Startup Spotlight: CloudPassage's Software-defined Security
As the software-defined data center becomes more common, enterprises are seeking security solutions that are abstracted from the underlying infrastructure.
Accelerating adoption of virtualization and the cloud is leading companies to consider software-defined everything – networking, storage and now security. At least that's how Carson Sweet, co-founder and CEO of startup CloudPassage, sees it.
"There is a need for a software-defined security solution that maps to the software-defined data center," he said. "When you move to a software-defined infrastructure, you need security and compliance capabilities that are abstracted from the underlying infrastructure, which is what we provide."
Sweet's company is seeing clients like Citrix adopt software-defined security because "it just makes sense," he said. As detailed in a case study on the CloudPassage website, Citrix began using CloudPassage's Halo security platform to ensure that its own Citrix ShareFile Cloud for Healthcare could offer a HIPAA-compliant environment for secure transfer of sensitive data.
Cloud Security Growth
The growth of these kinds of cloud services presents a key growth opportunity for CloudPassage, Sweet explained. "Security is no longer an insurance policy, but a feature you have to have. If you sell to industries like financial services or healthcare, you have to meet the same compliance requirements as they do."
CloudPassage has about 90 customers, some 50 of which signed on in the past year, Sweet said. More than a dozen of them are Fortune 1000 companies, many of which have multiple deployments of CloudPassage's technology. CloudPassage is seeing a "ton of growth" in these accounts, he said, as different business units within companies decommission their legacy systems and move them to the cloud.
Sweet and co-founder Talli Somekh anticipated this "natural growth pattern," Sweet said, looking at different models for cloud security before deciding to focus on infrastructure. "We wanted to lock on to the fundamental building block. Infrastructure is the foundation for everything else."
The Halo platform automates dozens of security controls, to deal with what Sweet called "a network security hangover." Companies became dependent on a security model in which "intrusion detection was up front, the firewall was up front, the bad guys were on the outside, and the good stuff was on the inside," he said.
This approach does not work in a highly dynamic cloud environment, Sweet said, and is not all that effective even in a traditional infrastructure. "The reason you see so many breaches is there is not enough automation. There are so many knobs and dials that have to be turned on to be secure, that if just one is off you've got a problem."
Noting that a lack of automation was a key contributing factor in famous accidents at both the Three Mile Island and Chernobyl nuclear power plants, he said, "When something is that critical, you automate it to the extent humanly possible, yet today's security systems have not been well automated."
In addition to automation, Halo is different from many other cloud security solutions in three key respects, Sweet said: its scalability, its platform approach and its ability to work in any cloud environment: private, public or hybrid. Scalability is a necessity in the cloud, he pointed out, because organizations using the cloud often must quickly go from small workloads to very large ones.
Startups like CloudPassage are leading the way when it comes to cloud security, Sweet said, noting that legacy vendors are hampered by the need to maintain their existing product suites. It's a "foregone conclusion" that some legacy vendors will look to purchase smaller companies to beef up their own product offerings, he said. But he isn't thinking about whether CloudPassage will be acquired, go public or pursue another exit strategy.
"Right now we're focused on solving problems for our customers. If you do that well, you become a great company and things take care of themselves," said Sweet, who has held leadership roles with both startups and established companies like RSA, the cryptography specialist now owned by EMC.
Quick Facts about CloudPassage
Co-founders: Carson Sweet and Talli Somekh
HQ: San Francisco
Funding: $53 million, with investors including Shasta Ventures, Musea Ventures and Tenaya Capital
Product Category: Cloud security
Customers: About 90, including Citrix and RightScale