Security is one of the major impediments to enterprises moving their resources into the cloud. So, it's not surprising that numerous cloud security companies are springing up, attempting to address specific cloud security issues, like protecting virtual machines or encrypting data in motion.
Here are five up-and-coming companies - some still in stealth mode - that hold a great deal of promise.
Headquarters: Cupertino, Calif., and Cambridge, U.K.
How much it costs: No pricing available at this time.
Who heads the company? Its founders are Gaurav Banga, the former CTO of Phoenix Technologies; Simon Crosby, the former CTO of the Data Center and Cloud Division of Citrix; and Ian Pratt, the current chairman of Xen.org and another Citrix veteran.
Why we're watching the company: Crosby is one of the more outspoken proponents of public cloud computing. He contends the security threats to cloud computing don't grow out of inherent holes in the cloud, but rather stem from unprotected clients, like the ones enterprise users are adding to corporate networks at alarming rates. While the company - which picked up $9.2 million in venture capital money early last summer -- won't be divulging product details until later this fall, Crosby has gone on record as saying that the primary benefit of virtualization will be security. It will be a neat trick if they can pull it off.
Headquarters: Cupertino, Calif.
What it offers: Cloud data encryption and tokenization.
How much it costs: $20 per user per month
Who heads the company? Pravin Kothari is founder and CEO. Prior to starting up CipherCloud, Kothari was founder, CTO and interim-CEO of Agiliance, a GRC software company and was co-founder and vice president of engineering of ArcSight, a security and compliance vendor.
Why we're watching the company: CipherCloud is attempting to take on encryption and tokenization in a way that protects both data at rest and in motion, has low performance overhead for SaaS applications, and does not require enterprise customers to hand over control of encryption keys to their cloud service providers.
According to Kothari, the CipherCloud gateway is a lightweight software appliance that encrypts and decrypts data and attachments as they pass through it. It does so in real-time without loss of performance, format or functionality of the application.
"Our gateway is designed as a stateless solution. This, along with our high-performing encryption algorithms, ensures near-zero impact on the performance," Kothari says. In fact, in certain configurations where CipherCloud has switched on static caching, Kothari says they have seen improvements in performance with its gateway in the middle.
Headquarters: San Francisco
What it offers: Halo SVM and Halo Firewall SaaS products, both of which aim to lock down virtual servers.
How much it costs: Free
Who heads the company? Co-founders are Carson Sweet (serving as CEO), Talli Somekh (executive chairman) and Vitaliy Geraymovych (vice president of engineering). They came to CloudPassage from GlobalNetXchange (now Agentrics), Musea Ventures, and the technology consulting field, respectively.
Why we're watching the company: CEO Carson Sweet argues that virtual machines enabled the explosion in cloud computing, "but people sometimes sort of forget about the virtual network around those machines that need to be secured." CloudPassage focuses on securing the virtual server environment, which is widely viewed as one of the most unpredictably vulnerable spots in the cloud. Early this year, the company released two free services designed to protect cloud-based virtual servers by maintaining firewall policies (Halo Firewall) and checking for vulnerabilities (Halo SVM). The company plans to build a revenue stream by eventually charging for higher-level VM security services that build on the Halo framework.
Headquarters: Mountain View, Calif.
What it offers: Virtual Machine encryption solutions.
How much it costs: Not available yet
Who heads the company? Co-founders are Bill Hackenberger and Steve Pate. Hackenberger, who serves as CEO and president, has founded three other startups, one of which, AIM Technology was bought by Network General. He has also served as vice present of engineering at both Caymas Systems and Vormetric. Pate, who serves as CTO, held that same position at encryption vendor Vormetric and worked at virtualization vendor HyTrust in that company's early phases of development.
Why we're watching the company: High Cloud Security recently printed an excerpt from an article published back in 2010 that outlined in three easy steps how to hijack a virtual machine and in the process steal sensitive data that might be running on the VM at that point in time. High Cloud says the way to prevent this from happening is to encrypt everything at the storage layer that may contain sensitive information. The company's yet-to-be released product is currently in beta testing.
Headquarters: Mountain View, Calif.
What it offers: The HyTrust Appliance (currently available version is 2.2) provides centralized access control for virtual servers, providing enforcement of security policies and compliance controls.
How much it costs: $1,000 per host supported
Who heads the company? John De Santis, formerly vice president, Cloud Services at VMWare is CEO. Co-founders are Eric Chiu and Renata Budko who are president, and vice president of marketing, respectively. Hemma Prafullchandra is CTO. She was formerly CTO of FuGen Solutions, a managed provider of federated identity interoperability and compliance service.
Why we're watching the company: We've been tracking HyTrust for two years now, since it was selected as a 2010 company to watch and won best of show accolades at several industry trade shows. The product held its own against well established market leader Trend Micro in our recent test of virtualization security management tools. The company has reportedly closed more business in the first two quarters of 2011 than it did in the whole of 2010.
Read more about cloud computing in Network World's Cloud Computing section.