Claudit or cloud auditor
A proposal for the creation of a cloud based cloud auditing company!
In today’s IT horizon, Virtualization and cloud services are prevalent and gathering more momentum as we speak. One major problem of this paradigm is the particular difficulty of managing and furthermore auditing the work performed on cloud based servers with GUIs.
There is no physical device to monitor, neither a corporeal engineer to be managed, so how does one cope with quality control, or compliance or a hundred other issues that have to do with technology management ? How does a company pass a compliance audit over its outsourced virtualized infrastructure?
Enter Rautor ( https://sourceforge.net/projects/rautor/ ). Some time ago I authored an auditing aid application that records the usage of windows based PCs. It dumps screenshots, keyboard logs and application textual data from the machines console be it physical or virtual. Rautor works not only on system consoles with one or more monitors attached but is particularly efficiient in Terminal server setups where there are no physical devices.
The Central Idea behind claudit
The IT or security manager creates a user account on the web site and downloads a free copy of rautor agent ( please somebody come up with a better name). He then proceeds to install rautor and enable it with the same user name and password to as many machined as he sees fit. The agents start their work and upload the data in chunks to the storage server farm. The administrator can then review and replay any session using the online Multiviewer application.All the sessions will be bundled under the same user credentials so if a company needs logical isolation of more than one class of recordings , all they have to do is purchase more accounts.
For a proof of concept please visit http://www.unix.gr/rautor/rautor_free/full/ so you can replay some sample sessions. The combination of the agent and player is so powerful that administrators can even do searches for textual screen contents when available.
Option A (Anything): Charging will be simple per Mb/month much like loggly does. This is quite easy to digest by the customers and since rautor is configurable for the size and bit level of the images it creates , the customer’s administrators can easily adjust it to their needs. They can go for high quality , or large screen size, full color or gray scale etc. This option would have no backup of the user data.
Option B: (Backup) would include whatever option A has , plus copies of the data to redundant storage servers. Obviously it will cost at least twice as much as option A.
Option C: (Compliance ) This would provide Compliance Ready storage that could potentially be used by local authorities to audit and cross check computer usage records. Obviously that option that would be much more expensive since it requires better ,more redundant storage that is carefully backed up.
Things I can and cannot do
I can design and implement most of the backend stuff and PC software and their interactions. I can do most tech, I cannot do web design , that will have to be handled by an outside agency under my supervision. I cannot for the life of me wrap my head around sales, or crm applications to be used by sales people. That will need doing.
The current competition is focused on providing campus based auditing services and not distributed cloud based ones. There is observeit-sys.com and www.tsfactory.com which are both good companies, yet focused on the local data center . I strongly believe that I can carve a pretty nice chunk of the global market for a number of reasons.
a) All the monitoring and replay functions are web based, which means that a security administrat0r can do his auditing work from even a smart phone
b) They have no live over the web monitoring option, which I do. This is project coliau as mentioned below.
c) we can support unix like OSes too. A preliminary linux port is available.
d) I am open source friendly, that is there will be stripped down versions available for free as a guerilla marketing tactic.
e) I can twist this into a PCI compliance aid.
Rautor can be sold either retail over the cloud or as a device for the campus. As a device it can be bundled with http://coliau.codeplex.com to enable security admins to monitor live what the users are doing.
An Apple port would be relatively easy given the similarity to the linux port. No changes are necessary on the web platform.
I can also work in saving on the cloud SSH session recordings like this patch provides. This will help organizations both ensure security and integrity of operations at the same time