Category Archives: cloud security

acquisition, Adallom, cloud security, M&A, Microsoft, News & Analysis

Microsoft unveils cloud security plans for Adallom amid rising cloud unrest

Cloud securityMicrosoft has announced its plans for Israeli founded cloud security firm Adallom, the cloud security firm it bought for a reported $250 million.

Detail of the plans for its new acquisition was unveiled in a Microsoft blog by corporate VP for cloud and enterprise marketing Takeshi Numoto. Though reports of the acquisition emerged in July details of Microsoft’s cloud security strategy have only just been unveiled.

The frequency of advanced cybersecurity attacks has made security ‘top of mind’ among cloud users, according to Numoto. The acquisition of Adallom will expand Microsoft’s existing identity assets by acting as a cloud access security broker, allowing customer to see and control application access, Numoto explained. It will also protect critical company data stored across cloud services. Adallom helps secure and manage popular cloud applications including Salesforce, Box, Dropbox, ServiceNow, Ariba and Microsoft’s own Office 365.

Adallom will complement existing Microsoft offerings as part of Office 365 (serving in a monitoring capacity) and the Enterprise Mobility Suite (EMS), which includes Microsoft’s Advanced Threat Analytics system. Microsoft had previously bought another cloud-security vendor, Aorato, with Israeli Defence Force ties, in 2014. Aorato was rebranded as Advanced Threat Analytics.

Adallom’s technology monitors the use of software-as-a-service applications and was created by founders 2012 by Assaf Rappaport, Ami Luttwak and Roy Reznik who met while serving in intelligence for the Israel Defense Forces.

The unveiling of Microsoft’s cloud defence plans coincides with an independent report, by Osterman Research, that 76 per cent of UK firms are concerned about the lack of security in the cloud, with consumer-grade cloud storage of corporate documents being named as the chief cause of unease.

The report found that employees preferred consumer-focused file sync and share (CFSS) solutions to enterprise-grade file sync and share (EFSS) solutions in the workplace, and often failed to consider the security risk posed by CFSS solutions.

Services that will be monitored by Microsoft’s new cloud security acquisition, such as Dropbox, which allow consumers to instantly sync files across all devices, but do not provide the same protection of information as EFSS, were identified in Osterman Research’s report as a particular cause for concern.

“Use of CFSS over EFSS significantly increases corporate risk and liability,” the Osterman Research report warned.

“We are thrilled to welcome the Adallom team into the Microsoft family,” said Numoto in his Microsoft blog, “cybercrime will persist in this mobile-first, cloud-first era, but at Microsoft we remain committed to helping our customers protect their data.”

cloud security, Funding, Netskope, News & Analysis

Cloud broker Netskope raises $75 million for analytics based security enforcement services

Secure cloudCloud security firm Netskope has received $75 million to develop its policy enforcement systems for cloud applications.

Describing itself as a cloud access security broker, Netskope raised the investment in a Series D funding round led by Iconiq Capital. Existing investors Accel Partners, Lightspeed Venture Partners and the Social + Capital Partnership also participated.

Netskope monitors and enforces policy on data shared across cloud applications. It aims to give companies an instant view of the use of their data and creates plans of action to prevent betrayed confidences and information leakage. In May 2014 investors staked $35 million in a Series C round of funding. It total, the company has raised $130 million in investment.

Data protection for cloud based apps is an emerging niche in the security market which, according to analysis by Gartner, has a market value of $5 billion. The new genre of Cloud Access Security Brokers solves problems that cannot be addressed by traditional firewalls, according to Gartner.

Netskope’s founder claims that the company differentiates itself by being more precise, and going deeper into the data. This, says founder and CEO Sanjay Beri, helps customers gain better understanding of their data’s exposure.

While cloud apps give the workforce better tools and flexibility, the IT department has to manage the proliferation of data shared across the masses of unsanctioned cloud apps, said Beri. Since there are often ten times more cloud apps in use than IT departments are aware of, this is creating a massive security problem, which Netskope aims to solve, according to Beri.

“Only Netskope provides surgical visibility and control for all cloud apps, whether sanctioned by IT or not,” said Beri. Mobile apps in particular will create security problems for enterprises, as the bring your own device trend continues, according to Netskope, which offers a data loss prevention system that examines 400 different file types across over 3000 different data identifiers. Its own internal figures suggest that 90 per cent of the apps used by its enterprise customers are unsanctioned and not considered as enterprise ready. In addition, 13.6 per cent of those app users have had their account credentials compromised.

The new capital will be used to expand sales, marketing, customer success, engineering and research operations worldwide, adding to its current 250 person headcount. New data centres are planned for Asia-Pacific and Europe to meet growing demand.

Cloud computing, cloud security, Microsoft, News

Microsoft Plans to Buy Security Firm Adallom

Microsoft is set to be paying 320 million dollars in cash for Adallom, a startup with software for monitoring the use of cloud-based services. A source has claimed all 90 employees, including the 30 in the US, will function an independent unit of Microsoft and will manage material related to cybersecurity for Microsoft.

While Microsoft has refused to comment on the supposed deal, the Wall Street Journal claims, “According to the people familiar with the matter, Adallom, which employs 90 people world-wide, will continue to operate from Israel, building up Microsoft’s cybersecurity-focused operations in the country.” The first to report the deal were Israeli media outlets Calcalist and Globes, with reports later coming from the Wall Street Journal.

ht_microsoft_cc_120823_wg

Microsoft has continued making the cloud a priority throughout the whole company, and building an intelligent cloud platform is one of three areas of investment for the company. Cloud security is vital to the company as they switch to more internet based occupations, hence the move to purchase Adallom. Usage and revenue from application Office 365 has increased during the first quarter of 2015, and Microsoft want to protect this trend.

This is just one of Microsoft’s myriad of partnerships and acquisitions this year. Microsoft has previously attained a provider of machine learning technologies for e-discovery and information governance. The company’s software uses advanced text analytics to perform multidimensional analyses of data collections, intelligently sorting documents into themes, grouping near-duplicates, and isolating unique data. In addition,  Microsoft has purchased N-trig and Aorato.

The post Microsoft Plans to Buy Security Firm Adallom appeared first on Cloud News Daily.

cloud security, Cloud Services, News

Salesforce Adds Security Service

Salesforce has recently announced Shield, a set of services that expands the security and compliance tool sets of developers creating apps on the Salesforce1 platform for regulated industries. The service adds auditing, encryption, archiving and monitoring services to Salesforce1 to make it easier for developers to ensure that cloud apps meet the security, compliance and governance requirements of their organization and industry standards. Shield may be explored in a drag-and-drop interface instead of requiring app developers to search through code.

cloud security

Tod Nielsen, executive vice president of Salesforce1 Platform, said “[Companies] in regulated industries have struggled to take full advantage of the cloud due to regulatory and compliance constraints. With Salesforce Shield, we are liberating these IT leaders and developers, and empowering them to quickly build the cloud apps their businesses need, with the trust Salesforce is known for.”

Shield will have three main features: Field Audit Trail, Data Archive and Platform Encryption. Field Audit Trail allows developers to monitor data exchanged through their apps to ensure that it is kept up to date and compliant with industry regulations; it may track data changes for up to 10 years. Data may be deleted when no longer needed. Data Archive allows historical data that needs to be kept for a long time to be stored, which helps ensure data is available when needed. Platform Encryption allows developers working on the Salesforce1 platform to encrypt data without affecting the way it is used by other areas of the business so that they do not need specialist hardware or software.

The post Salesforce Adds Security Service appeared first on Cloud News Daily.

Cloud computing, cloud security, News

Open API Efforts Begin

Ciphercloud and the Cloud Security Alliance (CSA) have been working to fill a gap in the cloud access security broker market. It is a new working group for defining a uniform Open API. The group is led by CipherCloud and also includes from Deloitte, Infosys, Intel Security and SAP. The Open API looks to define a standard for the emerging cloud access security broker (CASB) space. CASB will cover four categories: data protection, threat prevention, visibility and compliance.

csalogo

Cloud identity is mainly handled by Security Assertion Markup Language (SAML) assertions, which can enable federated identity across cloud vendors. Chenxi Wang, vice president of Cloud Security & Strategy at CipherCloud, explains that identity management is only part of the battle in cloud security, and that the API will cover not only identity management but also data classification, data protection and access management.

Wang describes, “We will not propose new protocols to replace SAML, but instead, we will fill gaps where existing standards are lacking. For instance, how does the enterprise specify to the cloud service that a particular piece of data and content can only be stored in a particular geography? You can’t do that today automatically.

“This Open API effort will standardize the specification, control and assessment across the tiers of the cloud infrastructure, which will in turn significantly lessen the work on the developers’ part and hence expedite time to market for cloud adoption. The immediate goals of this effort are to issue specifications for the API framework, reference architecture documents, as well as a few whitepapers. After that, we may propose to incorporate that as part of the CSA STAR, if the industry embraces the API standards.”

The group is focused on its immediate goals first and foremost. While the groups formation was announced in late June, it is expected to begin operations in July.

The post Open API Efforts Begin appeared first on Cloud News Daily.

cloud security, Cloud Services, News

Cisco to Acquire OpenDNS

Cisco has announced that it plans to buy cloud security company OpenDNS for $635 million. This amount is to be paid in cash and assumed equity awards, plus retention based incentives for OpenDNS, according to information released by Cisco.

OpenDNS provides a cross-platform online threat-protection service that Cisco will utilize to increase its own security, stating, “broad visibility and threat intelligence from the OpenDNS cloud delivered platform.”

Hilton Romanski, leader of business development at Cisco, said, “The acquisition will extend our ability to provide customers enhanced visibility and threat protection for unmonitored and potentially unsecure entry points into the network, and to quickly and efficiently deploy and integrate these capabilities as part of their defense architecture.”

Open-dns-logo

OpenDNS will join the Cisco Security Business Group and the deal is expected to close during the first quarter of fiscal 2016.  David Ulevitch, founder and CEO of OpenDNS, said,  “We’re not going anywhere and OpenDNS as you know it will continue to work as it does today.” While OpenDNS has over 50 million users, it has only 10,000 paying customers and runs 24 data centers.

Cisco has stated, “The burgeoning digital economy and the Internet of Everything are expected to spur the connection of nearly 50 billion devices by 2020, creating a vast new wave of opportunities for security breaches across networks.”

Hilton Romanski also added “As more people, processes, data and things become connected, opportunities for security breaches and malicious threats grow exponentially when away from secure enterprise networks.”

The post Cisco to Acquire OpenDNS appeared first on Cloud News Daily.

CipherCloud, cloud security, Cloud Security Alliance, CSA, Jim Reavis, News & Analysis, Pravin Kothari

CSA, CipherCloud look to standardise APIs for cloud access security brokerage

The CSA and CipherCloud are leading an initiative to standardise API implementation for cloud access security brokerage

The CSA and CipherCloud are leading an initiative to standardise API implementation for cloud access security brokerage

The Cloud Security Alliance (CSA) and cloud security vendor CipherCloud are forming a working group to jointly develop best practice around API deployment for cloud access security brokerage services.

Cloud Security Open API Working Group, which at its founding will include contributions from Deloitte, InfoSys, Intel Security, and SAP among others, will jointly define protocols, guidelines and best practices for implementing data security services – encryption, tokenisation and other technologies – across cloud environments.

The CSA said the working group plans to develop API specifications and reference architectures to guide cloud-based data protection.

“Standards are an important frontier for the cloud security ecosystem,” said Jim Reavis, chief executive of CSA.

“The right set of working definitions can boost adoption. This working group will help foster a secure cloud-computing environment – a win for vendors, partners and users. Standardising APIs will help the ecosystem coalesce around a universal language and process for integrating security tools into the cloud applications,” Reavis said.

Pravin Kothari, founder and chief executive of CipherCloud said: “Cloud is the killer app for security innovation. But currently, inefficiencies at the technical level in the form of custom connector protocols can hold back innovations in cloud security. Defining a uniform set of standards can enable us all to operate from the same playbook. As a pioneer in [cloud access security brokerage], we are excited to co-lead this initiative with CSA to accelerate security across clouds.”

The initiative may enhance the ability to integrate various cloud services securely according the Jeff Margolies, principal at Deloitte, and open up what is generally considered to be a fairly closed, proprietary-dominated space.

“Currently the cloud security ecosystem lacks basic integration standards for connecting third-party security solutions to cloud applications, platforms and infrastructure,” he said, adding that the working group may help consolidate standards among vendors and cloud customers.

Cloud computing, cloud security, News, Partnerships

North State Communications to Acquire Stalwart

North State Communications, a leading fiber optic network, data center and cloud services provider, has announced its plans to purchase Stalwart, an IT security integration firm. The purchase will complement DataChambers, North State Communication’s data center and cloud computing subsidiary. While North State Communications said that it expects to close the deal in the third quarter, no details pertaining to the deal were disclosed.

datachambers

 

Royster Tucker III, CEO of North State describes, “North State is extremely pleased to be gaining such a highly qualified and well-rounded IT security firm as Stalwart. Their professional integrity and mastery of advanced threat protection are ideal counterparts for DataChambers’ data center and cloud offerings. Bringing Stalwart onboard further fuels our strategic growth and helps round out our ability to effectively address some of the greatest IT challenges facing businesses today.” Tucker also said that the deal originated from North State Communication’s search for ways to add value for business customers.

Tucker also said, “As businesses begin to move into the cloud and IT infrastructure becomes distributed and moves into the cloud, we wanted to build that business and Stalwart has real expertise in IT infrastructure and security. Today more than ever, you have to wrap that in an envelope of security, and that’s what Stalwart brings to the table.”

Bill Cooper, CEO of Stalwart, also shared his opinion of the deal:  “North State is a strategic acquirer who shares our core virtues and beliefs. This, more than anything, will continue to make Stalwart unique and better. It is exciting to think of the myriad ways our team will now be able to create additional value for our coveted and growing customer base.” Bill Cooper will continue to lead Stalwart as it joins North State.

The post North State Communications to Acquire Stalwart appeared first on Cloud News Daily.

Cloud computing, cloud security, Cloud Services

Elastica Partners with Telstra to Expand into Australian Cloud Security Market

Recently, cloud security firm Elastica has partnered with Cisco and Telstra to expand into the New Zealand-Australia region in response to the growing threat of “Shadow IT” that has stemmed from increased cloud use.

Elastica’s APAC managing director John Cunningham describes that problems may arise from the struggle to monitor activities of the many apps operating on their network as well as the data that is left unmonitored in the system. This may pose a threat to the system. Elastica is a company whose aim is to secure the cloud.

 

Telstra-2

 

Because of Australia’s demand for cloud based solutions, it is the perfect market for companies like Elastica, for when cloud networks are needed, cloud security is necessary as well.  Cunningham describes, “Typically with technology, it starts in the US and then it would expand globally, maybe to Japan, maybe to Europe, and then Australia. But this time, it’s a little bit different. Cloud is going out simultaneously around the world, so our investment in Australia is going to be there to support that rapid adoption of cloud applications within Australia.” He then pronounces the importance of cloud security, “For every use of a cloud application, there are millions of events being generated … that becomes a data science problem. As humans, and with the scale of activities happening on cloud application, data science is required to help organizations get visibility of what is important.”

Telstra director of security practice John Ieraci said that Telstra was very impressed by Elasticas ability to handle issues that came from ‘Shadow IT.” “When Elastica appeared in mid-2014, we were impressed with the ability to monitor, track, and block sensitive data in real time and quickly identify shadow IT and shadow data for cloud applications, both SaaS and IaaS, using a data science approach and with zero deployment.”

 

The post Elastica Partners with Telstra to Expand into Australian Cloud Security Market appeared first on Cloud News Daily.

Adallom, cloud security, Funding, HP, News & Analysis, Saas

Cloud security vendor Adallom secures $30m in series C led by HP

Adallom secured $30m in new funding this week from HP Ventures among others

Adallom secured $30m in new funding this week from HP Ventures among others

Cloud security service provider Adallom announced this week it has secured $30m in a series C funding round led by Hewlett Packard Ventures, which the company said it would put towards research and development.

Adallom, which was founded by cybersecurity veterans Assaf Rappaport, Ami Luttwak and Roy Reznik in 2012, offers a security service that integrates with the authentication chain of a range of SaaS applications and lets IT administrators monitor usage for every user on each device.

The software works with a conjunction of end-point and network security solutions and has a built-in, self-learning engine that analyses user activity on SaaS applications and assesses the riskiness of each transaction in real-time, alerting administrators when activity becomes too risky for an organisation given its security policies.

The company said the latest funding round, which brings the total amount secured by the firm since its founding three years ago to just under $50m, speaks to the rapid growth of the SaaS market, and the need for more flexible security solutions.

“The market’s embrace of our approach to cloud security and our investors’ continued confidence in our products, team and results to date is a strong endorsement of Adallom. It also serves as encouragement to continue to execute on our mission to deliver the best platform for protecting data in the cloud,” said Rappaport, Adallom’s chief executive. “We’re determined to exceed the expectations of our customers and investors, and continue our innovation in this market.”

The company said the investment will be used to double down on development and improve support for more services; it claims the security service already supports over 13,000 cloud apps.

Adallom’s funding round caps off a successful month for a number of cloud security vendors, with Palerra, ProtectWise and Elastica all securing millions in investment.