When it comes to extending enterprise infrastructure to the cloud, a common concern revolves around security. Network security vendor Check Point (NASDAQ:CHKP) now has a solution, enabling enterprises to have same policies on-premise and in the cloud.
Check Point is now offering its software blade portfolio of network security appliances for the Amazon Cloud (AWS). The software blade offerings include IPS, Firewall and filtering capabilities.
“What we’re doing is bringing all the core security technologies that we’ve had for years and now we’re able to deliver it on the Amazon cloud,” Fred Kost, head of product marketing at Check Point, told InternetNews.com.
Kost explained that for organizations that have already deployed Check Point in their own enterprises, the same security can now be extended to the cloud. He added that an enterprise can now have a common policy across the cloud and on-premise.
“So now the Amazon Cloud looks just like another enterprise instance of a gateway,” Kost said.
From an acquisition and deployment perspective, Kost noted that enterprises need to set up their own Amazon instance for infrastructure. The actual Check Point blades are licensed via Check Point resellers or directly by Check Point. Licenses from existing enterprise deployments can potentially be moved to the cloud.
“You could move an equivalent function to the cloud using a license you might have already,” Kost said. “We’re running common code on common software blades, so it really is equivalent functionality.”
The Check Point blades leverages the Amazon infrastructure and aren’t a new virtual edition. Check Point also has a Virtual Edition (VE) that is about securing traffic in a virtual environment across guests.
“Amazon is exposing to us a Xen container so we’re running our gateway operating system in that container,” Kost said.
Currently Check Point’s appliances are available on Amazon because it is the leading cloud vendor. Moving forward, Kost hinted that as the market demands, Check Point will move to support other cloud vendors as well.
When it comes to securing the cloud, Kost noted that the basic items that you need in an enterprise are the same as what you need for the cloud. Those include some form of access control firewall and VPN.
“The cloud is a little different in that not all the end user traffic is necessarily ported to the cloud,” Kost said. “In such a case, applications and data hosting is the cloud use case, in which case the focus is on data security.”
Kost added that from a data security context, if an enterprise moves its data to the cloud, it needs to be able to control how the data moves around. For companies that have moved all of their infrastructure and users to the cloud, there will more need for end-user protection.
“It all depends on what you have moved to the cloud, but you need at least the baseline access controls like firewalls to ensure that you have the same protection for assets that are in the cloud as for those in the enterprise,” Kost said.