PerspecSys, the Toronto-based cloud data protection company, has closed $12 million in its second round of funding. The company plans to use the capital injection to further develop global sales and marketing efforts and continue product development.

The company supports a variety of popular cloud-based applications, such as Salesforce.com and Oracle CRM On Demand, while using validated encryption solutions from companies like Voltage Security, McAfee, SafeNet, Symantec, and RSA.

Research firm Gartner predicts some $42 billion will be spent on cloud-based security from 2013 to 2016.

Already, PerspecSys claims to have three of the world’s largest financial institutions and one major multinational conglomerate as clients.

“While the cloud continues to deliver amazing benefits to companies worldwide, it also continues to pose some major hurdles,” said David Canellos, chief executive of PerspecSys.

“Businesses are struggling to balance critical data residency, compliance, privacy and security requirements that come with cloud adoption against the need for full application functionality and ease of use. Our focused efforts over the last four years have produced the most advanced gateway in the industry, delivering the only data protection solution that passes the strictest European and US regulatory requirements,” he said.

This round of funding was co-led by new investors Paladin Capital Group and Ascent Venture Partners. They were joined by return backer Intel Capital and other institutional investors. Total investment in PerspecSys now totals over $20 million.

Photo Credit: PerspecSys Inc.

Symantec may be in the process of laying off up to 1,000 people after announcing yesterday that it plans to restructure the company’s focus and increase revenue, according to Bloomberg – though chief executive Steve Bennett says that’s just “speculation.”

The company made famous by its antivirus products has more recently seemed like a sitting duck. Startups are popping up around it, creating impressive products to meet today’s security needs in cloud and mobile security. Symantec, of course, has its own cloud and mobile products, but with companies like Lookout Mobile entering the scene, Norton isn’t the first name you think of when protecting your devices anymore.

Because of this, Symantec introduced the new structure yesterday, saying it needed to become more innovative and increase revenue.

“In order to make the company more flexible and able to adapt quicker to the needs of customers … there will be fewer executives and middle management positions, resulting in a reduction of the workforce,” Symantec said in a statement yesterday. “This process is expected to be completed by the end of June 2013.”

That reduction may be up to 1,000 people, making room for the investments in research and development as well as sales that Symantec says it will depend on.

Bennett told Bloomberg that Symantec is “an organization that has too many layers.” But while he says that the 1,000 number is speculative, it will be a “material reduction.”

The company promises it is focusing on “10 key areas” that will involve taking existing products and building on top of them to make them fit today’s security problems. These products include Symantec’s Norton Protection, Norton Cloud, Data Center Security, and Mobile Workforce Productivity.

Executives also announced that the company is aiming to increase revenue by five percent and “non-GAAP” measurements up 30 percent in the next two to three years.

Layoff image via Shutterstock

Sept. 9 - 10, 2013
San Francisco, CA

Early Bird Tickets on Sale

Folia Grace recently conducted research with analysts and enterprise customers about upcoming trends the cloud.

Here’s what the SAP Cloud’s VP or product marketing says are the top 10 trends for 2013. Grace talked with VentureBeat’s Matt Marshall about her research. This is his edited version of her summary.

Folia Grace, SAP Cloud VP of product marketing

1. Hybrid cloud growth

About half of all new enterprise IT spending will be on hybrid cloud by 2016, up from 40 percent this year, according to a survey by Saugatuck. Another 39 percent will be on pure-play cloud, up from 11 percent. This trend toward hybrid isn’t new. But what’s really new is the movement by third-party integrators to do these hybrid cloud integrations for customers. Not everything that people want exists in the cloud. They have concerns about security and outages. More companies are looking at private clouds as part of their mix.

2. Growth of mobile cloud computing

The first generation of mobile apps didn’t work very well because they were still formatted for laptops and keyboards. The first enterprise apps suffered from the same limitations. Now we have these wonderful capabilities — gesturing, maps, location — and we’re going to take advantage of these. We’re going to build ubiquitously native beautiful apps for the iPad for the mobile work force. Usage stats on the growth of mobile devices in the enterprise are eye-opening. Everyone has an iPad. And people are working from different locations. When they are at the coffee house or at home putting kids to bed, they want something easy to use so they can manage their life easier.

3. Focus on beautiful applications

This continues from the second trend and the mobile cloud. We think people want the same sort of flexibility and experience that they get on their iPad — the drag and drop — in their enterprise experience. They want it to be very simple, almost like a consumer experience: fun, engaging, and interesting. Enterprise companies are going to want to put their own skin on their apps.

4. Arrival of social in all cloud solutions

Social is not new, and neither is business intelligence. But until now, they’ve been disconnected. If you’re looking at your desktop, maybe you have an RSS feed from everyone at the company talking about the new office. But then you’ve got BI in a separate dashboard. They’re separate. Going forward, we’re starting to infuse social in all of our business processes. Social is a part of the business process. There’s social recruiting, social management, social business intelligence. One of the things we noticed is that when you provide more and more dashboards and analytics reports, you don’t change the behavior of people.

5. Need for the ‘glocal’ cloud

The cloud has been accepted in U.S. But other countries have more stringent privacy laws and require companies to keep certain data within their own country. We see that opening up much more broadly and globally. In Latin America, things are definitely picking up. It has a booming economy and a tight labor market — and not enough skilled IT people to implement the technology they need. It loves the cloud. We see Europe becoming more open to cloud solutions. We call it the “Glocal”: While the global opening is great, certain parts have to be managed at the local level. Managers want to have cost-savings by having best-practice processes in the cloud while being able to take care of local compliance and reporting requirements. Finance and HR have to be managed at the local level, for example.

6. Increased importance of cloud security

The first batch of cloud purchases driven by a line of business managers didn’t have many implications for business, either because they weren’t mission critical or they didn’t have highly sensitive data. But as companies move up the chain with their purchases, we see more CIOs getting involved in the sales cycle. Core HR systems have rich employee data, including social security numbers, compensation, and addresses. CIOs need to understand what the security levers are and whether they meet their criteria.

7. Bring your own cloud (BYOC) boom

Employees are bringing in their own devices, downloading their own apps for work. Some of them in sensitive enterprise positions won’t admit publicly to some of the things they use. They may use Evernote to take notes; it’s a fabulous tool. But they use it outside of the corporate firewall. Or they may use Doodle Buddy to illustrate concepts with their finger, which they can turn into PDFs and use for business. These are examples of bringing your own cloud to do your work. There are many more examples of this blurry line between enterprise and personal devices. There’s not a lot of security around this.

8. Rise of the geopolitical cloud

As cloud computing goes global and goes beyond borders, some things are at odds — such as the Patriot Act. Some of our partners don’t like the idea that if they use U.S. servers; they are subject to U.S. government laws around their strategic data, including where it is stored. French companies are leading this resistance. They’re creating their own national cloud (see example of SFR’s French cloud) so that they can control restraints put on them. You will see more or less controls emerging, depending on where cloud services originate, where they’re delivered, and where customers are headquartered.

9. Spotlight on the clean cloud

Every company across the globe deals with the pressure to think about sustainability. This is the so-called triple bottom-line, where they’re targeting sustainability results as well as profits and social good. When you look at how much data centers account for total energy usage in the world, you’re talking about a lot of impact. Companies want more sustainable data centers.

10. Rise of the cloud-based networked enterprise

We’re seeing that our customers want to do transactions in the cloud. We used to create purchase orders and fax them. Customers are moving to doing things electronically. But it’s expensive to create these connections between companies. SAP recently purchased Ariba, which has 720,000 companies in its marketplace that lets companies do procurement online. This is an example of where we see things going. Ariba built a network to maintain connections for you. It maintains purchase orders, puts bills together, and allows trade to happen more freely between partners. The question is, how does this move into other areas? We’re living in a world where we’re ask for skills from people and companies around world, and need them for a small period of time. I may need of people to do graphic design, sometimes immediately, other times not at all. I’d like to have a global network of people I can connect with, to get a project going, and then pay them through a sort of PayPal arrangement, in a trusted environment. You can see it going beyond goods being traded, to individual services being traded. The idea of permanent employment or permanent business is breaking down.

Sept. 9 - 10, 2013
San Francisco, CA

Early Bird Tickets on Sale

For most cloud providers, the biggest PR problem is security. Egnyte CEO Vineet Jain has invested years into understanding — and alleviating — common concerns about the cloud.

If the enterprise-focused cloud storage startup is to continue luring customers away from heavyweights like Box and Zetta, it will be due to its commitment to security.

I caught up with Jain at VentureBeat’s CloudBeat 2012 conference to discuss the questions that companies should ask their cloud providers before entering into a contractual agreement.

Considering migrating sensitive information to the cloud? Jain suggests you ask about a vendor’s ability to deal with encrypted data, and their understanding of industry-specific compliance laws.

If the vendor passes these tests, Jain recommends delving into where the data is stored. Recently, an Egnyte customer flew in an IT director from Pittsburgh, PA. to check how physically secure the data centers are and where the servers are located.

These questions will help companies protect themselves from the “vagaries of the Internet,” Jain explained. ”These three things are becoming table stakes now,” he said.

For more, check out the video.

Video via livex.tv

If you’re only protecting your enterprise’s perimeter, you’re not doing enough. Cloud encryption company CipherCloud, which just announced a $30 million first round of funding from Andreessen-Horowitz today, knows that it’s the data inside that cyber-criminals really want.

The best way to protect the cloud is still very much up in the air. Protecting the perimeter, or only accounting for the point of entry into your system, doesn’t help you when the bad guys get in anyway and start messing with your data. Just putting up firewalls doesn’t seem to work anymore. Now we’re sending our data out of the locked-up gates into the cloud, so CipherCloud encrypts that data before it ever reaches your cloud applications.

The data is encrypted in such a way that your cloud applications can still make use of the data, but in theory, it’s much safer since you hold the keys that decrypt it. You can also change the level of encryption you have based on your company’s needs. It works on applications such as Salesforce, Microsoft Office 365, Amazon Web Services, Google apps, and more.

It also uses tokens to protect the data in instances where encryption isn’t an excepted form of security. Some industries have different regulations on security measures, and CipherCloud caters to a range from banking institutions to healthcare. The tokens allow businesses to store their data on premises and then send a token — which is a form of the data, but not the exact file you want to protect — out to the cloud application.

CipherCloud faces competition from Vaultive and other such companies. Vaultive, which specializes in Microsoft Office 365 and Microsoft Exchange 2010, also encrypts an enterprise’s data before it reaches the cloud. It received $10 million from New Science Ventures, Harmony Partners, and .406 Ventures in February.

This is the first round of funding for CipherCloud, which was founded in 2010. It has 40 enterprise clients, and within that, 1.2 million users.

Cloud diagram via CipherCloud

Sept. 9 - 10, 2013
San Francisco, CA

Early Bird Tickets on Sale

Big business is embracing the cloud more than ever. Cloud tech has reached a level of acceptance in the past year, with many companies moving out of pilot projects and into full-on deployments of critical parts of their business onto cloud-based systems.

This week, VentureBeat hosted CloudBeat 2012 in Redwood Shores, Calif., where executives from VMWare, Dropbox, Box, SAP, PepsiCo, Nebula, and more gave us tons of details on how they are using the cloud to disrupt business as usual.

Sure, we faced a challenge when Amazon decided to schedule its Re:Invent conference in Las Vegas at the exact same time. There’s no question Re:Invent, with its sold-out crowd, peeled some of our attendees away, but we had remarkable attendance (over 400 people) and content regardless.

And through the sessions, we saw several big themes emerge.

1. Security needs to step up in the cloud

One of the biggest concerns people had at CloudBeat was security. At a surprisingly lively panel with experts from HP, Qualys, and CloudPassage, these folks all agreed that cloud security was getting more scrutiny than ever.

Some of that scrutiny is unfair because security is problematic no matter if we rely on cloud services or not. Still, in the increasingly interconnected world of cloud services, a security weakness in one service can lead to breaches in many others, raising the stakes.

Thankfully, the speakers agreed on one easy step to move businesses and consumers in the right direction: Everyone needs to turn on multi-factor authentication if they can. Multi-factor authentication basically means you need to verify an account (part one) on a specific device (part two). Some of them even thought that every site and service on the web needs to turn it on too.

One reason so many people haven’t turned it on is because it’s sometimes a pain in the ass. During our Innovation Showdown, for example, the startup MuleSoft had trouble with its live demo because of multi-factor authentication on a Salesforce account.

2. PaaS is starting to catch on, but the enterprise will decide its fate

Platform-as-a-service (PaaS), once the ugly duckling of the cloud, is starting to get way more attention. In an exciting standing-room-only session, four PaaS CEOs discussed how their businesses were changing rapidly by offering more languages and options that even slow-moving enterprises could get behind.

PaaS providers offer tools that make application development easier and faster than ever, so there are lots of reasons for companies and devs to get on board. And PaaS is getting big enough that there’s even a new startup called Appsecute that offers a dashboard for managing multiple PaaS services. But the big question is, which PaaS companies will survive when major corporations start biting?

3. Healthcare in the cloud is gonna be huge

One thing we heard from several speakers at CloudBeat was about the intersection of health care and the cloud. With electronic medical records taking off and companies investing in numerous health-care solutions, things are changing quickly. It’s a bit of a “perfect storm.”

“There is market pressure, pressure from physicians and audience groups,” Scott Whyte, VP of IT Connectivity at Dignity Health, the fifth largest hospital provider in the nation, said on stage.

While there are many hurdles to electronic medical records — including security, breaches, compliance and regulatory issues, and legacy systems — the Affordable Care Act mandates the transition to them by 2014. This will mean a bit of forced innovation is coming and lots of players who will benefit.

4. Big bets on ‘big data’

Yet another topic we heard a lot about the conference was “big data.” Companies are looking for more ways to take advantage of vast amounts of unstructured data that they’re collecting from social networks and other sources and put it to better use.

Ken Stineman, the senior director of enterprise architecture and security at Genomic Health, told us on stage that companies can do better. “We are generating terabytes of data about the human genome,” he said. With that data in hand, Genomic Health hopes to do things like improve the effectiveness of chemotherapy on cancer patients.

A big data startup called AgilOne — which tries to foretell the future using the cloud — used CloudBeat to announce its $10 million funding round and the launch of its product. It provides cloud-based predictive marketing intelligence to help marketers figure out what their customers are going to do next.

5. Cloud compute is getting super cheap

Amazon lowered its S3 prices yet again during Re:Invent, prompting Google to lower its prices as well. We had Google exec Amit Singh tell us Google was “happy to compete.” Clearly cloud computing power is racing to the bottom when it comes to price. This is a great thing for startups and businesses that want to take advantage of the cloud. You could almost say it has a “Robin Hood” effect: It’s bridging the gap between rich and poor businesses.

Singh later told us he believes pricing for the public cloud, especially from major companies like Google should continue to go down. When asked whether it will eventually be free, Singh said he didn’t know if that would actually happen. He did say, however, that it was “possible.”

Photo credit: Michael O’Donnell

Sept. 9 - 10, 2013
San Francisco, CA

Early Bird Tickets on Sale

If you’re not using multi-factor authentication as a company or as a consumer, you really need to start. No, seriously, go turn it on now if you can.

During today’s cloud security panel at CloudBeat 2012, three security experts that didn’t always agree about the best approaches to security did agree that everyone needs to start using multi-factor authentication.

Mentioning the now-famous incident of Wired writer Mat Honan being hacked, the panelists — HP senior security strategist Rafal Los, Qualys CTO Wolfgang Kandek, and CloudPassage chief security evangelist Andrew Hay — basically said every connected device you own and every electronic account you have has the potential of being hacked.

One of the easiest ways to start protecting yourself is multi-factor authentication. For example, if you have a Google account, you can install Google Authenticator on your devices.

“Standard passwords are not secure,” CloudPassage’s Hay said. “Multi-factor authentication is the only solution that will be accepted by the mainstream.”

Qualys’ Kandek went a step further, saying every service and site needs it: “Every site should use multi-factor authentication,” he said.

The panel also hit several other big topics:

– Should we be emphasizing security first for the enterprise or for consumers? HP’s Los and Qualys’ Kandek agreed that it needs to start with the enterprise, mostly because you can actually force security policies on employees whether they want it or not. Consumers won’t necessarily embrace security no matter how much you prod.

CloudPassage’s Hay disagreed. He believed security isn’t starting explicitly with either the consumer or enterprise. He said:

“It doesn’t have to start with enterprises or consumers. Personal users should be educated to use these tools. With enterprises, you’re assuming that the organization is going to know better than you when that may not be the case.”

– Is a standardized password policy across all big enterprises a good idea? Yes, but it’s not going to happen.

“I would love to have one standardized password policy to use across all companies, but my grandkids will be driving hover cars on Mars before that happens.”

– How can we make security policies better at companies? Get feedback from real employees, not just IT guys.

“Have your employees vet what you’re saying,” Hay said. “If you involve two or three people on the process, they’ll have a connection to the policy and add input that you might not have thought of.”

Check out more of our coverage and livestream from CloudBeat.

Photo credit: Sean Ludwig/VentureBeat

Sept. 9 - 10, 2013
San Francisco, CA

Early Bird Tickets on Sale

This is a guest post by investor Robert Abbott

In a field where handwriting notes on paper charts and managing large rooms filled with filing cabinets have been the accepted practices for decades, healthcare providers are being deluged by a perfect storm.

Not only do they have to grapple with implementing new technology and converting paper files to digital format, they are simultaneously dealing with how to secure this growing cache of electronic data while complying with complex corporate governance policies and federal mandates.

Despite these challenges, healthcare providers are finding a silver lining in secure cloud services that help them address the key technology, regulatory and privacy issues they face.

The market and legislated demands created by 900,000 healthcare providers migrating to electronic records has resulted in a $25 billion healthcare IT market, which is expected to grow more than 24 during 2012-2014, according to global market research company RNCOS.

But because healthcare is about a decade behind other industries in the adoption of IT technologies, this perfect storm is giving healthcare companies a chance to leapfrog into cloud-based solutions designed to solve their unique needs.

Cloud adoption is still in its infancy in healthcare with early adopters representing only about four percent of the market. However, there is great potential for cloud technology. According to a report from research firm Markets and Markets, the cloud computing market in healthcare is estimated to grow at 20.5 percent from 2012 to 2017. [At VentureBeat's CloudBeat conference, which begins tomorrow, healthcare is going to be a major theme; providers will discuss how they're adopting the cloud, and healthcare companies will explain how it's also helping them use novel "big data" strategies.]

Given these growth prospects, there is a sweet spot in this market for cloud service providers that can effectively combine IT expertise and experience dealing with the unique privacy, security and compliance demands of the healthcare market.

Of particular interest are cloud providers that offer automated solutions to replace traditional paper-based processes, enable better connectivity and communications between patients and their providers, and that support the entire healthcare supply chain.

Some of the leading cloud providers in healthcare today include CareCloud, ClearDATA Networks Inc., athenahealth, ADP AdvancedMD, PracticeFusion, RemitDATA, and TeraMedica Inc. For example, Baptist Health South Florida, the largest not-for-profit healthcare organization in the region, recently announced it is subsidizing CareCloud’s integrated electronic health record and practice management solution to more than 2,500 community-based physicians to improve patient care. While ClearDATA, for example, is providing its HealthDATA Cloud Platform to Dignity Health, the fifth largest hospital provider in the nation and the largest hospital system in California.

“By moving various healthcare infrastructure and applications to ClearDATA’s cloud platform, Dignity Health has been able to reduce its IT costs while increasing security and efficiency and greatly decreasing the time it takes to deploy a solution,” said Darin Brannan, ClearDATA’s president and CEO. “We also improve reliability – in terms of uptime and redundancy – and our state-of-the-art cloud systems provide greater performance over legacy hardware and networking architectures, which is typically not well-suited for the hospital’s growing data requirements.”

During CloudBeat 2012, on Nov. 28 at 10:15 a.m., Brannan and Scott Whyte, Dignity Health’s vice president of IT Connectivity, will join VentureBeat Executive Editor Dylan Tweney to talk in more depth about the challenges that healthcare companies face in their transition to electronic medical records and new IT solutions, and what they need to consider when adopting a cloud solution. During the session, they’ll also share more details about how Dignity Health has employed ClearDATA’s innovative solutions to strategically upgrade select components of its IT infrastructure, prepare for personalized care models, comply with mandates and ensure the security and privacy of patients’ electronic records. 

Robert Abbott is a general partner at Norwest Venture Partners (NVP), where he focuses on a wide variety of investment categories including mobile, cloud and IT infrastructure. NVP is an investor in ClearDATA and CareCloud. 

Navigating the storm image // Shutterstock

Sept. 9 - 10, 2013
San Francisco, CA

Early Bird Tickets on Sale

If you use popular cloud storage and sharing services like Box and Dropbox, you trust your sensitive information to third party data centers.

OwnCloud, the startup that positions itself as the open-source alternative to Box, is the newest contender in the cloud storage wars.

To expand into new verticals and grow its user-base, the Lexington, Mass. based startup pulled in $2.5 million from venture capital firm, General Catalyst. The firm’s Managing Partner Larry Bohn will join the company’s board of directors.

OwnCloud claims to give its 650,000 users a drop dead easy tool and more control over their data. Its server is typically deployed on a company’s servers or trusted service provider’s servers, and integrates well with existing security, storage, monitoring and reporting tools.

Young companies are increasingly positioning themselves this way in the wake of security breaches that may undercut the market leaders in the space. With its hybrid cloud solution, Egnyte is another young cloud storage vendor that emphasizes advanced security and user experience.

The technology works a little differently than the competition — IT users can store information in their cloud of choice. IT gets to decide whether files from services like Amazon, Dropbox or Google are shared with a broad spectrum of users — or accessed by just a small subset. In a recent update to the product, file owners can set expiration dates on shared files and password-protect the URL to a shared link.

The company will use the funds to expand its 70-partner strong channel, aggressively push into the enterprise, and support service providers who implement file sync and share based on OwnCloud.

“There’s no one in this increasingly crowded market that can do the things OwnCloud does — integrate closely with existing IT, innovate at lightning speed and offer choice of storage locations,” said Bohn in a statement. “With those capabilities already in place differentiating it from the competition, we’re confident that OwnCloud will succeed.”

Cloud storage image via Jules 2000 // Shutterstock

Sept. 9 - 10, 2013
San Francisco, CA

Early Bird Tickets on Sale

Once upon a time, you knew who to fire when a hack took down your servers: The “little weenies” running around in the basement of your company, as AlienVault’s Russell Spitler put it.

But that’s all changing.

Cloud technology is ubiquitous. How many of you just checked Google Docs or put a photo in Dropbox? How many of you looked up a customer on Salesforce or answered a service ticket on Zendesk? I’m writing this article in WordPress, a veritable platform as a service. If your business depends on these kinds of cloud services, you’re in a scary world, my friend — a world where your company depends on servers you don’t control, with security policies you may not know, run by “weenies” you have no authority over.

After talking to several security execs about the issue, my sense is that one of the biggest fears about the cloud is simply not being able to see inside of it. It’s like an actual cloud, thick and opaque. You’re standing on one side, and the cloud service providers are standing on the other. As a chief technology officer, you can only hope that the provider is building good defenses on their end, because you aren’t in control of anything and you’ll only see your attacker when it’s too late: after they’ve come through the cloud.

We’ll be discussing how to be proactive in these situations — along with many other cloud security issues — at VentureBeat’s upcoming CloudBeat conference, November 28-29, in Redwood Shores, Calif. In the meantime, check out what keeps these security experts up at night:

Andrew Wild, chief security officer, Qualys

My biggest concern for companies using cloud service providers (CSPs) is that the CSP may not provide the customer with the proper level of detail needed to ensure the ongoing effectiveness of the CSP’s security controls.

In an enterprise environment, event logs should be available from the devices that enforce the security controls, such as switches, routers, firewalls, systems, and applications. In the cloud, the CSP is responsible for implementing and managing some or all of these devices, depending on the cloud service model (infrastructure as a service, platform as a service, software as a service). Enterprises may or may not have access to events from these systems.

Without event log information, it is very difficult to implement “continuous monitoring,” which is a key component of an organization’s ability to proactively detect security events and intrusions, leaving the cloud service user vulnerable to an undetected attack.

Rafal Los, senior security strategist, HP Software

What keeps me up at night, and [what concerns me] in my daily conversations with customers, isn’t the next big hack or threat. It’s that organizations out there are adopting cloud technologies without fully understanding the various cloud models.

Rather than wading into the pool feet-first, they’re going head-first, and [they're] finding out the hard way what security, scalability, and legal or compliance challenges they’ll face often in the heat of an issue. Technology certainly helps but doesn’t solve the entire problem. Education is critical.

Russell Spitler, vice president of product management, AlienVault

The top security issue in the cloud is accountability.

When an incident occurs in your own data center, there are plenty of people to blame and subsequently fire. What’s causing such concern about the migration to cloud-based services is that the person who makes the decision to move to the cloud is now the one who gets fired after an incident occurs. Many people have taken the plunge and accepted this risk, assuming that if the could service provider is ‘that big’, they must be secure.

What we are faced with is not new technology: Virtualization and geographically disparate networks have long been a concern. What is new is that the economic stakeholder can no longer place the responsibility for security on the technical weenie scurrying around the bowels of the data center. That stakeholder must now confront the question, ‘What is it that I need to know in order to feel secure?’

The data needed to answer the question is the same as it has always been: You need visibility. You need to know what assets you have, what data is being stored, what are the latest threats, who is attacking you, and, ultimately, if you need to worry.

Placing your trust in a cloud service provider now means that you are putting these concerns in their hands. Some might transfer that concern and walk away. Others, the ones worried about the eventuality of a breach, require visibility into the infrastructure running their cloud services. Even with the largest providers, we have yet to see responsible disclosure of this information.

Gur Shatz, chief executive officer, Incapsula

Today, my greatest concern is that while critical infrastructure gets pushed to the cloud, there is no sure way of protecting the desktops and mobile devices accessing it.

This should be a great concern to chief information officers and chief technology officers. With the inherent risk that employees’ computers and devices introduce, a strong barrier is needed to protect the production environment. After all, this is where customer information is stored and critical business processes take place.

At the very minimum we need to make sure that access to the environment should be limited to specific sources and behind at least two factors of authentication; that access should always be personal; that we have no more generic users such as “administrator” or “root”; and that access is monitored, with a full audit trail of who went where.

Ashar Aziz, chief executive officer and chief technology officer, FireEye

One of the most disconcerting aspects of moving into the cloud is the limited security visibility and (un-)timely incident response offered by cloud vendors.

Whereas before, CIOs and CISOs could put measures in place to detect and stop advanced cyber attacks against their own network, now they may not hear about a data breach until the cloud vendor is mandated to disclose the incident. Organizations cannot just assume and trust that their cloud vendors have adequate security. They really have to demand and verify that advanced threat protections are deployed before moving their valuable data into the cloud vendor’s network.

The most common security pitfall is not addressing the IT security risks in your own network first. In fact, our research shows that over 95 percent of enterprises have advanced malware in their network, which means that cyber criminals and nation-state advanced persistent threat attackers will just utilize this avenue to penetrate the cloud infrastructure of that organization.

The easiest way to break into the cloud is by compromising an end-user system with a zero-day attack or a spear phishing email exploiting an OS, application, or browser plug-in vulnerability.

Jim Fenton, chief security officer, OneID

Losing complete control over your domain by moving services to the cloud is what keeps you up at night.

Critical services need to be protected anyway, and the guiding principle of defense-in-depth that we live by means having multiple ways to protect these services. And one of the most reliable ways has typically been in the ways we rule our topology.

When that goes away as a result of migration to the cloud, it just creates a really uncomfortable feeling.

David Mortman, chief security architect, enStratus

What keeps me up at night with regard to cloud security? Mostly it’s the fear that people aren’t going to apply the lessons we’ve learned over the last 20 to 30 years about how to have disciplined operations and security.

While it’s true to a large extent that cloud isn’t that different than working with bare metal, there are some key fundamental differences that can be used to make things more efficient and more secure. But if we don’t apply those lessons, then all we’re doing is exacerbating the problems we already have to the nth degree. The very benefits of the cloud — speed and elasticity — will cause already fragile systems to become even more brittle and completely obviate any additional value.

On the other hand, if we can properly apply all of that knowledge we’ve gained, the cloud’s speed, elasticity, and ability to automate will make systems more stable, more secure, and easier to manage.

Cloud image via Shutterstock

IT departments are hoarding thousands of abandoned and little-used applications, often referred to as “Zombie applications.”

The survey results, released today, show that if companies don’t perform a thorough spring clean of these walking dead applications, they can accrue millions of dollars in operating costs, unleash a security threat, and put overall IT performance at risk.

Over half the respondents of the survey, conducted by research firm Harris Interactive, felt that these under-performers were eating up storage space. About seven percent reported that this was costing them tens of millions of dollars in revenues per year.

The biggest revelation from an enterprise perspective is that employees aren’t actually using many applications. About a quarter responded that they used 25 or fewer on a regular basis. Other interesting insights include:

• 52 percent of respondents estimate that slow, crashed, or unresponsive applications cost their business at least hundreds of thousands (if not millions) of dollars per year. 31 percent said that it cost them tens of thousands of dollars per year.
• In a typical day, a majority (57 percent) use fewer than half of their total applications, while 28 percent said they use fewer than 50 apps
• 58 percent of respondents say the performance of applications has a major impact on the performance of their business.

Application performance monitoring companies like Flexera Software, Compuware, Symantec, AppDynamics, and Quest Software (with its Foglight tool) are developing solutions to destroy these zombie apps.

The research doesn’t adequately address one of the most pressing concerns. There is a major security problem that arises from the prevalence of these unused apps: they can still spread malware and, if they are set on automatic update, they can continually access information.

The survey was commissioned by Dell-owned Quest Software in June, 2012. A hundred and fifty IT professionals were polled in enterprises with more than 500 applications and $500 million-plus in revenue.

Personal.com stands among a growing class of Dropbox competitors. But it’s taking a different course, following that age-old wisdom, “If you can’t beat em, join em.”

Today, the consumer cloud startup announced an integration with both Dropbox and Evernote, and it released a set of new features so users can exchange and store their most private information, like health or insurance records.

The Washington, D.C.-based company has been around since 2009, and it has carved a niche in the market for storing highly sensitive data — both on web and on mobile. It doesn’t hurt that the service is available for free (the company is still in beta). No doubt, it will soon introduce a Dropbox-style freemium model.

Personal.com’s free Android app has been available since November, and the iPhone version was released last week.

The pitch is simple. We need to store a growing amount of personal and professional information: birthdays, bank account numbers, Social Security information, tax records, allergy information, alarm codes, and so on. Wouldn’t it make life easier if you could save all your data — including the private information — in your personal “vault”?

The company has specialized in storage, but its users wanted to share and manage their data, too. As of today, anything that you store on Personal can be shared with a friend, family-member or employee, as long as they’re a registered user.

In an interview with VentureBeat, Green explained how the company stores your most private information securely in the cloud. ”Personal doesn’t store the password to your vault, only you know it, and only you have the ability to decrypt your files and photos,” he said.

No doubt, the Dropbox integration is a means for the company to pickup millions of new users — “it is a great company with a hugely loyal user base,” said Green. Now, you can store your notes, files, and photos in Personal or link to an existing Dropbox account. Files uploaded to Personal’s secure data vault are encrypted for added protection. The benefits of the partnership go both ways – Dropbox has been called out for its frequent privacy glitches.

Other new features include:

• Secure encryption: Your uploaded files will be automatically encrypted through Personal whenever they’re stored and shared.
• Secure sharing: Owners can safely share important notes, files and documents with other registered users, whether it’s a family-member or employee.
• Free data, notes and file storage: Users can securely upload unlimited data and notes, and up to 50MB of files and photos.

Personal picked up $7.6 million in July, 2011 from Grotech Ventures, Revolution, among others.

Mobile security image via Shutterstock

Sept. 9 - 10, 2013
San Francisco, CA

Early Bird Tickets on Sale

The saying “Trying to catch a cloud and pin it down” is how many people feel about cloud security. But Zscaler believes it can actually do the job, and so does its first round of investors including Lightspeed Ventures, which just pumped $38 million into the company.

Zscaler’s set of products helps customers manage e-mail, Web activity, mobile devices, and various coud applications such as Salesforce through one hub, the “Secure Cloud Gateway.” The company calls it a “check post for all Internet traffic.” In the Secure Cloud Gateway, companies can set various policies and rules which the apps and devices must follow, and the secure gateway enforced those policies.

The San Jose company is far from alone when it comes to trying to protect the cloud. The fact is, people are bringing their smartphones to work and using social networks to be more productive in their projects, and companies are realizing that they don’t want to inhibit an employee by blocking their means of productivity with a firewall. So companies such as Zscaler, Qualys (which recently filed to go public), and on the mobile side, Mocana, are coming up with a slew of new ways to protect enterprises from the bad guys.

Thus far, Zscaler’s Secure Cloud Gateway protects its 2,500 enterprise customers, or over eight million. These customers are located across 160 different countries and the product itself monitors and protects over five billion “transactions” each day. In order to do this, the company has set up 100 different data centers, located globally, to deal with the traffic.

Aside from the Secure Cloud Gateway, Zscaler also conducts regular research in the field, which can be found in its ThreatLabZ section.

The company was founded in 2007 and hasn’t taken on venture funding in the past. It plans to pour the $38 million from this round into its products.

Security camera image via Shutterstock

Sept. 9 - 10, 2013
San Francisco, CA

Early Bird Tickets on Sale

Just weeks after another security breach, cloud storage company Dropbox has added a two-step verification process to help make user accounts more secure.

Dropbox has experienced three high-profile instances of security problems in the past year or so, with the latest instance concerning usernames and passwords being stolen from other websites and their accounts accessed. In response to the latest incident, Dropbox promised it would add “two-factor authentication.” This means you need two proofs of identity, such as your user password and a code sent to your phone, to gain access to your account.

“Two-step verification is an optional but highly recommended security feature that adds an extra layer of protection to your Dropbox account,” Dropbox writes. “Once enabled, Dropbox will require a six-digit security code in addition to your password whenever you sign in to Dropbox or link a new computer, phone, or tablet.”

Google also offers two-step authentication for its accounts. This feature was spotlighted recently when Wired writer Hat Honan had his accounts hacked. Honan did not have two-factor verification turned on and regretted that decision. “Had I used two-factor authentication for my Google account, it’s possible that none of this would have happened, because their ultimate goal was always to take over my Twitter account and wreak havoc,” Honan wrote at the time.

In light of all this, it’s nice to see Dropbox adding this option. To start using two-factor verification, you’ll need to first download the latest beta version of Dropbox’s desktop client (links here). Then follow the step-by-step instructions here. Once you follow the instructions, you can login into your account using a one-time text message or a code that can be sent to various mobile apps like Google Authenticator or Amazon AWS MFA.

If you don’t feel like downloading the beta to try out two-step verification, just hold tight. Dropbox has indicated that it will roll out the feature to all user accounts in the next few days.

Cloud security image via Shutterstock

Sept. 9 - 10, 2013
San Francisco, CA

Early Bird Tickets on Sale

With all the attention cloud storage services Box and Dropbox have garnered, it’s easy to forget that there are other startups in the game, which are quietly picking up steam and cornering new markets.

SpiderOak, a Dropbox competitor, is a Northbrook Illinois-based company that can backup pictures, music, video, files, and documents. The startup’s value proposition is that it works with super-sensitive information, so customers include no-name government agencies.

I asked SpiderOak founder and CEO, Ethan Oberman, about the recent wave of high-profile security breaches. (Read more about the major hack to the account of Mat Honan, a writer at Wired and Apple cofounder Steve Wozniak’s claim that the cloud will cause “horrible problems.”)

Prompted to discuss Dropbox’s security problems, he said that there is a world of difference between privacy and security. He used the analogy of a bank. Most cloud storage providers work like your standard bank account; despite a few glitches, it’s a highly secure place to keep your money. SpiderOak, he explained, is like a Swiss Bank account. “The bank doesn’t know what’s in the lockbox,” Oberman said. “It only knows that it’s keeping something for you.”

For this reason, the company is a popular choice for industries (healthcare, legal, and so on) where strict compliance standards need to be met.

Today, the company announced it would cater to users with even tighter restrictions — such as the Department of Defense, and EU and Canadian customers that face regulations against storing data on foreign soil — by announcing a new product, SpiderOak Blue Private Cloud. Instead of storing data on a third party site, SpiderOak can now stored data within a company’s own infrastructure.

Ethan Oberman, SpiderOak’s CEO.

“What better place to store data than in their own firewall? Having that flexibility is critical,” said Oberman.

Note that SpiderOak is one of many niche providers that claim to bring greater standards of privacy to the cloud. As CIO’s Jonathan Feldman put it: ”For business to actually get transacted, sometimes we need to achieve a balance between security and functionality.”

On the consumer side, SpiderOak has also had a bit of success with users who don’t want to drag data into a storage drive. The company offers cloud storage without the box. Its system integrates with the existing file structure on your desktop. Oberman told me that there were a few reasons why they built the technology this way: “It works more in line with how people actually user their computers,” he said.

Locked cloud image via Shutterstock

Sept. 9 - 10, 2013
San Francisco, CA

Early Bird Tickets on Sale

Dropbox, the fast-growing private company that lets you share documents easily online, continues to experience significant security breaches in its service, announcing this time that some user usernames and passwords were stolen “from other websites,” and their accounts accessed.

It also said that an account of one of its employees was broken into, and that it believes user email addresses were stolen from a document accessed from that account.

The news follows two other high-profile instances of security problems at the company. A year ago, Dropbox disclosed that all of its users’ files were publicly accessible for nearly four hours due to a bug in the company’s authentication mechanism. During that time, anyone could access a Dropbox account without using the correct password. And in April, a security hole was discovered in Dropbox’s iOS app, which allowed anyone with physical access to your phone to copy your login credentials — because it stored user login information in unencrypted text files.

It’s a shame, because Dropbox has had amazing momentum in an increasingly competitive space. Dropbox boasts more than 50 million users, double what it had last year, but reports like this could slow it down.

Larger, more conservative companies are more likely to say no to adopting it. Even before the breach last year, the company had announced that it was dedicated to security, so it’s getting hard to take the company seriously.

With this third breach, Dropbox has become a problem child among chief information officers. Already, at our CloudBeat 2011 event last year, Dropbox’s big security snafu in June of that year was one of the most oft-cited examples of the security risks in moving to the cloud. These CIOs are busy scrutinizing cloud services to make sure they are safe for adoption. And by and large, CIOs are giving the green light to applications that are served online, especially if they play safely, and behind the firewall.

To be sure, Dropbox has been pretty clear that it intends to remain focused on viral adoption by consumers and that it isn’t focused on the enterprise. It’s also obvious, though, that many users are adopting Dropbox for use in the workplace (we use Dropbox at VentureBeat, among several other products, including the more enterprise-focused Box, for example). And Dropbox also probably has a Trojan-horse strategy to sneak into the enterprise by way of avid users who lobby their employers to be able to use it.

Regarding the latest breach, the company said someone had stolen usernames and passwords and used them to sign in to a “small number of Dropbox accounts.” The company said it has contacted these users and helped them to secure their accounts. The company had launched investigations into the accounts after some users reported receiving spam. The company said it has put “additional controls in place to help make sure it doesn’t happen again.”

Here’s the full statement:

A couple weeks ago, we started getting emails from some users about spam they were receiving at email addresses used only for Dropbox. We’ve been working hard to get to the bottom of this, and want to give you an update.

Our investigation found that usernames and passwords recently stolen from other websites were used to sign in to a small number of Dropbox accounts. We’ve contacted these users and have helped them protect their accounts.

A stolen password was also used to access an employee Dropbox account containing a project document with user email addresses. We believe this improper access is what led to the spam. We’re sorry about this, and have put additional controls in place to help make sure it doesn’t happen again.

Keeping Dropbox secure is at the heart of what we do, and we’re taking steps to improve the safety of your Dropbox even if your password is stolen, including:

• Two-factor authentication, a way to optionally require two proofs of identity (such as your password and a temporary code sent to your phone) when signing in. (Coming in a few weeks)
• New automated mechanisms to help identify suspicious activity. We’ll continue to add more of these over time.
• A new page that lets you examine all active logins to your account.
• In some cases, we may require you to change your password. (For example, if it’s commonly used or hasn’t been changed in a long time)

At the same time, we strongly recommend you improve your online safety by setting a unique password for each website you use. Though it’s easy to reuse the same password on different websites, this means if any one site is compromised, all your accounts are at risk. Tools like 1Password can help you manage strong passwords across multiple sites.

If you have any questions or concerns, please contact us at support+security@dropbox.com. We’re committed to keeping your Dropbox safe and will continue to monitor this situation carefully.

Cloud security company Qualys just filed for an initial public offering, making it the latest security company to jump into the public market.

Qualys helps enterprise IT departments remain compliant with any policies or regulations associated with their industries, and gives businesses applications to monitor and stop attacks. The company’s main product is cloud-based, which has become an attractive means of deploying security software, as it easily updated and installed. The QualysGuard Cloud Platform allows businesses to watch for malware, and also scans applications for anything dangerous. It also has a dashboard for organizing what vulnerabilities your company may have.

The company has 5,700 customers across the globe. The company made $76.2 million in revenue in 2011 and made $21.2 million in the first three months of 2012. Qualys has not yet chosen an exchange to offer its stock on, but has decided on its ticker symbol, QLYS.

Security company Palo Alto Networks also filed to go public recently. The company created a firewall that allows businesses to monitor and block only certain parts of an application.

The tech industry has been wary of IPOs ever since Facebook went public in mid-May. Facebook’s IPO was delayed by 30 minutes due to technical difficulties on the morning of May 18 and hasn’t fared well since. The company even pulled gaming company Zynga’s stock down 13 percent that day, forcing a halt on its trading. The effects are being felt across the industry with travel website Kayak recently delaying its IPO.

Qualys has listed a “limited history of profitability,” inability to scale, the cloud security market, and a number of other issues as risks related to investing in its business.

Security image via Shutterstock

At VentureBeat, we come across a lot of funding news every day. In order to bring you the most information possible, we’re rounding up the quick-and-dirty details about the funding deals of the day and serving them up here in our “Funding daily” column.

CloudPassage lands $14M

Cloud security startup CloudPassage has raised $14 million in second-round funding Wednesday. CloudPassage helps companies such as Foursquare store sensitive data in the cloud securely. The new round of funding was led by Tenaya Capital, with participation from previous investors Benchmark Capital and Musea Ventures.

KULA Causes grabs $1.1M

Charitable giving e-commerce service KULA Causes announced it has raised $1.1 million in funding from an undisclosed investor. KULA has created its own currency that people can convert loyalty points, rebates, and gift cards into KULA currency, which is then given to a charity.

Isolation Network files a $6.6 million form D

Isolation Network Inc., the parent company of INgrooves, raised $6.6 million in a second round of funding according to a Securities and Exchanges Commission filing. INgrooves is a digital music and video distribution, marketing, and promotion services company that counts Universal Music Group and MTV as clients. Isolation Networks raised a $5 million round in March 2012.

H. Bloom blossoms with $10 million

Subscription-based flower-delivery service H. Bloom has raised $10 million in funding, according to a Securities and Exchange Commission filling. The company delivers “luxurious” bouquets for consumers and commercial customers. The round was led by Shasta Ventures with participation from existing investors.

ABB invests in water monitoring startup TaKaDu

Electricity infrastructure provider ABB just led $6 million investment in water infrastructure monitoring startup TaKaDu. TaKaDu offers water infrastructure monitoring as a service. The company’s software links to existing sensors in the water network like flow meters, quality sensors and pressure meters.

Khosla Ventures puts $7 million into password killer OneID

Security company OneID is helping to eliminate one of the weakest links on the internet: the password. It uses public key cryptography to eliminate the need for the password and hopes to change the way people think about their identities on the Internet. The company received $7 million in its first round of funding today, led by Khosla Ventures.

Beamit raises seed funding

Beamit, a mobile payment service, raised $2.4 million in seed funding, reports TechCrunch. The company specializes in processing international remittances, which is when a person working in another country sends money to his home country. Founder’s Co-op with the round, with Bezos Expeditions and TomorrowVentures participating.

Condé Nast buys Ziplist

Magazine publisher Condé Nast purchased mobile shopping-list and recipe organizing app Ziplist Wednesday, All Things D reported. The purchase price wasn’t confirmed, but is said to be $14 million. Ziplist originally raised $4.5 million from Softbank Capital and Martha Stewart.

Flowers image via Flickr user Sweet.Eventide

At VentureBeat, we come across a lot of funding news every day. In order to bring you the most information possible, we’re rounding up the quick-and-dirty details about the funding deals of the day and serving them up here in our new “Funding daily” column.

MediaPass grabs funding for content subscriptions

MediaPass helps online publishers can make money by selling subscriptions to their content. The company raised $1.75 million in its second round of funding from undisclosed investors. The service can be integrated into major content management systems, such as WordPress, Joomla, and Blogger. MediaPass also announced a partnership with Automattic’s WordPress VIP program. The company is based in Los Angeles, Calif.

StyleTread raises $12 million

In the world of e-commerce, StyleTread raised $12 million from Starfish Ventures, Lakestar, Nine Entertainment Co., and Adinvest. StyleTread is an Australian company that sells men’s and women’s shoes, and is described as the “Zappos of Australia.” The two year-old company is headquartered in Sydney.

DudaMobile grabs funding to build mobile websites

Tuesday, DudaMobile announced a $6 million second round of funding from Pitango Venture Capital. The platform lets people build mobile websites and just passed the one million websites built milestone. The company has also received funding from angel investors Jeff Fluhr, StubHub founder, and Audible.com CEO Don Kat. DudaMobile is based in Mountain View, Calif. and was founded in 2009.

$8.7 million goes to CloudLock

CloudLock just raised $8.7 million from Ascent Venture Partners and Cedar Fund in a second round of funding. The company does what it name implies: locks up company data stored in the cloud. It works with Google Apps customers that want extra security.

UnboundID raises $12.5 million to protect customer data

UnboundID announced Tuesday that it has raised a second round of funding for $12.5 million from OpenView Venture Partners. Similarly to CloudLock, UnboundID protects customer data and identities stored in cloud servers, mobile apps, and social networks. The company is based in Austin, Texas.

If you’ve got funding news to report, send it our way at tips@venturebeat.com.

Shoe shopping image via Shutterstock

ClearStory Data raises seed funding: First up, ClearStory Data, which launched its first service today and raised an undisclosed seed funding round. The new startup helps businesses without access to statisticians combine and analyze private data, such as sales figures, with public data such as census reports, to make better businesses decisions. Google Ventures, Andreessen Horowitz, Khosla Ventures, and several individual investors led the round. ClearStory is based in Palo Alto, Calif. and has five employees.

CityMaps nabs $2.5M: CityMaps, a service that maps out every business on the blocks around you, officially announced its first round of institutional funding. Dave Leyrer and Dave Levin led the $2.5 million dollar round. CityMaps is going after Google’s little tiny icons you can find on its maps that correspond to the type of business. Instead of small icons, CityMaps uses business names and logos (when available) to map out the businesses on each city block. The company is based in New York City and has a team of 18.

PeerIndex gets $3M in funding: Going up against social influence measurement service Klout, PeerIndex measures how much social influence you have online. Like Klout, it figures out who you influence and in what ways. Also like Klout, it gives you early access to products and services to try out so you can influence your friends to buy them. The London-based company snagged a $3 million first round of funding from Antrak Capital with participation from Tom Glocer, Ken Olisa, and Sherry Coutu.

Stormpath raises $1.5M: Stormpath, a startup that creates user security for apps, raised $1.5 million in seed funding. The company’s products help developers add “identity management systems,” or user log in systems, to any mobile application. The round was led by Flybridge Capital Partners and New Enterprise Associates, with participation from angel investors Andy Rachleff and Len Lehmann. Stormpath is based in San Mateo, Calif. and is run by a two-man team.

Slated grabs $2M in second round of funding: Getting backing for a film is not easy, which is why Slated decided to build a company to connect filmmakers with investors. The service is aimed at both film producers — who can list their film to get funding and exposure — and investors, who can look for projects to invest in. Slated announced today it has raised $2 million in its second round of funding from Slated co-founder Stephan Paternot, Barry Silbert, Logitech founder Daniel Borel, and other private investors. The company has seven employees.

Achieve Cards secures $12.5M: Achieve Card, which makes reloadable debit and credit cards for rebate programs and people without banks, announced today it has raised $12.5 million in its second round of funding from Escalate Capital Partners. The company offers financial services, such as direct deposit and online bill pay to people who don’t belong to a bank. Achieve Card is based in Austin, Texas, and was founded in 2009.

Many companies are still hesitant about using cloud services due to security concerns. Vaultive wants to calm those fears by encrypting data before it goes to a cloud server.

Vaultive’s product is Vaultive for Hosted Exchange, which was created specifically for host exhanges such as Microsoft Office 365 and Microsoft Exchange 2010. All data sent to a cloud service is encrypted before it leaves a company’s network or workstations. With Vaultive for Hosted Exchange, encrypted data can also be indexed, sorted, and processed by a cloud service without the need to decrypt it. Vaultive’s security measures help companies comply with strict privacy regulations such as the Health Insurance Portability and Accountability Act (HIPAA) while using cloud services.

Vaultive faces competiton from CipherCloud, which also encrypts data before it reaches cloud services. CipherCloud currently works with Salesforce and Google Apps.

The new funding comes from .406 Ventures, New Science Ventures and Harmony Partners. The company was founded in 2008 and was previously in stealth mode.

The company will use the new influx of money to grow its New York office, adding to its sales, marketing, and technical teams.

In addition to its New York presence, Vaultive has a data center in Tel Aviv, Israel with more than 20 engineers. The company raised a previous round of funding for $1 million in 2009 from Yaron Carni, Fabrice Grinda, and Founder Collective.

Vault image via Shutterstock

Sept. 9 - 10, 2013
San Francisco, CA

Early Bird Tickets on Sale

Former National Security Agency director Mike McConnell urged cloud companies to have a political opinion today, stating the US government is moving “very, very slowly  to address [cloud] threats.”

“We are the most digitally dependent nation on earth, we have more to lose,” said McConnell at the RSA Conference in San Francisco today. “There isn’t an entity on the globe that’s safe from penetration, not one.”

McConnell, currently the vice chairman of technology strategy firm Booz Allen Hamilton, spent 29 years as a U.S. Navy Intelligence Officer, and soon thereafter, the director of the NSA. During his time serving in the Navy, McConnell spent time wiretapping the enemy. They were confident that any attack on the country would be known, would be expected, would be protected against. Today, in the age of the cloud, McConnell is worried.

After the 9/11 terrorist attack in New York, McConnell met with then President George W. Bush in the oval office. He explained that while they were taking offensive actions against terrorist organizations, they weren’t being digitally defensive at home. If one of the terrorists had programming experience, and could hack into only one of the U.S.’s banks, it could have a economic damage on the country and the globe far bigger than the damage felt by 9/11.

The former president immediately gave McConnell $13.7 billion to start patching the holes. When Obama came on board, he upped the budget to $18 billion. But thus far that money has only gone toward protecting .gov domains. However, ninety-eight percent of the cloud exists on .com domains.

For McConnell, it is up to the cloud companies to take a political stance now, and ask representatives to protect the U.S. from what he calls “cyber economic espionage.” He says legislation is coming, but it’s not going to be enough. Cloud companies also need to start the debate about privacy regulation across country borders.

“I’ve got a message for you,” said McConnell. “Drive this technology, and drive the standards to force change. The economics of the cloud are compelling…and we’re going to have to get the security aspects of it right.”

Mike McConnell photo via Wikipedia

Amazon Web Services is by far the most popular cloud infrastructure provider, but it only provides for basic security needs for the companies that use it. But Check Point’s new offering adds an additional security layer to help organizations prevent network attacks and data breaches while also enabling secure connectivity.

Check Point’s new Virtual Appliance for Amazon Web Services provides cloud security with what the company labels “software blades.” Check Point software blades include Firewall, Virtual Private Network, Data Loss Prevention, URL Filtering and more. By choosing the right blades, you can create the level of security your company needs.

“We continue to hear that security is the biggest barrier to cloud adoption,” Fred Kost, Check Point’s head of product marketing, told VentureBeat. “As businesses increasingly utilize the cloud for their IT needs, it’s important to protect both cloud and on-premise infrastructure to ensure that all corporate assets remain secure. One of the best ways to achieve this is to enforce a consistent security policy across the organization.”

Kost said the company plans to target a wide range of companies with its AWS security solutions, including small companies and startups. Like a good product marketing head should, he also mentioned that Check Point’s security solutions for AWS were relatively easy to deploy. Pricing will be variable based on what the company’s needs are and which software blades they plan to implement.

Redwood City, Calif.-based Check Point was founded in 1993 and serves “tens of thousands” of customers. As of market open on Wednesday, its stock on the Nasdaq exchange was trading around $53 a share.

Locked cloud image via Shutterstock

Sept. 9 - 10, 2013
San Francisco, CA

Early Bird Tickets on Sale

Cloud storage company Box announced three new security features and a partnership with Intel today, in hopes of bringing cloud security to a place where CIOs are no longer afraid of it.

The cloud is a very useful place to collaborate and share projects, photos and files, quickly. It offers the kind of speed and productivity that businesses are always after, but a lot of IT administrators are concerned about security. While attending a conference for chief information officers in Scottsdale, Ariz., Box’s director of enterprise product marketing, Robin Daniels, saw that fear. The CIOs reported that a lot of their employees were starting to use personal clouds, which put proprietary information at risk for discovery.

“I think this phenomenon has come up really quickly with the rise of people bringing their own devices [to the workplace],” said Daniels in an interview with VentureBeat. “This only started two to four years ago.”

Today, the company introduced more secure links, more device control from Box’s Trusted Access management system and the ability to create groups for those users connected to an Active Directory.

Links are a favorite with cloud sharing. They are an easy way to give a person, who may or may not be familiar with cloud computing, access to your files. The ease, however, is what scares IT administrators. There’s little to stop a link from being forwarded on and opened by someone without permission. What if someone was sharing information about the venture firm that just invested in you and somehow your competitor got hold of that link?

IT admins obviously love snafus like that, so Box put in restrictions on the links. Before, you could password protect and put an expiration date on links, so they would die in a matter of days. Now, you can control what the link receiver can actually do with that link. In particular, these controls look at who you share the link with. Upon sending, you can tell the link to open only if it is in a certain domain. To limit it even further, you can share with only people on that computer. If the content is only to be shared with a group, you can restrict it to certain people by inviting them to be a collaborator in the folder. If the link has somehow become completely compromised, you can disable it.

It’s that ability to reach the IT hand out and yank back sensitive information that administrators want. With the new functions in Trusted Access, Box’s management system, IT administrators can better handle the bring-your-own-device environment. Originally, this management system only tracked logins from browsers, but it now has jurisdiction over mobile. IT can decide which devices a particular user can access their Box account from, and it can monitor the Box activity on those devices. It can see what files have been opened, as well.

Lastly, those Box customers who also use Active Directory, in essence a one-stop-management-shop for IT administrators controlling Windows computers, can now create groups. Pre-existing groups of people designated in the AD system will automatically sync to Box. Those who login to the Box system will immediately be given permissions based on their AD groups.

Box’s clients currently make up 82 percent of Fortune 500 companies.

The partnership with Intel is also designed for ease of use. Intel has a similar solution to the AD called the Intel Expressway Cloud Access 360. Very simply, Box and Intel created a single sign-on for IT administrators to manage groups within the Expressway. It’s an easier way of going back and forth between the management system and Box and allows for similar group and permissions populations based on what has already been set up in the Expressway.

Box is winding down its 2011 initiatives as mid-December hits, but 2012 will be filled with more engineering hires and attempts to attract the bigger enterprises to its customer roster. Daniels, who comes from working on Salesforce’s Chatter, a social business product for enterprises, says Box will be focusing on its social aspects in the coming year. The company also wants to gain more certifications in security, to bring even more comfort to CIOs.

“McAfee uses Box,” said Daniels. “That’s a great endorsement of how we take security seriously.”

The company is launching these features in 2012 and is now also offering unlimited storage to its enterprise clients.

Sept. 9 - 10, 2013
San Francisco, CA

Early Bird Tickets on Sale

Leading software-based networking provider Vyatta has raised $12 million in a new round of funding, with a goal of continuing to improve security for physical and cloud infrastructures.

“The number one concern of CIOs is security,” Vyatta CEO Kelly Herrell (pictured) told VentureBeat. “We help give them peace of mind by solving some of the biggest security networking issues.”

Vyatta offers several networking solutions, including its popular Network OS for the Cloud. With it, the company claims to deliver “advanced network security and connectivity in a cloud-ready, virtualization optimized, software appliance.” The software is simple to deploy and maintains security with its enterprise-class firewall, IPsec VPN, OpenVPN, network intrusion prevention, web filtering, and more.

Harrell told us that Vyatta’s growth with customers using its cloud solutions has reached an astounding pace this year, signalling how many companies want to get into the cloud. Specifically, Vyatta’s sales were 20% cloud-focused at the beginning of the year but will reach 60% by the end of the year. Vyatta counts Dell and Carpathia as clients.

The new funding round was led by HighBAR Partners, with participation from existing investors JPMorgan, Arrowpath Venture Partners and Citrix Systems. Vyatta’s funding now totals around $45 million.

“The networks for cloud architectures need the security, flexibility and elasticity of Vyatta’s software-based approach, not the traditional ‘black box’ model of legacy vendors,” said Roy Thiele-Sardiña, Managing Partner at HighBAR Partners, in a statement. “With Vyatta, HighBAR sees an opportunity to redefine how networks and data centers are connected and secured.”

Belmont, Calif.-based Vyatta was founded in 2006 and now has 50 employees. Herrell said the company is “hiring rapidly” and just opened a European office last month.

Take a glance at the photo below to get an idea of how Vyatta’s software is set up.

CloudBeat 2011 takes place Nov 30 – Dec 1 at the Hotel Sofitel in Redwood City, CA. Unlike any other cloud event, we’ll be focusing on 12 case studies where we’ll dissect the most disruptive instances of enterprise adoption of the cloud. Speakers include Aaron Levie, Co-Founder & CEO of Box.net; Amit Singh, VP of Enterprise at Google; Adrian Cockcroft, Director of Cloud Architecture at Netflix; Byron Sebastian, Senior VP of Platforms at Salesforce; Lew Tucker, VP & CTO of Cloud Computing at Cisco, and many more. Join 500 executives for two days packed with actionable lessons and networking opportunities as we define the key processes and architectures that companies must put in place in order to survive and prosper. Register here. Spaces are very limited!

Sept. 9 - 10, 2013
San Francisco, CA

Early Bird Tickets on Sale

Cloud security startup Okta has added integrated single sign-on and multifactor authentication to its cloud security offering, a move that will improve security and stability for organizations using cloud-based software.

“We’re the first company to offer this all-in-one package to give secure access to users in the cloud,” Okta CEO Todd McKinnon told VentureBeat.

Okta is of many companies in the emerging cloud software space, but it defines itself by solving the tricky problem of secure cloud access. It adds a layer of security on top of existing cloud applications, and it serves high-profile customers like Box.net, Pandora and AMAG Pharmaceuticals.

Companies that have a hard time trusting in the reliability and security of the cloud will appreciate what Okta is trying to do.

Using Okta’s multifactor authentication means that if a user loses a password or uses an terrible password like “password” or “qwerty”, another layer exists to stop intruders who don’t belong.

“With this solution, organizations don’t have to rely solely on a password to authenticate users,” McKinnon said. “[They] can ask an additional security question or use a soft token to make sure people are who they say they are.”

This development means Okta is one step ahead of much bigger competitors like Microsoft, VMware and Oracle. If you use one of those companies to secure your cloud and want multifactor authentication, you have to go to other companies to fill in that gap, rather than having the tools in a single dashboard.

“We’re making it easier for the IT guy because he won’t have to spend as much time managing cloud access,” McKinnon said.

San Francisco-based Okta was founded in 2009 and currently has more than 40 employees. The company’s most recent funding totaled $16.5 million and was led by Greylock Partners with participation from new investor Khosla Ventures and existing investors Andreessen-Horowitz and Floodgate. The company has raised $27.5 million in total.

This round was led by Greylock Partners with participation from new investors Khosla Ventures and existing investors Andreessen-Horowitz and Floodgate.

People are scared of the cloud. A cloud is big and opaque; it is easy to be fearful that cloud security is opaque as well. According to chief executive Todd McKinnon, Okta has a product that can comfort enterprise executives looking for secure access to the cloud.

Okta, which launched its product in January, provides a safe access point into the cloud for multiple employee usage. Originally, the company targeted mid-sized enterprises. But since launching, larger enterprises want in on the action.

Companies such as pipeline equipment supplier T.D. Williamson and AMAG Pharmaceuticals use the service, as well as big-name mid-size companies like LinkedIn and Pandora.

“They see the cloud as the future of corporate IT,” said McKinnon in an interview with VentureBeat. “It’s a very robust business.”

The funding will be used for product development, including a new feature allowing managers to track access and actions made in their cloud. The auditing system will automatically log who signed into the system, where they signed in from, and any tasks they executed.

Also in the works is an app-store interface, where cloud masters can browse services and applications for purchase. Rather than a mobile entity, as many appstores currently exist, this would take place on the web. Products available in the store are pre-Okta-approved and guaranteed to work within Okta’s security parameters.

“This is critical because the biggest barrier to cloud adoption is the concern about security,” said McKinnon.

Technically, however, Okta didn’t immediately need this round of funding, McKinnon said.

“Frankly,” said McKinnon, “we had some of [our first $10 million round] left. We could have run several more quarters.”

But McKinnon wanted to make sure Okta could scale to meet the demands serving large enterprises. To continue building expertise, McKinnon added David Weiden of Khosla Ventures as an advisor as well as Aneel Bhusri, co-founder and co-chief executive of Workday to its board of directors.

McKinnon spoke of Bhusri, “He has a pretty unique perspective. He’s the co-CEO of a growing SaaS company and he’s seen the evolution of cloud in the enterprise first hand. He sees the importance of what we’re building.”

As for competitors, Okta is keeping an eye on the big dogs, like Microsoft, VMware and Oracle. McKinnon believes, however, that Okta’s size gives it speed and agility when innovating. Additionally, the fact that Okta is a native cloud service makes it competitive.  According to McKinnon, Okta is not bogged down by software downloads, and other features that make cloud protection bulky.

Okta was founded in early 2009 and currently has 36 employees headquartered in San Francisco. The company received $27.5 million to date from Greylock Partners, Khosla Ventures, Andreessen-Horowitz and Floodgate. Andreessen-Horowitz provided the company with a $10 million first round last July.

Ping offers several tools to secure a company’s identity in the cloud, including PingFederate, software that allows employees and customers to access a number of online applications with a single, secure username and password. It also offers PingConnect, an online version that can integrate with popular enterprise tools like Salesforce.com. The company says the single login can increase productivity and lower help-desk and administrative costs.

Several other companies are trying to offer secure enterprise identities in the cloud, including Okta, a cloud application management tool, which received funding from well-known cloud pioneer Ben Horowitz, co-founder of venture fund Andreessen Horowitz.

The Denver, Colorado-based company, founded in 2002, previously raised a first round of funding for $13 million. Investors for this round included Triangle Peak Partners, Silicon Valley Bank and existing investors Appian Ventures, Draper Fisher Jurvetson, General Catalyst Partners, SAP Ventures and Volition Capital.

For a decade, Philippe Courtot, chairman and chief executive of Qualys, has been singing the praises of cloud-based security. Many people were skeptical of security-as-a-service, where the security for a company or an application resides in a web-connected data center.

But Qualys is now a company with $65 million in revenue and it’s now introducing its second-generation cloud-based security platform, dubbed QualysGuard IT, at the RSA security conference in San Francisco, which runs this week. Just as Salesforce.com has transformed the way sales people deal with customers through a cloud computer service, Qualys is trying to transform security in the same way, so that it moves from attempts to protect individual machines to protecting an entire enterprise and its data, wherever that might be. If it succeeds, there’s a bigger pot of gold awaiting it.

The new Qualys platform represents a big overhaul, and it comes on the heels of new cloud-based scanners announced a year ago. It is an entirely new back-end computer system with new Qualys applications, service and ways to protect user security. If it works as billed, then corporate customers — 47 percent of the Fortune 100 already use Qualys — will be able to protect their data and see more uptime for their web sites. For example, if a user moves from one side of the company to another, Qualys can simply drag and drop the individual’s computing resources so that he or she can access them immediately upon transfer.

“We have spent a lot of time re-architecting the system,” Courtot said. “The network is changing. Virtualization has arrived. The movement to the cloud is unstoppable.”

Courtot, who is one of the keynote speakers at RSA, said in an interview that Qualys has worked on the new technology for two years, integrating the best lessons of the Web 2.0 era, cloud computing and software-as-a-service technologies. The new back-end infrastructure is based on the Java programming language and it has a user interface built for people familiar with social networking services.

The service is aimed at making it easy for information technology managers to spot anomalies and figure out if the corporation has a security problem or not. The simplified user interface is aimed at targeting smaller businesses, where it’s less like that they would have a large in-house security team.

Courtot said that the service can be deployed in a matter of hours anywhere in the world. That’s one of the advantages of having a cloud platform. Big Qualys partners include BT, Etisalat, Fujitsu, IBM and others.

Qualys is also unveiling a new web-based application firewall today. The open-source software is known as IronBee, and its goal is to create a way to detect threats to the corporation at the point where data crosses from inside to outside of the company and visa versa. IronBee inspects traffic for security breaches and fixes them. Courtot said the application is open source because no single company can block all security threats. New kinds of collaboration are necessary.

Qualys is used by 5,000 organizations in 85 countries. The company raised its last round of venture money in 2004 and it became cash-flow positive in 2006. The company has been profitable for the past two years and gross margins are at 83 percent. The company makes its money via subscription revenues and it has been expanding by moving into adjacent services. Now, the company has a full suite for cloud-based security.

Rivals include enterprise software vendors and other cloud-based startups.

Product manager Travis McCoy said Google Apps’ main security issue is the same one facing many other websites. It’s only protected by a username and a password, a combination that can be vulnerable, for example if you use the same password across multiple sites or if you’ve written it down somewhere.

To tighten security, Google is adopting an approach that’s similar to one used by some larger companies — adding an extra password, one that’s randomly generated and changes over time. Traditionally, the password is delivered using an extra device, like a smartcard that employees carry around. The extra device makes these programs more expensive, and can be a pain for employees if they forget where they put it.

Google simplifies the process by delivering the password to a device employees are already carrying around, namely their phone. Users can sign up to receive the passwords via SMS text message or through an application they install on their Android, BlackBerry, or iPhone device. So even if someone manages to steal or guess your password, they won’t be able to get into your account unless they’ve stolen your phone too. And if you’re accessing Google Apps from a computer that you believe is completely safe, you can tell Google to remember your verification, so you only have to enter an extra password once every 30 days.

The new feature goes live today for Premier, Education, and Government Google Apps accounts. Like I said above, it should help win businesses over if they were worried about security risks. (Remember that a hacker leaked some of Twitter’s files last year after getting access to an employee’s Google Apps account, though Twitter said, “This attack had nothing to do with any vulnerability in Google Apps which we continue to use.”)

McCoy said the bigger goal is to move websites towards this new, stronger model of security: “It’s the [old] model itself that’s broken.” So Google will eventually make this feature available to consumer users of apps like Gmail, as well as to businesses with the free Standard Edition of Google Apps. It’s also making the code for the mobile apps available via open source, so that other online services can follow its lead.