Evolution of the Cloud as a Security Platform


The cloud has always had the potential of being a cost-effective and elastic computing resource for customers. However, security has long been an issue that impeded adoption by many customers.

A remarkable change has occurred though, in which providers of cloud computing resources are becoming part of the United States Critical National Infrastructure (CNI).  As cloud vendors become mission-critical to the nation, and work more closely with the US federal government, cloud providers’ security capabilities often surpass those of even the largest corporate environments.

This has been achieved through cooperation among CNI vendors and the US government, and coordinated responses against security threats. In effect, we’re now seeing an environment where an attack on one critical national resource is seen as a potential attack on all.

Prior to this evolution, at my company we believed the cloud was well-priced but not quite secure enough. However, as a result of operational and technical improvements we now view platforms such as Windows Azure as being mature and secure enough to run privileged identity management products.

Elastic Clouds

A few years ago I saw a great keynote demo by Microsoft on how Hyper-V virtual machines could be rerouted between different sets of hardware/hosts as well as between different data centers without the loss of data or even loss of service. I have also seen this same capability demonstrated by VMWare in their environment.

My company implemented this same architecture within our own data centers to run our workloads and as a way of exploiting generic hardware plus high performance SAN to achieve scale and flexibility. In general we have seen the benefits of hypervisor mobility and have achieved great results so far.

We have always been agnostic as to what platforms we manage and run on. This policy means that our products operate on physical hardware, as well as in a partial or full virtual machine environment. The choice has always been up to the customer.

We eschew providing proprietary hardware appliances with embedded versions of operating systems and databases. Our belief is that given the importance of our security solutions, the customer should be able to own and understand the hardware and software on which it runs.  Having an open and non-proprietary architecture means that customers can deploy an appropriate physical and logical distribution of our software that is suitable for their geography, security needs and budget.

The economics of customers supplying the hardware and underlying software has worked great since many of our customers also have direct agreements with companies such as Microsoft and Oracle to obtain their core operating system and database software.

As Microsoft has evolved into a product, cloud and services business, we’ve witnessed two significant changes: prices for many of their on-premises products have gone up, while the same or equivalent products running in their cloud are now effectively free of perpetual license costs.

Another game changer in the marketplace is the advancement of systems management platforms such as Microsoft System Center 2012 to not only monitor and manage virtual workloads in a private hypervisor environment, but also to extend this ability to move workloads to and from cloud providers such as Windows Azure.

An Opportunity for Privileged Identity Management in the Cloud

With this change in strategy by Microsoft we decided it was time to host our privileged identity management (PIM) solutions in Azure to see how well they work and to test the performance in the cloud. At the recent CSA Congress 2013 in Orlando, we announced that our PIM solution known as Enterprise Random Password Manager™ (ERPM) is now available on Windows Azure. We added cloud-hosted support of our product in Azure because we believe that it is now mature and secure enough to run ERPM in highly sensitive and distributed workloads.

This is a significant development because PIM is a sensitive and mission- critical workload in an enterprise. PIM discovers, manages and stores super user account credentials (such as root and administrator), as well as cryptographic certificates and keys. Data integrity, fault tolerance and scalability are an absolute must. Windows Azure not only delivers a trustworthy platform, it does so faster and at a lower price than on-premises solutions.

One of the key reasons we selected Windows Azure as our go-to-market public cloud platform was because of its worldwide deployment of data centers. With Windows Azure, we can bring up an enterprise grade privileged identity management solution globally in less than one hour, and have it appear as part of a client’s existing infrastructure within this same time frame. Given how many different platforms ERPM manages, and at a massive scale, the elastic computing of Windows Azure is very appealing.

Our customer base is worldwide and includes clients in national defense, intelligence, government, financial institutions, retail and manufacturing, as well as many organizations tagged as part of the critical national infrastructure of the United States. These customers demand uncompromising up-time, absolute security, transparency and performance. We believe that by providing both on-premises and public cloud based solutions - such as hosting ERPM on Windows  Azure - we can more quickly meet the needs of our client base without compromising quality or security.

Philip Lieberman, the founder and president of Lieberman Software, has more than 30 years of experience in the software industry. In addition to his proficiency as a software engineer, he developed the first products for the privileged identity management space, and continues to introduce new solutions to resolve the security threat of privileged account credentials. Lieberman has published numerous books and articles on computer science, has taught at UCLA, and has authored many computer science courses for Learning Tree International. He has a B.A. from San Francisco State University.

Edited by Cassandra Tucker
Get stories like this delivered straight to your inbox. [Free eNews Subscription]

Related Articles

Web3 in 2024 - What's the Story So Far?

By: Contributing Writer    2/26/2024

Is Web3 a thing yet? Click here to learn about the 2024 Web3 story so far.

Read More

Shabodi Accelerates Adoption of Network-Aware Applications with CAMARA API Enterprise Reference Implementation

By: Special Guest    2/16/2024

Shabodi, an Application Enablement Platform (AEP) provider unleashing advanced network capabilities in LTE, 5G, 6G, and Wi-Fi 6, announced they have l…

Read More

How Much Does Endpoint Protection Cost? Comparing 3 Popular Solutions

By: Contributing Writer    2/2/2024

Endpoint protection, also known as endpoint security, is a cybersecurity approach focused on defending computers, mobile devices, servers, and other e…

Read More

What Is Databricks? Simplifying Your Data Transformation

By: Contributing Writer    2/2/2024

Databricks is an innovative data analytics platform designed to simplify the process of building big data and artificial intelligence (AI) solutions. …

Read More

What Is Blue/Green deployment?

By: Contributing Writer    1/17/2024

Blue/green deployment is a software release management strategy that aims to reduce downtime and risk by running two identical production environments…

Read More