Blog   |   Compliance   |   July 19, 2012

Security? Cost? Compliance?

As we speak to customers, analysts, and professional colleagues, the very first question is always the same: what is CloudCheckr designed to do? What market is it designed for? What problem does it solve?
In private, our CEO Aaron Newman and I often wrestle with the answers to these questions. We debate: who is our target audience and what is our message? Where do we want to end and for whom should CloudCheckr be purposed?
Well, depending upon our audience, our public answer often varies. Most often, CloudCheckr is a management and cost solution. It can help identify where you can save money. It will give you the insight into better and more efficient resource allocation. Sometime, it is security solution. It helps you ensure that your security is intact for your deployment.  Finally, at other moments, CloudCheckr functions in a compliance role. It will help ensure that you are adhering to both internal and external compliance standards.
However, what has become more obvious as we progress through our product development stage is that having an official “correct” answer really does not matter to us. Although we know that the answer definitely matters to our customers – they each have specific needs and concerns which they want CloudCheckr to address – from our perspective, the specific answer is far less important. In fact, defining the “correct’ answer may even be limiting and counterproductive.
I say this because what CloudCheckr truly does is provide visibility into your cloud deployment. It will discover and catalogue your entire deployment. It will then provide myriad different reports and checks which will vary in importance depending upon your specific need.  Most importantly, however, is that the information is gathered and available in a usable format.
For example, if you are healthcare CIO, you are concerned about HIPAA rules –you definitely do not want the $1000/record violation penalties adding up to a catastrophic event. Plainly, your primary interest is insuring that your S3 buckets are all locked down and that your encryption is completely compliant. You need to know where your data resides and that it is stored correctly.
Well, CloudCheckr can perform that function. It will give you full insight into S3, EBS, and RDS.
Or, you might be a medium size enterprise whose primary interest is that you are not spending extra for your cloud operations. You went to the cloud because cost is important and you want make sure that you are getting your money’s worth.
Well, CloudCheckr can perform the cost analysis for you. Its reports identify where and how you can operate more efficienctly.
Or, you are CISO whose responsibility is to insure that security is not compromised through your fluid cloud deployment. You need to know that you are properly configured, that IP ports are properly closed, and that access is not accidentally made available.
Well, CloudCheckr will provide the analysis. It will report your deployment against best practice security checks. It creates an exception report which provides actionable information.
I could go on with more examples but, I am sure you get the point.
So, what becomes obvious for our internal development is that we do not need to narrowly define ourselves as a compliance or cost or security solution. We are all of these things but, reject each of the labels.
Instead, we define ourselves as a knowledge solution.
CloudCheckr dramatically increases your knowledge. CloudCheckr allows you to truly understand your deployment. It provides you the visibility and actionable insight into controlling your environment.
How you choose to use this insight – whether security, cost, compliance, or governance – is up to you. Plainly, different reports are designed to serve different purposes. But, all CloudCheckr functions are joined in one fundamental way — they empower you to fully control your cloud environment.

Keep up with the Latest in Cloud

Check out our Resources Center for cloud industry news, research, webinars, and more.