CloudCheckr is part of a small but thriving third-party market consisting of companies that shed more light on what's going on inside the AWS cloud. Cloudability, Cloudyn, Cloud Cruiser, Newvem, ExtraHop Networks and Uptime Software occupy this space and compete for AWS users.
CloudCheckr is an online service that provides basic AWS monitoring for free, and advanced, CloudCheckr Pro for $179 a month. CloudCheckr Gov is also priced at $179 a month. It's more than a passive monitor. It checks for up to 150 best practices in cloud workload configurations and security alignments. It can advise what should be done when it spots an exposure or shortcoming. With evident foreign interest in hacking U.S. government agencies, expertise in security and the ability to monitor GovCloud help set CloudCheckr apart.
[ Want to learn what Amazon Web Services offers in its own Trusted Advisor performance tool? See Amazon Tool Helps Shape Your Cloud Workload. ]
CloudCheckr, based in Rochester, N.Y., must provide built-in controls that assure GovCloud is being accessed by U.S. citizens. It can do so in part through its partnership with JHC Consulting, a veteran-owned business that specializes in, among other things, reselling AWS infrastructure to government agencies.
"The expertise of the team at JHC Technology has been critical in accelerating the launch of CloudCheckr Gov," said Aaron Klein, COO of CloudCheckr, in an email message following the announcement.
CloudCheckr uses that capability to dismiss some of its rivals. "Other chief vendors in our space, Newvem and Cloudyn, are not able to provide GovCloud support since each is based in Israel (and thus does not meet the U.S. Persons-only standard for GovCloud access). But the CloudCheckr development team was initially based in Argentina, and CloudCheckr still lists a "satellite office" in Argentina, which isn't so different from its rivals.
Regardless of the issue of national boundaries, both AWS and AWS GovCloud meet the "moderate" standard set by Federal Information Security Management Act (FISMA) for computing infrastructure. CloudCheckr assesses workloads sent to GovCloud to alert their owners to any FISMA moderate control exceptions and benchmark compliance and performance in the areas of shared control with GovCloud. CloudCheckr Gov also ensures compliance with International Traffic In Arms regulations.
GovCloud has its own API, which is formatted differently from the standard AWS CloudWatch monitoring service. CloudCheckr has integrated its monitoring and performance analysis into the GovCloud API. Likewise, GovCloud has different purchasing options and pricing tables from the standard AWS pricing, including the option to purchase physical hardware on which to run an instance.
The CloudCheckr Gov service arrived as sequestration cuts decrease federal agency budgets and reduce capital expenditures. Company spokesmen say the GovCloud service can aid agencies in adopting cloud computing and meet the FedRamp directive for agencies to move more operations into the cloud.
To encourage adoption, Amazon recently made a GovCloud Management Console available that mimics the functions of the regular Amazon management console, but access to the GovCloud console is restricted to authorized GovCloud users.
CloudCheckr isn't oriented toward one industry segment. It launched CloudCheckr Gov because it wants to help "a broad range of companies and organizations" use the Amazon cloud, Klein said via email.
CloudCheckr received $2 million from Genesee Capital and Garrison Capital in its Series A round of funding April 11.