StillSecure - jumping the gun on cloud security?

Security is one of the pressing issues when large enterprises consider deploying some workloads in a cloud computing environment. Rajat Bhargava, Chairman and CEO of StillSecure recently stopped by to discuss how his company is working to address this and other needs in a cloud computing environment.

StillSecure's strategy is based upon two premises: 1) the industry is seeing a fundamental shift to outsourcing IT functions and 2) soon, enterprises will be looking to services providers, hosting companies and telecom providers for secure, well-managed environments in which to host their important workloads. Based upon those premises, StillSecure has been building tools and offering services to mid-market companies in the hopes of making their journey into the clouds safe.

To that end, StillSecure is offing the following products to service providers and services to end user organizations:

• Managed firewall to prevent unauthorized access to the customer's network and securely track and control access to data. The company also offers a managed web application firewall to guard web-based applications.
• Managing client-owned equipment (Fortinet FortiGate or Cisco ASA UTM)
• File Integrity Monitoring to assure customers that changes to data are authorized.
• Log Management Service to consolidate and correlate log events from network systems, devices applications and tools making it more easily possible for organizations to comply with PCI requirement 10
• Managed high-speed intrusion detection/prevention to identify and stop network attacks before they can cause damage
• Vulnerability Scanning Service to systematically scan for network vulnerabilities
• Managed VPN to create secure network "tunnels" allowing offsite users to access business systems and resources
• PCI complete service that combines PCI procedures, a complete suite of network technologies and StillSecure's exprertise.

Snapshot analysis

Although I think StillSecure's vision is a good one, I think that the timeline that they're working on doesn't match what I've seen in the market place. Cloud adoption is not progressing along the same path as the adoption of other procedures or technologies. I wrote an article about the strange cloud adoption cycle for a Kusnetzky Group client. If you're interested, it can be found here: Strange Cloud Adoption .

Due to what we've observed, it is clear that medium and large organizations that might need StillSecure's products and services have not yet move critical workloads into a cloud environment. That being said, StillSecure's services might be a valuable addition to these organization's own IT operations.