Evolution of the Cloud as a Security Platform


The cloud has always had the potential of being a cost-effective and elastic computing resource for customers. However, security has long been an issue that impeded adoption by many customers.

A remarkable change has occurred though, in which providers of cloud computing resources are becoming part of the United States Critical National Infrastructure (CNI).  As cloud vendors become mission-critical to the nation, and work more closely with the US federal government, cloud providers’ security capabilities often surpass those of even the largest corporate environments.

This has been achieved through cooperation among CNI vendors and the US government, and coordinated responses against security threats. In effect, we’re now seeing an environment where an attack on one critical national resource is seen as a potential attack on all.

Prior to this evolution, at my company we believed the cloud was well-priced but not quite secure enough. However, as a result of operational and technical improvements we now view platforms such as Windows Azure as being mature and secure enough to run privileged identity management products.

Elastic Clouds

A few years ago I saw a great keynote demo by Microsoft on how Hyper-V virtual machines could be rerouted between different sets of hardware/hosts as well as between different data centers without the loss of data or even loss of service. I have also seen this same capability demonstrated by VMWare in their environment.

My company implemented this same architecture within our own data centers to run our workloads and as a way of exploiting generic hardware plus high performance SAN to achieve scale and flexibility. In general we have seen the benefits of hypervisor mobility and have achieved great results so far.

We have always been agnostic as to what platforms we manage and run on. This policy means that our products operate on physical hardware, as well as in a partial or full virtual machine environment. The choice has always been up to the customer.

We eschew providing proprietary hardware appliances with embedded versions of operating systems and databases. Our belief is that given the importance of our security solutions, the customer should be able to own and understand the hardware and software on which it runs.  Having an open and non-proprietary architecture means that customers can deploy an appropriate physical and logical distribution of our software that is suitable for their geography, security needs and budget.

The economics of customers supplying the hardware and underlying software has worked great since many of our customers also have direct agreements with companies such as Microsoft and Oracle to obtain their core operating system and database software.

As Microsoft has evolved into a product, cloud and services business, we’ve witnessed two significant changes: prices for many of their on-premises products have gone up, while the same or equivalent products running in their cloud are now effectively free of perpetual license costs.

Another game changer in the marketplace is the advancement of systems management platforms such as Microsoft System Center 2012 to not only monitor and manage virtual workloads in a private hypervisor environment, but also to extend this ability to move workloads to and from cloud providers such as Windows Azure.

An Opportunity for Privileged Identity Management in the Cloud

With this change in strategy by Microsoft we decided it was time to host our privileged identity management (PIM) solutions in Azure to see how well they work and to test the performance in the cloud. At the recent CSA Congress 2013 in Orlando, we announced that our PIM solution known as Enterprise Random Password Manager™ (ERPM) is now available on Windows Azure. We added cloud-hosted support of our product in Azure because we believe that it is now mature and secure enough to run ERPM in highly sensitive and distributed workloads.

This is a significant development because PIM is a sensitive and mission- critical workload in an enterprise. PIM discovers, manages and stores super user account credentials (such as root and administrator), as well as cryptographic certificates and keys. Data integrity, fault tolerance and scalability are an absolute must. Windows Azure not only delivers a trustworthy platform, it does so faster and at a lower price than on-premises solutions.

One of the key reasons we selected Windows Azure as our go-to-market public cloud platform was because of its worldwide deployment of data centers. With Windows Azure, we can bring up an enterprise grade privileged identity management solution globally in less than one hour, and have it appear as part of a client’s existing infrastructure within this same time frame. Given how many different platforms ERPM manages, and at a massive scale, the elastic computing of Windows Azure is very appealing.

Our customer base is worldwide and includes clients in national defense, intelligence, government, financial institutions, retail and manufacturing, as well as many organizations tagged as part of the critical national infrastructure of the United States. These customers demand uncompromising up-time, absolute security, transparency and performance. We believe that by providing both on-premises and public cloud based solutions - such as hosting ERPM on Windows  Azure - we can more quickly meet the needs of our client base without compromising quality or security.

Philip Lieberman, the founder and president of Lieberman Software, has more than 30 years of experience in the software industry. In addition to his proficiency as a software engineer, he developed the first products for the privileged identity management space, and continues to introduce new solutions to resolve the security threat of privileged account credentials. Lieberman has published numerous books and articles on computer science, has taught at UCLA, and has authored many computer science courses for Learning Tree International. He has a B.A. from San Francisco State University.

Edited by Cassandra Tucker

Related Articles

Coding and Invention Made Fun

By: Special Guest    10/12/2018

SAM is a series of kits that integrates hardware and software with the Internet. Combining wireless building blocks composed of sensors and actors con…

Read More

Facebook Marketplace Now Leverages AI

By: Paula Bernier    10/3/2018

Artificial intelligence is changing the way businesses interact with customers. Facebook's announcement this week is just another example of how this …

Read More

Oct. 17 Webinar to Address Apache Spark Benefits, Tools

By: Paula Bernier    10/2/2018

In the upcoming webinar "Apache Spark: The New Enterprise Backbone for ETL, Batch and Real-time Streaming," industry experts will offer details on clo…

Read More

It's Black and White: Cybercriminals Are Spending 10x More Than Enterprises to Control, Disrupt and Steal

By: Cynthia S. Artin    9/26/2018

In a stunning new report by Carbon Black, "Hacking, Escalating Attacks and The Role of Threat Hunting" the company revealed that 92% of UK companies s…

Read More

6 Challenges of 5G, and the 9 Pillars of Assurance Strategy

By: Special Guest    9/17/2018

To make 5G possible, everything will change. The 5G network will involve new antennas and chipsets, new architectures, new KPIs, new vendors, cloud di…

Read More