With both delivery and management of security increasingly moving to the cloud, organizations of all sizes are presented with new approaches to security that use APIs to reduce the complexity of securing applications.
Case in point is CloudPassage, a provider of a cloud security service that makes use of lightweight daemons inserted in a cloud application to provide security as a service. Deployable on public or private cloud infrastructure, CloudPassage's Halo service is based on grid architecture that is similar in concept to a botnet. However, instead of distributing malware, the Halo service uses an analytics engine to alert IT organizations when the security policies attached to any given application workload have been compromised.
As part of the service, CloudPassage has developed an API gateway that makes the data Halo gathers available to third-party applications. The latest ISV to invoke that RESTful API is Splunk, a provider of IT management and analytics tools. Splunk today announced the launch of Cloud Halo App for Splunk Enterprise.
According to Kent Erickson, vice president of operations for CloudPassage, the basic goal of the CloudPassage alliance with Splunk is to provide a framework through which IT organizations can manage security delivered via the cloud using the same tools they already use to manage IT. To that end, Erickson says CloudPassage has inked similar alliances involving security information event management (SIEM) tools from Hewlett-Packard, and governance, risk management and compliance (GRC) tools from the RSA unit of EMC.
The end goal is to slipstream cloud application security into the enterprise in a way that doesn’t require IT organizations to set up a separate set of processes to manage security, while at the same time making security management transparent to developers, who need only deploy a daemon to meet corporate security requirements. That’s critical, says Erickson, because right now security is the single biggest impediment to cloud application adoption. By giving IT organizations visibility into cloud applications, CloudPassage is essentially taking that issue off the table, he says.
While there’s no such thing as perfect security inside or out of the cloud, the goal from a developer's perspective is to find the path of least resistance to compliance with the security protocols an organization has in place. The challenge is that in the age of the cloud, applications can be deployed almost anywhere. A cloud-based approach to securing those applications means that instead of having to worry about each instance of an application, the appropriate security policies travel with that application wherever it eventually winds up, which is as close to set-it-and-forget-it security as developers are likely to see anytime soon.