One of my observations from the RSA Conference this year was the continuing evolution of cloud providers into cloud security providers. Where it used to be said that security was one of the drags on cloud adoption, the fact is cloud providers have turned this argument on its head by becoming cloud security providers. Whether offering organic, homegrown solutions built into the platform or partnering with cloud security experts, most cloud providers are now also cloud security providers.
I had a chance to speak with several cloud providers during the RSA show. The folks at Alert Logic actually had a partners pavilion that featured some of Alert Logic's many cloud/hosting/service provider partners. Represented there were Navisite, Sunguard and Rackspace.
Now you may ask yourself, what are these three cloud provider doing on the exhibit floor of RSA? Sure they could be walking the floor looking for solutions to help make their clouds more secure. But they were exhibiting. Are cloud providers now hawing cloud security?
You bet they are. Thanks to partnering with cloud security providers like Alert Logic, cloud providers have turned a weakness into a strength. They consider security one of their strong points now.
In speaking with these cloud providers they see two distinct pieces of the security puzzle. The first is the security they are building into their platforms. At the IaaS level, they are building security into the platform the same way people expect power, ping and pipe. It is part of the offering that what the provider provides is secure as well.
There comes a point though were the responsibility for providing security passes to the customer. This security is not part of the infrastructure. Where that point is can be a moving target. In a PaaS environment it is much higher up the stack than in IaaS for instance. But no matter what at some point the line is passed where the customer is responsible for security. At that point cloud providers offer a bevy of 3rd party partners who are pre-tested, certified and integrated with their offerings.
Alert Logic perhaps more than most have built their business in this arena. They have worked extensively with cloud providers big and small. From some unique integrations with AWS which their Chief Strategy Office Misha Govshtyen spoke to me about in San Francisco, to working closely with Rackspace, Navisite, Sunguard and Datapipe. With an in the cloud solution built for the cloud, rather than cloud washed as Securosis analyst Rich Mogull calls it, Alert Logic is gaining a lot traction in this space.
Interestingly enough cloud providers are also now rolling multiple clouds to satisfy customer demand with security being a big driver. I spoke with Chris Patterson, Vice President, Product Management at Navisite. Chris told me about the different cloud offerings at Navi. In addition to their traditional public cloud IaaS service, they have also rolled out NaviCloud Director. The IaaS platform offers more of Navi's managed services on top of the public cloud. Part of those managed services are managed security, including the Alert Logic service.
Chris says that Director has been a really big hit for Navi and points to the fact that while self-serve public clouds are a big hit, there are many people who need a little more hand holding and want managed services wrapped around this.
This of course matches what Govshteyn over at Alert Logic says. The majority of their business which is approaching $50m a year is based on managed cloud security for customers who have their infrastructure in the cloud.
For me this means that just because companies place their data and applications in the cloud, it doesn't mean they want to run and manage them themselves. This makes for a great opportunity for both cloud providers and cloud security providers.
Kudo to Navi, Rackspace and the others for turning what was perceived as a weakness into a strength around cloud security. It is good to see them out on the RSA floor as security vendors.