Rohati tailors access control to the cloud

Clarifying issues surrounding this emerging security architecture

Rohati Systems is working on a version of its security appliance that will run on virtual machines to enforce corporate access controls as applications and data move into the cloud.

The company’s Transaction Networking System will be modified to maintain access rules at the application layer even when businesses use cloud resources only when they have transient needs for more capacity. Today TNS is available only as an appliance.

Rohati calls this use of temporary extra computing and storage cloud bursting. By imposing Layer 7 access control rules on use of the cloud by individual employees, businesses can create what it calls a virtual private cloud.

To continue reading, register here and become an Insider. You'll get free access to premium content from CIO, Computerworld, CSO, InfoWorld, and Network World. See more Insider content or sign in.

Rohati Systems is working on a version of its security appliance that will run on virtual machines to enforce corporate access controls as applications and data move into the cloud.

The company’s Transaction Networking System will be modified to maintain access rules at the application layer even when businesses use cloud resources only when they have transient needs for more capacity. Today TNS is available only as an appliance.

Rohati calls this use of temporary extra computing and storage cloud bursting. By imposing Layer 7 access control rules on use of the cloud by individual employees, businesses can create what it calls a virtual private cloud.

The name follows the genesis of the term virtual private networking – carving out a secure network from a public network such as the Internet. Similarly, by limiting tightly what applications each user has access to, businesses can better secure their piece of the public cloud at least from the perspective of who gets access to what resources.

Rohati’s efforts try to address a concern many potential users of cloud services have, that their corporate security policies will be enforced within the provider’s network. Other vendors have recognized this need.

Novell, for instance, recently announced a cloud security service that captures business security policies and maps them to the specific enforcement gear located in public clouds. The usefulness of this is clear: businesses can make use of clouds with confidence that their security policies will be enforced with the added benefit of not having to manually translate those policies so they are enforced in the cloud.

Read more about security in Network World's Security section.

Tim Greene is senior editor at Network World.