Managing and securing access to multiple public cloud services can be a challenge for enterprises that are embarking on a multi-cloud strategy.
Besides making sure that only authorised members of the IT team are granted access to cloud services, there’s also a need to implement controls to prevent misconfiguration of resources that could have grave consequences, such as data leakages in the case of misconfigured Amazon S3 buckets.
Then, there’s also a slew of compliance and legal requirements that enterprises, especially in regulated industries, will need to comply with.
While there are various cloud security management tools in the market, San Francisco-based start-up C3M is making it easier for administrators to implement security, compliance and access controls across multiple public cloud services.
In a demo of C3M, which can also be deployed on the public cloud and on-premise, the company’s chief product officer Anil Kumar showed off the software’s user-friendly interface that makes it easy to keep track of the status and security of multiple cloud services on a single dashboard.
In the policy compliance module, for instance, administrators can quickly see which cloud service configurations do not comply with pre-set policies, delve into the actual configurations, such as how long the service has not been in compliance, and even remediate the issues automatically.
And through audit trails, administrators can identify when the last configuration was made, by whom, as well as the severity levels of non-compliant configurations.
For now, C3M supports major cloud services including Amazon Web Services, Google Cloud Platform and Microsoft Azure, with out-of-the-box security policies available for enterprises to enforce on public cloud services.
Kumar says administrators can also build custom policies if they like. This can be done easily using C3M’s query language in an explorer mode that lists various policy attributes that can be applied to a virtual machine, for example.
Aswin Unnikrishnan, C3M’s head of operations, says the company has received requests from channel partners for a cloud cost control module and is currently evaluating the option.
C3M also plans to support hybrid cloud environments that will enable enterprises to manage their private and public cloud environments through the same platform.
So far, the company counts some of the largest financial institutions as clients, including one in the US that was hacked years ago, according to Unnikrishnan. “We also have some smaller companies and software distributors in the UK as customers.”
C3M sells its software via a workload-based licensing model. It keeps track of the number of workloads its customers are managing through its platform, and the moment customers hit close to 90% of their licensed workloads, a reminder will be sent.
Unnikrishnan says some C3M customers manage as many as 100,000 workloads and claims that the company’s pricing strategy is disruptive. “It’s almost a third or a quarter of what the competition charges for similar features.”