Layer 7 Offers More Control Over The Cloud With CloudSpan
April 20, 2010
Layer 7 Technologies is branching out into cloud computing with CloudSpan, a suite of three software products, launched Monday at the 5th International Cloud Conference & Expo in New York City. The new products address two key concerns of customers venturing out into the cloud: the security and control of their cloud deployments. The suite includes CloudConnect, for extending onsite security and access management to the cloud environment, CloudProtect, a security "wrapper" around an application running in the cloud, and CloudControl, a set of management and security tools for providers of cloud services.
CloudConnect addresses a key pain point for SMBs or large enterprises contemplating a cloud strategy, said Scott Morrison, chief technology officer of Layer 7. They may have a sign-on policy in place for employees to access their on-premise network, but when they sign up with a cloud provider, they have to adapt to that provider's security protocol, too. "You want to cut down on the number of identities you have everywhere. Also, you don't want people reusing passwords and putting those passwords out into an environment that you don't control," Morrison said. Also, rather than having to duplicate your on-premise databases for placement in the cloud, CloudConnect gives the cloud provider secure access to the database, which remains behind the firewall, in order to run an application residing in the cloud.
An unidentified financial services firm in the Midwest is about to begin production use of CloudConnect with its cloud provider, Salesforce.com, said Phil Walston, vice president of development and product management for Layer 7. "They did not want certain privileged, confidential data being out there in Salesforce, but they wanted Salesforce to have access to that," Walston said. CloudProtect is designed to impose security protections and access control on an application running in a cloud environment. CloudProtect serves as a "wrapper around an application," Morrison continued, monitoring who has access to it, when they accessed it and for how long. "The only way in or out of that app is through our policy enforcement point and the policies are all completely controlled by the on-premises security administrator," he said.
CloudControl, which is targeted at cloud service providers rather than users, lets them build access control, rich policy enforcement and establish service level agreements (SLAs) in cloud offerings, either for public or private clouds. CloudControl makes it possible for cloud providers to offer additional services to customers beyond just running applications, such as storage in the cloud or databases in the cloud. "One of the things we're starting to notice in the cloud environment is that there's not a lot of margin around selling compute cycles," Morrison said.
Other companies offer point solutions for security of cloud deployments such as Ping Identity and Cohesive Flexible Technologies, but their solutions are narrower than Layer 7's suite, he said. And, of course, service providers such as Amazon, Salesforce and Google emphasize security, but at the expense of customer control. "Salesforce has a log-in system and controls that it can provide, but it's their log-in system. Amazon has a certificate and key-based system for [Amazon Web Services], but it's their system," said Layer 7's Walston. "You have to adapt to their model."