Adallom is a cloud security broker, meaning that it sits between the customer and cloud-based services, providing an additional layer of protection. It hopes to put customers’ minds at rest when it comes to interacting with SaaS and other cloud-based solutions by enabling CIOs to use them commercially while protecting their data.
Adallom tracks who accesses cloud-based services from within the company and provides an audit trail of their activities. It identifies privileged users accessing the systems, and can spot ‘zombie’ user accounts that have never accessed the system, highlighting these users as particularly risk ones to watch. It can also be used to manage and block access by particular groups of users.
The service also features some data protection measures. It includes data loss prevention integration to stop sensitive data being sent to cloud-based services, and encrypts data before it hits the cloud, enabling customers to manage their own encryption keys.
Encryption doesn’t appear to come out of the box, though. Adallom, which runs as a private cloud or SaaS-based solution, integrates with third-party encryption tools. Integration is a big part of its value proposition. The service is designed to integrate with companies’ existing security solutions, particularly security incident and event management (SIEM). This can be particularly useful to CIOs wanting a high level of cybersecurity by applying their own point solutions in a cloud-based context.
Microsoft signed a letter of intent to acquire Adallom in mid-July. With the acquisition, it gets into the same market as cloud security brokers like CipherCloud, Skyhigh Networks, and Elastica. The service will particularly interest CIOs worried about the shadow IT problem, Microsoft said in a statement:
“Adallom provides a complete solution for Shadow IT, from discovery and risk analysis to granular cloud control (including DLP policies and anomaly detection for sanctioned and unsanctioned apps),” it told IT World Canada.
Adallom serves Office 365 with its product, which will naturally be of interest to Microsoft. The software giant has been expanding its security offerings around Office 365 of late, recently launching Advanced Threat Protection, an add-on to its Exchange Online cloud email service that expands its malware scanning capabilities.
Microsoft will continue to offer the Adallom service as-is for now, and hasn’t made any announcements about tighter integrations with Office 365, or rebranding. It will also continue to offer Adallom’s support for other cloud-based services.
These other services include Salesforce, IT service management platform ServiceNow, Google Apps, file syncing services Box and Dropbox, and business commerce service Ariba. Also on the list are SaaS collaboration solutions Jive and Yammer, and Amazon Web Services.
What isn’t yet clear is how comfortable customers will be buying cloud security services owned by a company that offers competitive business application services. Microsoft competes in several of these areas with its Azure-backed, cloud-based business SaaS solutions, and experts have suggested that Azure itself trails Amazon Web Services in the cloud infrastructure as a service marketplace.