FireHost Founder Takes off the Gloves, Touts Enterprise-Grade Cloud Hosting
Drake described FireHost – an infrastructure-as-a-service (IaaS) public cloud computing company based in Dallas, TX – as having more built-in security features than market-leader Amazon Web Services (AWS) and being truer to the public cloud model than other enterprise-grade cloud hosting solutions like Rackspace, Savvis or Verizon Terremark.
FireHost leverages VMware, but the company wrote its own virtual machine orchestration and management layer equivalent to OpenStack or VCloud Director, replacing much of the higher-level VMware technology, so as to be able to integrate its own security and management functionality. This allows FireHost to integrate additional security services and eventually will enable it to become hypervisor-agnositic.
FireHost has a different model than AWS, which is the market leader in the IaaS category. To meet security needs, Amazon frequently relies on and encourages third party security vendors (such as Trend Micro) to integrate tools with AWS, offer them in the Amazon Marketplace and sell them directly to customers. FireHost, on the other hand, builds the security services into the virtual machine images and management services that customers run, seeking to create a turnkey solution. Both models, of course, have merit and are not mutually exclusive for these services or their customers.
Drake said FireHost builds in the following security services:
- Hypervisor firewalling
- File, whole disk and database encryption with partners such as Porticor selected in part because they allow customers to store or control the keys
- SSL encryption, inspection and certificate provisioning
- Deep packet inspection, including full layer 7 support with web application firewall (WAF)
I liked Drake’s explanation that FireHost’s approach allows customers to deepen log visibility and gain benefits from FireHost’s wider view of collective intelligence. FireHost logs and retains all traffic, per-customer, down to the network level. The company partners with AlertLogic for security information and event management (SIEM) and because it does per-customer logging and inspection, can gather threat intelligence across a broad community. By contrast, Amazon makes a virtue of not inspecting per-customer traffic (leaving it private) and sports lower costs due at least in some measure to its minimization of log storage.
FireHost’s posture has, however, brought it a number of security-conscious customers, especially in the financial services and health care industry. Other customers include entities hosting sites for marquee brands such as RSA Security, the Clintons and even Kevin Mitnick (who himself attract many attacks.)
Unlike Rackspace and other enterprise-grade IaaS services that emphasize their ability to provide customers the best of both dedicated and multi-tenant hosting, FireHost only offers the multi-tenant format where virtual machines from different customers share the same physical servers. It compensates for its lack of the higher control (but also higher cost) dedicated hosting option with both customer-controlled encryption and strong guarantees of data residency.
Drake noted that because FireHost rebuilt functions such as orchestration and logging for the public cloud environment, it can guarantee non-U.S. customers that ALL processing will be done in the data center (currently UK, Amsterdam, or Singapore) of their choice. (Apparently, some competitive services can’t provide all services, such as failover or offline backup, without involving multiple data centers, some of which may be in the U.S. However, at press time, it wasn’t feasible for me to verify how the major services compare when you drill down on data residency).
What about that dirty little secret? Drake said that Amazon and other cloud services inherit the administrator account management ills of the industry; Amazon’s 2000 administrators, for example, all log into servers with the undifferentiated “root” account, and that’s all you can see your instance’s logs. (To be fair, Amazon has compensating accountability controls in the customer support ticket business process). FireHost, on the other hand, users privileged administration tools from CyberArk to underpin full administrator accountability at the technical/logging level.
Drake plans a PR campaign around “the dirty little secret.” He claims he didn’t want to hurt the cloud computing industry in its early years, but now its okay to “take off the gloves.”
This could get interesting!