Startup Soha Systems reveals cloud security service

Soha Systems is launching a cloud service today that lifts the burden of setting up customer-owned security platforms and eliminates the need to make network configuration changes to accommodate that security.

Soha Systems is launching a cloud service today that lifts the burden of setting up customer-owned security platforms and eliminates the need to make network configuration changes to accommodate that security.

The service, called Soha Cloud, provides security functions when users initially try to access cloud-based applications. Once they are cleared for access, the service bridges a link to the app they requested as if the request is originating from within the network, making network changes unnecessary.

Tying the service in to customers' cloud infrastructure takes about 15 minutes, and it can be applied to apps located in private or public clouds, according to Soha CEO Haseeb Budhani

The alternative is for customers to buy their own security platforms or individual services from cloud providers and integrate them, says Peter Christy, an analyst with 451 Group. The upside of the service is that it can provide needed functionality quickly, he says.

Budhani claims the service costs a tenth of what it would cost if the same functionality was purchased by other means.

Soha Cloud provides authentication, authorization, application firewalling, WAN optimization and server load balancing among multiple application instances. It also provides a visibility layer for customers to see application accessibility.

Christy says the big upside of the service is convenience. The same ends could be met via other means at the expense of time, effort and money, he says. Initially, Soha will face the task of gaining credibility among early adopter customers so others will follow.

The company has to prove that its platforms all of which are either proprietary or built on open source apps work.

End-users' experiences with Soha Cloud go like this: When they try to connect to a Web app, for example, they first connect to Soha Cloud at one of three points of presence in the Amazon Web Service cloud. (There will be more POPs as demand warrants, Budhani says.)

The POP authenticates users via Active Directory, Google Apps Directory and other platforms. It can use multifactor authentication via one-time tokens sent as text messages to customers' mobile phones.

Once approved, the POP bridges the user to the application server using a reverse proxy called a cloudlet that is collocated with the application. It allows only administrator-sanctioned access to that one app and can't allow horizontal privilege escalation on the network, Budhani says. So a partner could be allowed access to a particular application without risk of gaining access to the rest of the network.

The company was founded in 2013 and is backed by $9.76 million in venture funding, most of it from Menlo Ventures. Budhani says he and cofounders Vice President of Engineering Hanumantha Kavuluru, and Vice President of Marketing Rob Quiros were looking for a way cloud security could be as flexible and quick to deploy as the other elements of cloud services.

The company name is the same as the Arabic name for a star that Arabs used to test their vision. The word star is significant because it is something that is above the clouds, says Budhani.

Soha Cloud is available now and priced based on the number of locations or points of presence customers have in combination with either the number of named users or the number of simultaneous users. The service price starts at $5,000 for access to two applications in one location for 25 users.

Customers can get free access to the service supporting one application for five users indefinitely in order to trial it.

Join the CSO newsletter!

Error: Please check your email address.

Tags startupssecurity

More about CustomersGoogle

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Tim Greene

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place