rvlsoft - Fotolia

Becrypt security platform helps ease cloud adoption

Becrypt’s secure operating system is driving a new service aimed at helping organisations reduce cost and increase agility in using cloud-based services and online applications

Businesses are increasingly looking for user device services that are cost effective and agile, while at the same time being secure.

“Organisations are increasingly moving to cloud-based and online services for the cost, security and scalability benefits, but also want to replicate that in the internal infrastructure,” according to Bernard Parsons, co-founder and CEO at Becrypt.

To meet this market demand, endpoint security provider Becrypt has developed a desktop-as-a-service offering based on its Paradox security-focused “cloud client” operating system, he told Computer Weekly.

The newly launched Paradox Edge is a managed service that enables organisations to extend the value of cloud adoption across the enterprise by reducing the infrastructure cost and the software complexity associated with user devices.

Paradox Edge is designed to enable businesses to outsource the complexity of third-party client applications on user devices such as antivirus, intrusion detection systems and personal firewalls.

This means the need for third party software is eliminated and automated patch management for the operating system and any authorised apps is simplified, thereby reducing complexity, cost and management time.

“Paradox Edge allows organisations to adopt a user device strategy that is optimised for cloud – and be able to consume that as a service – including the operating system and applications running on devices as well as an application management platform hosted in the cloud so they can focus on the core business,” said Parsons.

Device agnostic

Paradox Edge is device agnostic to enable organisations to repurpose existing devices and set up new users within minutes to access familiar tools of choice such as Office.

The service enables businesses to select a preferred cloud infrastructure such as Amazon Web Services (AWS), deploy the cloud client devices and then manage users through a web management console.

“At Becrypt, we believe that not all the benefits of cloud reside in the cloud,” said Parsons. “Organisations aiming to realise the cost savings and flexibility offered by the cloud are finding that the burden of provisioning and managing user devices is a barrier to success.

“By eliminating the need for third party software on devices, Paradox Edge removes that management pain point, reducing cost of ownership and complexity to provide a more easily managed environment,” he said.

Although aimed at reducing cost of ownership and increasing agility, Becrypt’s Paradox security-focused operating system is a basic building block of Paradox Edge, according to Parsons.

“The key objective of Paradox is that each time you switch it on, you know it is in a known good state, which is validated by the system carrying out a series of health checks or cryptographic checks that have a root of trust in hardware in the form of a trusted platform module [TPM].

“So there are cryptographic checks of the firmware, the operating system and all of the applications that are authorised to run on a particular user device. This gives the user confidence that it is unaffected by malware, which has a significant impact on the effort required to maintain security,” he said.

Read more about managed services

This approach, said Parsons, shifts the focus to defence rather than detection. “By using a platform architecture that you can validate is healthy means you don’t have to invest a lot of effort in trying to detect whether some anomaly exists in your environment.”

The Paradox operating system has its origins in a research project funded by the UK’s National Cyber Security Centre (NCSC).

“The aspirations of the ‘cloud client’ research were around finding ways of implementing universal access for public sector organisations to be able share IT infrastructure more easily,” said Parsons.

“To achieve that, you need a user device that has a robust architecture so you can trust it every time it is turned on, you need the ability for those devices to be able to prove their healthy state to whatever services they are accessing through a remote attestation protocol, and you need collaborating organisations to be able to set up trust relationships between them, which is achieved through federated identity management.

“The three elements – the secure endpoint, the ability to prove it is secure and the ability to share trust information between organisations – led to Paradox, which we were able to commercialise out of the research project and has been accredited for running on classified environments within government,” he said.

With Paradox as a basic building block, Paradox Edge has security controls integrated within the platform, which includes things like personal firewalls and malware prevention. “The whole security requirement for a user device is bundled into the service,” said Parsons.

Early adopter

An early adopter of Paradox Edge is East West Rail – which, as a quasi-government organisation, needed to be secure – is essentially a startup with only around 50 employees and a greenfield IT environment that is cloud-focused, he said.

“They don’t want to build up anything substantial in the way of internal IT resources, so they have offloaded the requirement for establishing a user device infrastructure in a scalable and agile way so they do not have to assign any of their own resources to that.”

Although well suited to startups that want to deploy a user device infrastructure quickly, at low cost with the ability to scale, Parson said Paradox Edge is also useful to established enterprise environments which need to roll out secure access to their cloud-based infrastructure to mobile workers or contracted employees to boost productivity.

“All organisations will benefit from reduced desktop management costs and the peace of mind associated with deploying a robust, security-focused operating system designed in collaboration with UK government,” he said.

Read more on Cloud security

Data Center
Data Management