The idea that no executable piece of code coming from an end user device can be trusted without specific permission at the hypervisor level will drive Bromium

Former Citrix CTO talks new cloud security start-up

In wake of the massive changes to the mobile landscape this week, a new heavily funded cloud security start-up plans to focus nearly all of its efforts on securing smart phones, tablets and laptops.

Bromium, still in stealth mode and backed by virtualization industry veteran Simon Crosby, is focused on the consumertization of IT and its “enormous threat” to cloud computing environments. The former Citrix Systems CTO founded the company along with Guarav Banga, former CTO and senior vice-president at Phoenix Technologies, and Ian Pratt, chairman of Xen.org and co-founder of XenSource.

While the start-up picked up US$9.2 million in funding earlier this summer, it has still offered up few details to the press on the specifics of its technology.

“We’re product guys so we’ll definitely be delivering products,” Crosby, who was in Toronto on Thursday, told ComputerWorld Canada. The product, which should ship in beta mode to enterprises and cloud service providers before the end of the year, will not be a service offering, he added.

When asked whether the company might be delivering something in the mobile device management space, Crosby shot down the idea and MDM’s ability to provide complete security of end user clients that access public clouds. He said that while administrators can provision apps, keep an audit trail and remotely wipe data, employees can still “walk out of the enterprise with a whole bunch of data” and make copies of it before IT can react.

Crosby, who left Citrix on good terms to pursue the start-up, said the risk of mixing end user clients with cloud computing can be combated through virtualization, with the hypervisor acting as a crucial platform to provide servers and clients continuous protection from dangerous malware. To protect valuable corporate data, access to cloud-based resources needs to be verified as secure, or white-listed, from the client level.

The idea that no executable piece of code coming from an end user device can be trusted without specific permission at the hypervisor level will drive Bromium’s products, he added. The idea, Crosby said, is to use virtualization to isolate the interactions apps have back to the cloud.

“It’s incumbent on us to comprehensively re-examine our security practices, given the undeniable fact of state funded cyber warfare and industrial espionage,” Crosby said. “The glaring hole in this is the way we’ve previously created computer solutions.”

“We have an opportunity with virtualization to dramatically change that.”

Crosby said that the company will be able to reveal more details about its product in the fall.

A survey of 988 information technology managers published last month by vendor Courion shows 69 per cent of the organizations they work for let employees use personally owned mobile devices to connect to the corporate network, though a quarter of the total say they either don’t have a policy on how these personal mobile devices can access applications or are unaware there is one.

“The notion of employee-liable devices is not something that can be ignored,” said Andrew Borg, analyst at Aberdeen Group.

– With files from Jon Brodkin, Network World U.S.

Related Download
Cisco Secure Mobility Knowledge Hub Sponsor: Cisco
Cisco Secure Mobility Knowledge Hub
This Knowledge Hub provides an end-to-end look at what it takes to discover, plan, and implement a successful Secure Mobility strategy.
Learn More
Share on LinkedIn Share with Google+ Comment on this article