A new company has emerged from stealth mode with a cloud-based offering intended to help organizations better monitor, audit, and control the use of software as a service (SaaS) by employees. Adallom has spent the last 18 months beta-testing its software with a number of private clients, and this month the company is officially launching and making its product available to the public.
Adallom, which means "last line of defense" in Hebrew, is set up as a reverse proxy and takes the approach of analyzing end-user activity across each cloud-based service an enterprise makes available. The system creates a running profile of each user in order to identify anomalies against normal day-to-day activities. The service already supports a variety of popular SaaS applications such as Salesforce.com and Box, among others.
[ Also on InfoWorld: CSC expands cloud management capabilities with ServiceMesh acquisition | Mirantis brings enterprise-ready OpenStack distribution to the cloud | Track the latest trends in virtualization in InfoWorld's Virtualization Report newsletter. ]
Adallom was founded in 2012 by cyber defense veterans Assaf Rappaport, Ami Luttwak, and Roy Reznik. As former members of Israel's cyber intelligence division, the founders have an extensive background in information security that provides Adallom with instant credibility when it comes to solving the security challenges facing the SaaS market.
The company's approach is prevention through intelligence, bridging the SaaS security gap by enabling companies to prevent attacks, comply with government and industry regulations, monitor, and verify the endless human interactions within SaaS applications.
As much as cloud services are changing the way people work and operate for the better, security has become a huge issue. One of the big questions has emerged: Who is responsible for SaaS security?
"As of right now, SaaS providers are solely responsible for infrastructure security, leaving account activities on the shoulders of their clients," said Tal Klein, VP of marketing at Adallom. "While on the whole this is a net security gain, as SaaS providers will have more resources to throw at protecting their infrastructure, it has made it nearly impossible for SaaS customers to build and enforce a strong cloud risk management policy."
Simply put, Adallom believes that while SaaS as a class is secure, its usage is not. Adallom's software doesn't aim to control the SaaS applications directly, but instead provide tools to maintain a consistent security policy across the enterprise.
"SaaS has dramatically reshaped the way people work and operate, allowing access to company applications and data from anywhere, on any device," explained Klein. "However, with a vast increase in SaaS adoption, we are seeing a pronounced security gap where organizations are currently lacking the tools needed to build and enforce a consistent policy. And as SaaS adoption grows, the resulting lack of visibility and control has become even more apparent."