By Sramana Mitra and Siddarth Garg
Sramana Mitra: So, you already have a solution, and you are just applying it to a cloud environment because you encountered a problem that your customers were asking for solutions for.
Chris Burchett: That is right, and there are additional functionalities that we are building into the product in the future that will be unique to the cloud. For example, if you are running in a public cloud, is it possible that somebody else launches your virtual machine image without your knowledge? Yes, it’s possible. Now, if you control the account for the log into that image, this greatly mitigates your risk. But you can further mitigate your risk by ensuring that the encryption keys cannot open unless you are aware of it. So, one of the things we will be providing is the ability for the agent that enforces encryption in that machine to “phone home,” if you will, and request that it be able to unlock the key.
That is an example of where we take existing technology that we already have and just extend it slightly, and we have a more robust solution for the cloud. But you can absolutely run our stuff in the cloud right now, today, and get the benefits I talked about before.
SM: Are the use cases you’re responding to, through this and other cloud solutions, all in the domain of the public cloud infrastructures and service? Are there other configurations or scenarios?
CB: There are other scenarios, but I’m probably not going to talk too much about those because they are a little bit further out, and they are not the kinds of things we are talking about publicly right now. Another scenario may be that you decide you want to do this sort of thing in a private cloud scenario where you do have dedicated resources in a third-party data center but you still want to run the same kind of protection encryption agent. Because you never know, right?
SM: It doesn’t matter if it is a public cloud or a private cloud, as long as you are using infrastructure that is in somebody else’s data center.
CB: Yes, exactly.
SM: The problem is the same?
CB: The problem is the same from our perspective. Even if it is private, you may want to control the release of your data. If somebody were to subpoena your private cloud infrastructure provider, they would not be able to release your data without your control or at least without your knowledge.
SM: Would you talk a bit about what is happening with the service vendors who host or provide hosted software solutions? Are those vendors facing the same kind of issue, and are the solutions the same?
CB: Yes, it is really interesting, and you probably hear a lot of perspectives on what is driving software as a service (SaaS). In terms of SaaS, my perspective is that a lot of what has driven the SaaS market up to this point has been the business side of the enterprise rather than the IT side because they could get to market faster. So, SaaS is driven by the need to be agile, if you will, to be fast to market, to be flexible. Instead of going to my IT department to stand up the customer relationship management (CRM), I just go to Salesforce.com, and open my checkbook.
So, the people who are making that decision have a different view of risk management than do the people who are on the IT side, right? They are willing to tolerate a greater degree of control from the provider, and they are probably not as trained to scrutinize the provider as much.
SM: That is correct.
CB: So that would be fair [to say], right?
SM: That would be fair.