VMworld US 2014
HyTrust Inc., the Cloud Security Automation Company, today announced that, building on technologies from Intel Corporation, it has developed powerful new capabilities to secure applications and data in virtualized data centers and the cloud. New HyTrust Boundary Controls let organizations proactively control where their virtual workloads can run, going much further than is currently possible in mitigating the risks of data mobility that virtualization and cloud create. Boundary Controls can simplify regulatory compliance, prevent data theft or misuse, and improve data center uptime.
HyTrust Boundary Controls are built upon Intel®’s asset tagging and attestation services with root-of-trust supported by Intel® Trusted Execution Technology, or Intel® TXT. This hardware-based technology can be used to establish trust of server hardware, BIOS, and hypervisor, allowing sensitive workloads to run on a trusted platform. HyTrust Boundary Controls build upon these Intel® trust technologies to support cloud application and data policies based on additional, customer-defined attributes such as location, security zone, or desired hardware configuration.
“The unprecedented growth of virtualized and cloud computing infrastructures has upended traditional security practices, and that’s a critical concern in enterprises worldwide,” said Eric Chiu, president and co-founder at HyTrust. “Virtualization, by nature, makes workloads dynamic and mobile. There’s never been a way to ensure these workloads can only run in a trusted platform within a designated geography or resource segmentation. HyTrust Boundary Controls go much further than ever before in filling that void.”
There’s a critical need in the market for such capabilities. While virtualization and cloud computing have grown exponentially in the enterprise IT environment, they bring their share of security concerns. Just as Virtual Machines (VMs) offer huge benefits by being highly portable, there has never been an automated mechanism to ensure that these workloads can only be accessed via a specific, designated or trusted server in a trusted location, which is why Boundary Controls are so vital.
The National Institute of Standards and Technology (NIST) and the National Cybersecurity Center of Excellence have stated that the cloud can expose organizations to certain threats, risks and vulnerabilities brought about by the intentional or accidental movement of data across boundaries. Furthermore, this may expose organizations to legal, policy and regulatory risks, and, therefore, “root of trust” and geolocation capabilities are useful to facilitate faster adoption of cloud computing technologies that are safe and secure.
With HyTrust Boundary Controls, organizations can set policies for virtualized applications and data to enforce that they only run on a proven and trusted host that is physically located within defined parameters. By any definition, this significantly reduces the potential for theft or misuse of sensitive data, or any violation of regulatory compliance.
Boundary Controls have three primary use cases:
- Geographic Boundary: Many organizations must comply with regional mandates. For example, privacy and data sovereignty laws—like those in Australia, Canada, and Europe—specifically require certain data to stay within country borders. As organizations expand cloud deployments, there’s increasing concern about how easily virtualized data sets can be moved across national boundaries or legal jurisdictions – accidentally or maliciously. As companies put mission critical systems that contain IP, credit card, healthcare, or other confidential information into cloud environments, they need assurance that their VMs and data will stay within their location jurisdictions in order to reduce liabilities.
- Security Level: Organizations have long followed security practices geared to keep data from different risk classifications physically separated, usually by “air gapping” servers and applications. HyTrust Boundary Controls allow organizations to maintain and enforce this separation in virtualized environments, ensuring, for example, that workloads associated with one mission cannot be run on servers for another mission.
- Availability Level: This function lets IT departments classify and automatically validate that the hardware in place meets the appropriate availability requirements for a given workload, ensuring that a mission-critical application cannot accidentally be moved to less-optimal configurations.