7 Cloud Computing Security Emerging Vendors

Every major technological shift brings with it a shakeup in the vendor hierarchy. As mainframes gave way to desktops, along came Microsoft. Google drove to the top by figuring out how to monetize search. Now, Facebook is busy clawing its way to the top, fighting for control of turf that Microsoft, Google and others thought they owned.

Obviously, behemoth companies have an advantage during market upheaval. They have deep pockets to reinvent themselves and stay competitive. Five years ago, who would have thought Google would be a major smartphone OS player?

But big companies also can be held back by bureaucracy, inertia and group thinking that favors the status quo. Each shift creates the daylight needed for newer companies to gain momentum. VMware, Rackspace and salesforce.com have already become major players, every bit as well positioned to be incumbents when the cloud matures as other more established companies.

However, the cloud has some obstacles to overcome before it’s anywhere close to being considered mature. According to Gartner’s 2010 CIO Survey, security technology was the number-one priority of respondents. In the context of the cloud, security is an even bigger concern.

Reports from hosting.com after IBM and the IT Governance Institute all highlight the primacy of cloud security fears.

Of course, where there is pain in the market there is opportunity. Here are 7 Cloud Security emerging vendors attempting to make the cloud every bit as secure – or more so – than on-premise computing.

This article is the first in a series. We will look at 7 more cloud security companies in our next entry, with storage, platforms, monitoring and management and more to follow. Here, then, are our first 7 Cloud Up-and-Comers:

1. CREDANT

What problem do they solve? Encryption is one of the first security steps experts recommend to mitigate the risks associated with cloud computing. With businesses being asked to trust the cloud provider to manage encryption keys, though, there are inherent vulnerabilities—especially when the keys are kept in the same cloud environment.

The fear of a breach – either through an attack on the cloud provider, or through a malicious insider – is one of the top barriers to full-scale cloud adoption. Having keys stored in the environment under attack isn’t wise.

What they do: CREDANT enables encrypted data to be migrated into cloud infrastructures while data owners maintain control of the encryption key. This relocates the encryption data to the clients’ local sites so that keys aren’t stored at the cloud provider’s data center. Key management is extended to virtual platforms, which encrypts files instead of devices. CREDANT provisions keys to decrypt data as it is needed by individual users in real time.

Why they’re an up-and-comer? CREDANT focuses on encrypting data, not devices. This approach means that CREDANT solutions are transparent to end-users and have minimal impact on operations. The solution eschews traditional sector-based, full-disk encryption in favor of a more flexible and scalable data encryption solution. Their targeted encryption policies require far less space and resources for securely moving data to the cloud. CREDANT has already built out the infrastructure to handle a massive numbers of encryption keys. To date, Credent has over 800 enterprise customers worldwide, with between 7 to 9 million endpoints encrypted.

2. GuardTime

What problem do they solve? Trust is a huge issue in the cloud. Most trust discussions today focus on the end user, but data integrity is equally important. Just as organizations worry now over how they’re going to trust that insiders are actually who they say they are, they should also be worrying about how reliable and trustworthy their data is.

IP theft, data loss and non-compliance can all result from mishandled data. One method that has been proposed but never caught on was data signatures. Unfortunately, signing through PKI or similar technologies is out of reach for most organizations because of the expense and complexity of key management.

What they do: What VeriSign has done for website trust; GuardTime seeks to do for cloud-based trust.. GuardTime has created a keyless signature technology that secures critical data in the cloud and maintains extensive mathematical proof that data integrity is intact. GuardTime’s Keyless Signature is a system of software-generated, automated verification based on mathematics, which frees IT from the burdens of key management.

Why they’re an up-and-comer? Regulatory requirements centered on privacy and data integrity are issues for nearly every industry now, and verifiably clean data goes a long way towards ensuring compliance. This is a big horizontal market, and GuardTime is already cashing in with such customers as Brother Industries, which manufactures multi-function printers using GuardTime integration. GuardTime has partnered with Joyent to deliver the first cloud stack with keyless signature integration.

GuardTime also earned some cyber-security street cred through adventures in Estonia. CEO Mike Gault gained in-the-trenches, cutting-edge cyber-security knowledge while living in Estonia when Russia launched one of the first “cyber-warfare attacks.” Calling it that is probably a bit sensationalist; nonetheless, in a country where 97% of banking transactions are done online, there’s plenty to learn about next-generation security.