5 cloud security companies to watch

Security is one of the major impediments to enterprises moving their resources into the cloud

Security is one of the major impediments to enterprises moving their resources into the cloud. So, it's not surprising that numerous cloud security companies are springing up, attempting to address specific cloud security issues, like protecting virtual machines or encrypting data in motion.

Here are five up-and-coming companies - some still in stealth mode - that hold a great deal of promise.

1. Bromium

Headquarters: Cupertino, Calif., and Cambridge, U.K.

What it offers: Still in stealth mode, but founders have hinted they are building a product that uses virtualization to help secure all types of endpoints.

How much it costs: No pricing available at this time.

Who heads the company? Its founders are Gaurav Banga, the former CTO of Phoenix Technologies; Simon Crosby, the former CTO of the Data Center and Cloud Division of Citrix; and Ian Pratt, the current chairman of Xen.org and another Citrix veteran.

Why we're watching the company: Crosby is one of the more outspoken proponents of public cloud computing. He contends the security threats to cloud computing don't grow out of inherent holes in the cloud, but rather stem from unprotected clients, like the ones enterprise users are adding to corporate networks at alarming rates. While the company - which picked up $9.2 million in venture capital money early last summer -- won't be divulging product details until later this fall, Crosby has gone on record as saying that the primary benefit of virtualization will be security. It will be a neat trick if they can pull it off.

2. CipherCloud

Headquarters: Cupertino, Calif.

What it offers: Cloud data encryption and tokenization.

How much it costs: $20 per user per month

Who heads the company? Pravin Kothari is founder and CEO. Prior to starting up CipherCloud, Kothari was founder, CTO and interim-CEO of Agiliance, a GRC software company and was co-founder and vice president of engineering of ArcSight, a security and compliance vendor.

Why we're watching the company: CipherCloud is attempting to take on encryption and tokenization in a way that protects both data at rest and in motion, has low performance overhead for SaaS applications, and does not require enterprise customers to hand over control of encryption keys to their cloud service providers.

According to Kothari, the CipherCloud gateway is a lightweight software appliance that encrypts and decrypts data and attachments as they pass through it. It does so in real-time without loss of performance, format or functionality of the application.

"Our gateway is designed as a stateless solution. This, along with our high-performing encryption algorithms, ensures near-zero impact on the performance," Kothari says. In fact, in certain configurations where CipherCloud has switched on static caching, Kothari says they have seen improvements in performance with its gateway in the middle.

3. Cloud Passage

Headquarters: San Francisco

What it offers: Halo SVM and Halo Firewall SaaS products, both of which aim to lock down virtual servers.

How much it costs: Free

Who heads the company? Co-founders are Carson Sweet (serving as CEO), Talli Somekh (executive chairman) and Vitaliy Geraymovych (vice president of engineering). They came to CloudPassage from GlobalNetXchange (now Agentrics), Musea Ventures, and the technology consulting field, respectively.

Why we're watching the company: CEO Carson Sweet argues that virtual machines enabled the explosion in cloud computing, "but people sometimes sort of forget about the virtual network around those machines that need to be secured." CloudPassage focuses on securing the virtual server environment, which is widely viewed as one of the most unpredictably vulnerable spots in the cloud. Early this year, the company released two free services designed to protect cloud-based virtual servers by maintaining firewall policies (Halo Firewall) and checking for vulnerabilities (Halo SVM). The company plans to build a revenue stream by eventually charging for higher-level VM security services that build on the Halo framework.

4. High Cloud Security

Headquarters: Mountain View, Calif.

What it offers: Virtual Machine encryption solutions.

How much it costs: Not available yet

Who heads the company? Co-founders are Bill Hackenberger and Steve Pate. Hackenberger, who serves as CEO and president, has founded three other startups, one of which, AIM Technology was bought by Network General. He has also served as vice present of engineering at both Caymas Systems and Vormetric. Pate, who serves as CTO, held that same position at encryption vendor Vormetric and worked at virtualization vendor HyTrust in that company's early phases of development.

Why we're watching the company: High Cloud Security recently printed an excerpt from an article published back in 2010 that outlined in three easy steps how to hijack a virtual machine and in the process steal sensitive data that might be running on the VM at that point in time. High Cloud says the way to prevent this from happening is to encrypt everything at the storage layer that may contain sensitive information. The company's yet-to-be released product is currently in beta testing.

5. HyTrust

Headquarters: Mountain View, Calif.

What it offers: The HyTrust Appliance (currently available version is 2.2) provides centralized access control for virtual servers, providing enforcement of security policies and compliance controls.

How much it costs: $1,000 per host supported

Who heads the company? John De Santis, formerly vice president, Cloud Services at VMWare is CEO. Co-founders are Eric Chiu and Renata Budko who are president, and vice president of marketing, respectively. Hemma Prafullchandra is CTO. She was formerly CTO of FuGen Solutions, a managed provider of federated identity interoperability and compliance service.

Why we're watching the company: We've been tracking HyTrust for two years now, since it was selected as a 2010 company to watch and won best of show accolades at several industry trade shows. The product held its own against well established market leader Trend Micro in our recent test of virtualization security management tools. The company has reportedly closed more business in the first two quarters of 2011 than it did in the whole of 2010.

Read more about cloud computing in Network World's Cloud Computing section.

Join the CSO newsletter!

Error: Please check your email address.

Tags High Cloud SecurityhytrustsecurityCloud PassageCipherCloudBromiumcloud computinginternet

More about ArcSightBillCitrix Systems Asia PacificMountain ViewNetwork GeneralPhoenixPhoenix TechnologiesPhoenix TechnologiesTechnologyTrend Micro AustraliaXchange

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Christine Burns

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place