can't put security hardware in those clouds, Sweet says. "Also in those environments, you don't even have the power to manage IP addresses." IP addresses are typically assigned, and if a company wants to use a security product to identify and protect a server, the assigned IP addresses have to be manually configured in the security tools. If you have server that moves, which happens all the time, the IP address will change, and so any configuration you already had will break. Then you'll have to go in and and manually reconfigure."
CloudPassage's solution attempts to overcome these challenges by automatically securing cloud servers when they burst or are cloned. Once security is set up on one server, all copies of that server that are created later will automatically adopt those security controls.