Skip to content

Securing the Clouds

VIRTUAL SERVERS can streamline and organize a data center. Myriad applications and appliances can be made into similarly sized virtual machines (VMs) that fit into one piece of hardware and can be swapped in and out as needed.

One new product, the Deep Security Firewall from Third Brigade of Ottawa, Canada, is promising to let companies control their VMs’ security even when the machines are “in the cloud,” meaning that they are outside the company’s network.

This type of firewall can be particularly suitable for companies using Security as a Service (SaaS) vendors, which typically provide sophisticated security technology at a more affordable price. But many companies are concerned about handing their data to another firm.

“I know my security policies will be consistent at all times, no matter where my servers are,” says Mike Gioja, CIO and executive vice president of products and services at Workstream, an SaaS vendor that hosts human resources Web portals. With hundreds of machines and pressure from customers, he also knew he wanted some kind of virtual security product. He chose Third Brigade partly because he’s considering outsourcing some VMs himself. If his VMs aren’t working properly it would help to have some offsite backup, he says.

Many companies are rushing to implement VMs without proper security considerations, a recent Gartner report says. Many IT departments mistakenly assume that their approach for securing virtual machines will be the same as any operating system. Also, the virtual security market is relatively immature, the report states, but it suggests that companies investigate solutions.

Gioja says he also liked Third Brigade’s security features compared to some other security appliances he tested. It gives him highly detailed security control of each VM. Each machine has its own agent that can be controlled by a central console, he says. Other virtual server devices only had controls for the server as a whole.

Gioja says that he performed numerous penetration tests from outside security vendors. When a vulnerability was found, he was able to fix it far faster with Third Brigade than with other products.

The security console also provides a detailed, overall picture of the virtual server’s security. This is particularly helpful in compliance reporting, he says. Reports can be generated for a number of major compliance regulations.

The firewall product is free. Support is also available on up to 100 VMs for 12 months at no cost. Support costs about $15 annually per machine thereafter. Securing each additional VM, beyond the first 100, costs about $80 and about $15 annually in support.