“The business folks want to go there for the obvious benefits, but the security team still views the cloud as new. They don’t quite understand how they can get visibility into the cloud”, Schoenbaum told Infosecurity.
Security teams want to take a more measured approach to the cloud than the business people. They want to start with less critical applications. “The tension between the two sides is on the timing and the criticality of the applications that go there”, he noted.
Organizations “trust themselves for security but they might not necessarily have an established relationship with a cloud provider. It’s hard to build trust with someone you only started working with recently. So these things have been inhibitors for going to the cloud”, he said.
To address these concerns, Tripwire, a provider of IT security products, has launched its Secured by Tripwire product, which enables the company’s customers to offer a suite of managed compliance and security services to their end users. “We’ve taken our security product and packaged it specifically for cloud and managed service providers”, Schoenbaum said.
Tripwire is offering the cloud security product on a pay-as-you-go basis, so there is no upfront cost. This is different from the previous model in which cloud providers purchased a perpetual license from Tripwire that cost $900 per server upfront, he said.
Secured by Tripwire automates the process of compliance with security codes and regulations, such as the Payment Card Industry Data Security Standard (PCI DSS), Federal Information Security Management (FISMA), and Health Insurance Portability and Accountability Act (HIPAA).
Tim Irvine, sales director at Tripwire customer INetU, told Infosecurity that his company provides cloud services to the retail and financial services industry, so its customers are interested in PCI compliance issues. “Our customers are interested in expanding to the cloud, but there are a lot of unknowns in that architecture”, he said. “For our customers, the dominant driver is PCI compliance”, he added.
Pete Nicoletti, vice president of security engineering at Terremark, another Tripwire customer, stressed the attractiveness of the new pricing model. He told Infosecurity that the pricing model more closely matches the consumption model of its customers.
With the previous Tripwire model, licensing costs were high and “paybacks were not as good as we thought they could be….When we tried to pass along some of those costs, our customers didn’t go for it”, Nicoletti said.
“Now with the new licensing cost structure, we are expecting to see a positive result with more customers selecting this service….We are excited about being able to offer this to customers, so they can consume licenses the way they consume our cloud resources”, he added.