by RSS Warren Wu  |  Jul 17, 2014  |  Filed in: Industry Trends

Just a few short months ago, Fortinet had a major milestone for public cloud computing with the release of our flagship FortiGate security solution on Amazon Web Services environments. Security and privacy continue to be a top issues, if not the #1 concern, for enterprises looking to move servers and workloads to efficient public cloud infrastructure. Today we have yet another exciting security announcement for Amazon Web Services customers with the immediate availability of utility-based pricing for Fortinet solutions on the AWS Marketplace.

Starting initially with FortiWeb-VM, AWS customers can now purchase our web application security on-demand from AWS Marketplace on a utility-based, aka usage-based, pricing model. What that means is that AWS users can deploy and use FortiWeb to protect their web applications and data running in EC2, and pay based only how much they use the solution - there are no perpetual licensing fees or long-term contracts. Both hourly pricing and annual subscription pricing are newly available (Bring Your Own License continues to be an available option as well). Annual pricing is an exciting new option that AWS is announcing and enabling for the first time - it allows more cost predictability over yearly periods, and can be ideal for certain customers like Government users who need to forecast their expenses ahead of time on an annual budgeting cycle. You can read more about our new utility pricing offering in the press release on our website, and also check out the solution along with our other offerings directly on the AWS Marketplace.

The AWS Marketplace makes it convenient to leverage solutions on-demand - that is to be able to deploy a solution directly into one's AWS Elastic Compute EC2 tenant environment and start using it right away. AWS takes care of all the usage-based licensing, metering, billing and payments for Fortinet to make this possible (or course this required some co-operative code changes on our end to our normal license file model and tracking as well), and also orchestrates the launching and deployment of the new AMI instance on the user's VPC network (AWS Virtual Private Cloud is a necessary option because it exposes enough of the AWS network routing tables to get our network security controls inline). But more significantly than that, for security and compliance it allows customers to get immediate protection for their sensitive AWS workloads and data - getting us that much closer to the notion of "security-as-a-service" for the cloud.

What do I mean by that? Basically as enterprises leverage Infrastructure-as-a-Service, whether in private or public IaaS clouds, to more quickly deliver applications in an agile and elastic manner, security controls and other network services risk being an afterthought, leaving applications and data exposed. Security should be thought of as another critical infrastructure component, just like virtual compute, virtual storage, and (especially now with the SDN hype) virtual networking/network virtualization, that can be delivered by IT-as-a-service in an agile, elastic, on-demand manner, as soon as new workloads spin up, to avoid any protection or compliance gaps. The AWS Marketplace gets us one step closer to that vision of security as another key building block of IaaS.

We see this as a long-term trend across cloud providers and managed service providers to deliver security as an agile service for public and private clouds broadly, and the coding and platform efforts can be quite involved and complex for the requisite automation and orchestration, as well as the backend integration involved with licensing, metering, billing, and payments, to deliver hardware or software seamlessly as infrastructure services. This can go even further, such as to provide service-level guarantees or SLA's on the level of protection being delivered (think ensuring that any workload meets PCI compliance, for example)

In the end this is really about much more than just a simple price change, but about a new model for security, both delivered by the cloud and for the cloud. Like our fellow cloud service providers, enterprise security needs to be flexible, agile and dynamic in order to give customers the protection they demand for their cloud-based projects.

by RSS Warren Wu  |  Jul 17, 2014  |  Filed in: Industry Trends