CloudPassage CEO: Cloud Security Remains A Mystery To Many Partners, Customers


While cloud computing and its related services are among the hottest topics in the IT industry, the CEO of CloudPassage is calling on channel partners to help their customers better understand the security ramifications.

“I think there's a pretty big learning curve for the channel," Carson Sweet, CloudPassage's CEO, told CRN. "The cloud providers are feeling the pain but they don't know what to do about it. The more traditional channels are not quite there yet, for the most part. A lot of the security VARs and networking VARs and integrators are still looking at things through a very enterprise-oriented line. They look at cloud in the context of virtualization. And while cloud is an iteration of virtualization, it's really quite different. And it's been a bit of a challenge for us to find partners who actually get it well enough to be able to sell our product."

However, Sweet feels that the problem isn’t as much about partners making poor decisions, so much as it is about a lack of action.

[Related: Survey Suggests Customers Need More Help with Security]

“It's not that they're making the wrong turns, they're not making any turns at all,” he added. "They need to study the security SLAs of the various cloud providers with whom they work. When the customer comes to you and says we want you to help us get to the cloud, you need to understand the responsibilities of the provider versus your responsibilities as the channel partner, as it relates to security. And that's one of the key things that the customers need the channel to help them with, or else they end up scrambling to fix the situation on the backend."

Sweet recommends that channel partners begin with mock deployments with preferred cloud services providers before ever attempting to roll it out to their customers. He says that sales engineers typically need to get some experience with the cloud in order to develop the necessary knowledge base to drive customer satisfaction.

"We find that a great number of customers are not adequately secured," he said. "In many cases, the companies do not realize that they are responsible for a lot of their security footing. There is an assumption that the cloud provider does a lot more than they really are in a position to do. The cloud provider is not able to take responsibility for full-on security of the servers. It's kind of like an apartment building where the landlord takes on responsibility for the common areas, but once they hand you the key to the front door, you're responsible for whatever happens inside that apartment. It's very similar for cloud virtual machine."

NEXT: Customers Inadequately Secured

CloudPassage has been focused on cloud security for the past two years, and has witnessed firsthand the struggles the channel partners and customers have had with maintaining secure data and applications in the cloud.

"So that means that the traditional wall and moat security architectures are not going to be effective in the cloud environment," Sweet added. "You need to do security a different way."

CloudPassage deploys security at the guest VM level, leveraging an architecture known as Halo, which is a lightweight piece of software that runs on the virtual machine image and interacts with a very large compute grid that does computations, calculations and analysis of the individual VMs in order to ensure that security is handled properly and consistently.

Earlier this month the company announced the release of its new authentication solution that uses two-factor authentication, including cell phone-based identity verification in order to access cloud-based resources. Sweet says this new development has driven substantial partner interest.

Sweet also noted that many partners are trying to better understand the utility billing model associated with cloud, as well as establishing stronger product knowledge around which products are well-suited to the cloud and which products are not.

"There's a misnomer that you can take an application and airlift it into the cloud, but that's not how it works," he said. "Sometimes it has to be completely re-architected in order to work in the cloud, or get the maximum benefits of the cloud. This is especially true among partners who serve the midmarket."

Sweet added that while many partners are still in the early phases of traveling the curve, a growing number are beginning to better understand how to build a value proposition around the cloud and keep their customers secure.

"The best advice," Sweet said, "is to look at the experiences of the companies that have done this successfully, and model your approach based on what you learn."