Catbird's CEO, Edmundo Costa, dropped by to chat about implementing security policies in the era of cloud computing. The challenge, he points out, is that cloud computing environments are too agile, can grow or shrink to meet business requirements, and can make it very difficult for organization's static security processes to keep up.
Catbird believes that security systems should:
- Assure isolation of one virtual machine from another through the use of a virtual LAN (VLAN) or through Virtual Firewall policies and through the entire lifecycle of a VM. It shouldn't be possible to spin up a new VM without the appropriate policies being validated. Changes should be verified and VMs having unauthorized changes should not be allowed to even start up
- Security should be automated to assure that IT administrators know what is running, where it is running, who or what started it and IT should be notified if something unusual is going one. Furthermore, if the organization desires this, unauthorized activities should not be allowed to run.
- All necessary information for an audit should be collected and maintained automatically.
Catbird believes that organizations need the ability to discover processes regardless of where they're running, put processes into appropriate security trust zones, verify all activities of VMs in those trust zones, and enforce policies when needed. Catbird's technology, Costa pointed out, does all of these things.
Costa described how a number of Catbird customers in telecom, healthcare, government and other markets are using Catbird's technology to create and maintain a secure environment regardless of where activities are executing or how they are being accessed. If you'd like to read more about these use cases, I'd suggest visiting the company's website.
Catbird has developed very powerful technology and customers I've spoken with typically rave about what Catbird has done for them. Since there are so many other security suppliers saying similar things, one of Catbird's bigger challenges is creating awareness and interest in the mind of IT executives in the face of all of the marketing done by bigger competitors.