There are a number of companies that claim they can protect your cloud assets, but those usually only cover specific areas like software, data, deployment or in some rare cases they harden your hosts systems from attack. Some might cover two of these, but few cover all of them in any significant way. Having this complete coverage is important simply because attackers know that the cloud host is often vulnerable. When they cannot get into the data, application or other areas of your cloud presence then they will, naturally go after the host. CloudPassage says that they can cover all of these areas through the installation of a “micro” agent on the host. This agent does not need a persistent or direct connection to the internet. It can work through a proxy if needed and can potentially store client data for a scheduled release of information.
The agent is capable of working on any platform and, according to CloudPassage, can be set up to cover the three major aspects of security; the host, the services, and your software. The agent helps to provide security for the entire development workflow as well. It integrates with the build process to provide data to the client so that they can decide if they need to address vulnerabilities in their software updates or if they can let them push out to production. This is very similar to the way traditional software development incorporates security into the development process, but with the added complexity of the cloud and the services used to deploy code to your cloud space.
Next on the plate for the micro agent is to secure the configuration of your host and services. This is done by removing access to SSH, root level permissions and also making your containers read-only when applicable. These options are some of the routinely exploited areas of host/service security. They are also very often overlooked. CloudPassage also ensures that the content your clients are seeing can be trusted and helps to manage and control your secrets. With their agent, you get visibility into your cloud environment from development to what your client sees. This is not a bad thing at all when most cloud services are murky at best.
So what is the practical upshot of this? Well if deployed correctly CloudPassage gives you a complete inventory of your cloud, containers, code and services. It provides you with information so that an organization can ensure they maintain compliance. It also provides better visibility into your cloud which gives cloud services a better security posture.
As we see more companies move to the cloud it will become even more important to secure those services and applications. A solution like CloudPassage is a solid step in the right direction.