Roman Sakhno - Fotolia
Armor Defense Inc. has expanded its reach into regulatory compliance opportunities through a new channel partnership.
The managed cloud security company last week announced it partnered with Cogent Co., a Dallas-based managed service provider (MSP) and consulting firm, which focuses on guiding customers in their compliance initiatives.
"There aren't many companies out there that aren't hit by some type of regulatory requirement to protect their networks. ... I think that there's a huge opportunity with compliance" for MSPs like Cogent Co., said Jeff Schilling, chief of operations and security at Armor, based in Richardson, Texas.
According to Schilling, Armor's partner team has been busy, signing 60 partners since the launch of its global channel program in June. He said a number of Armor partners specialize in building infrastructure inside Azure and Amazon Web Services (AWS), while others build technologies inside of enterprise customers. "I think Cogent is probably one of the few that's focused on compliance," he noted.
With two Armor cloud product lines on the market -- Armor Complete and Armor Anywhere -- the vendor said it has the technology necessary to support Payment Card Industry (PCI) and Healthcare Insurance Portability and Accountability Act (HIPAA) compliance. Armor Complete, a virtual private cloud, offers advanced threat protection and intelligence "within a closed-loop system," while Armor Anywhere is a software-as-a-service offering that provides protection for public cloud platforms, such as AWS and Azure, as well as for private and hybrid cloud and on-premises infrastructure.
Schilling added Armor Anywhere is a good fit for MSPs because it allows them to help their customers become compliant, while essentially offloading much of the security controls they can't manage themselves.
"Basically, what we are is a multicloud security platform that gives our customers two options: One, to host with our highly secure cloud; or two, host in a public cloud, but then bring that data back into one portal ... [that] allows [you] to orchestrate security, as well as operational capability, across both of those environments," he said.
The Armor cloud security model
The majority of Armor's customers that host in its data centers are "highly security-conscious and normally have some type of regulated data that's a part of their business proposition." Eighty percent of the customer base is made up of companies in HIPAA- or PCI-regulated industries -- or both in the case of the healthcare billing industry, he said. The remaining 20% are other security companies. Armor currently hosts about 1,200 customers globally and owns five data centers -- two in the U.S., two in Europe and one in Asia-Pacific.
Acknowledging other vendors brand their public clouds as HIPAA- or PCI-compliant, Schilling said, "When you read the fine print of how they identify compliance, they use a shared responsibility model." This means the cloud provider is only securing up to the hypervisor level of the infrastructure, leaving anything inside the customer environment the customer's responsibility. As a result, many customers develop a security model much later than they should.
"For those folks [who] don't think ahead and build that security perimeter first, and then put their capabilities inside, they're behind the threat," he added. "What's different [with] us is when you build a VM [virtual machine] inside our environment, when you provision a VM, it's already encapsulated in a security model that we build for the customer."
The advantages of cloud defense strategy
Jeff Schillingchief of operations and security, Armor
Schilling, a retired U.S. Army colonel, ran the security and operations center for the Department of Defense and the global security and operations center for the Army prior to joining Armor. "What I learned in those two assignments is that I was fighting a design problem and trying to secure a network that wasn't designed to be secured. In the cloud, you have the opportunity to orchestrate an environment and build an architecture that's defendable," he said.
"In my military experience, most of the generals [who] won the big battles were usually the ones [who] used terrain and architecture in the defense and were able to maintain the initiative over the threat. And that's exactly what you have the opportunity to do in the cloud," he continued. "You have the opportunity to design an architecture that gives you aggregation points that you can put sensors [on], or gives you the ability to put sensors where the threat actors can't even tell that you have sensors or don't know how you're sensoring them. All those advantages are for the people on the defense."
While the company has seen satisfactory growth of the Armor cloud security business over the last five years, Schilling noted that customers, in general, remain skeptical of cloud computing's security capability.
"In our business, I think we're just seeing the tip of the iceberg in the early adopters in the crossing-the-chasm model," he said. "I think that even the mainstream thinkers are not even thinking about, 'Hey, it's actually easier to become compliant in the cloud,' because everybody has this misconception that the cloud is more insecure."