MOUNTAIN VIEW, Calif. -- (BUSINESS WIRE) -- HyTrust Inc., the Cloud Security Automation Company, today announced that, building on technologies from Intel Corporation, it has developed powerful new capabilities to secure applications and data in virtualized data centers and the cloud. New HyTrust Boundary Controls let organizations proactively control where their virtual workloads can run, going much further than is currently possible in mitigating the risks of data mobility that virtualization and cloud create. Boundary Controls can simplify regulatory compliance, prevent data theft or misuse, and improve data center uptime.
HyTrust Boundary Controls are built upon Intel®’s asset tagging and attestation services with root-of-trust supported by Intel® Trusted Execution Technology, or Intel® TXT. This hardware-based technology can be used to establish trust of server hardware, BIOS, and hypervisor, allowing sensitive workloads to run on a trusted platform. HyTrust Boundary Controls build upon these Intel® trust technologies to support cloud application and data policies based on additional, customer-defined attributes such as location, security zone, or desired hardware configuration.
“The unprecedented growth of virtualized and cloud computing infrastructures has upended traditional security practices, and that’s a critical concern in enterprises worldwide,” said Eric Chiu, president and co-founder at HyTrust. “Virtualization, by nature, makes workloads dynamic and mobile. There’s never been a way to ensure these workloads can only run in a trusted platform within a designated geography or resource segmentation. HyTrust Boundary Controls go much further than ever before in filling that void.”
There’s a critical need in the market for such capabilities. While virtualization and cloud computing have grown exponentially in the enterprise IT environment, they bring their share of security concerns. Just as Virtual Machines (VMs) offer huge benefits by being highly portable, there has never been an automated mechanism to ensure that these workloads can only be accessed via a specific, designated or trusted server in a trusted location, which is why Boundary Controls are so vital.
The National Institute of Standards and Technology (NIST) and the National Cybersecurity Center of Excellence have stated that the cloud can expose organizations to certain threats, risks and vulnerabilities brought about by the intentional or accidental movement of data across boundaries. Furthermore, this may expose organizations to legal, policy and regulatory risks, and, therefore, "root of trust” and geolocation capabilities are useful to facilitate faster adoption of cloud computing technologies that are safe and secure.
With HyTrust Boundary Controls, organizations can set policies for virtualized applications and data to enforce that they only run on a proven and trusted host that is physically located within defined parameters. By any definition, this significantly reduces the potential for theft or misuse of sensitive data, or any violation of regulatory compliance.
Boundary Controls have three primary use cases:
Industry Weighs In
Intel’s General Manager of Cloud Security in the Data Center Group, Ravi Varanasi, said: “Customers need an assured root-of-trust, and attested parameters like location information, that can be relied upon to allow seamless movement of VMs in various cloud deployments. Our goal with Intel root-of-trust attestation solutions (backed by Intel®TXT) is to be that trusted source upon which customers can build solutions, and that’s what HyTrust has done with Boundary Controls. As enterprises become increasingly reliant on software-defined networks within virtualized and cloud infrastructures, this is exactly the kind of policy-driven control – with an assured source of such policy information – needed to enhance security and ensure compliance.”
Primary Systems Architect, Luke Youngblood, McKesson, states, “McKesson is at the forefront of private cloud adoption— a model that gives us great flexibility, scalability and cost savings. At the same time, security is a top priority for McKesson and its customers, especially given the number of compliance mandates we are subject to. Ensuring trusted systems and placement of workloads not only enables security of our customer data, but also reduces cost and overhead of compliance audits by creating logical boundaries for regulated data. HyTrust Boundary Controls offer compelling technology to support data security and compliance initiatives.”
“VCE is the leader in converged infrastructure platforms, and many of our customers run business-critical systems containing sensitive data, intellectual property and classified information,” said Jamie Erbes, vice president, Product Management, VCE. “These data sets require the highest levels of security, and location-based controls add an additional security layer that helps ensure data compliance and prevent data theft. HyTrust Boundary Controls is a great set of tools for any organization that is concerned about data sovereignty or data theft.”
“Vantiv, one of the nation’s largest payment processors uses HyTrust to provide additional control and insight over their virtual environment,” said Richard Frye, senior security engineer at Vantiv. “HyTrust Boundary Controls offer a compelling next step in virtualization security. The ability to define and control the parameters for where applications can run and data can be accessed can substantially simplify compliance and mitigate risk.”
Enterprise Strategy Group (ESG) senior principal analyst, Jon Oltsik, said: “Surveying the environment, it’s clear that the pace of adoption of cloud computing has led to a situation where security and compliance technologies and standard processes can’t keep up. The industry needs innovative new technologies like HyTrust Boundary Controls to align the undeniable benefits of virtualized data centers with information security and regulatory compliance requirements.”
About HyTrust Boundary Controls
HyTrust Boundary Controls works just as its title suggests. By defining simple policies, IT administrators can automate when and where virtual workloads are able to run. If a virtual machine is copied or removed from its defined location, it will not run at all, and the data will not be decrypted on untrusted hosts or hosts outside the defined policy. Administrators set policies using HyTrust’s Label-Based Access Controls to suit specific priorities: geography, security level or availability level. To learn more about HyTrust Boundary Controls, download the Solution Brief or attend a webinar on October 2, 2014.
Video: Learn how HyTrust Boundary Controls secures applications and data in virtualized data centers and the cloud at https://www.youtube.com/watch?v=McyXVOdMrMA.
About HyTrust (www.hytrust.com)
HyTrust is the Cloud Security Automation company. Its virtual appliances provide the essential foundation for cloud control, visibility, data security, management and compliance. HyTrust mitigates the risk of catastrophic failure— especially in light of the concentration of risk that occurs within virtualization and cloud environments. Organizations can now confidently take full advantage of the cloud, and even broaden deployment to mission-critical applications.
The Company is backed by top tier investors VMware, Cisco, Intel, In-Q-Tel, Fortinet, Granite Ventures, Trident Capital and Epic Ventures; and its partners include VMware; VCE; Symantec; CA; McAfee; Splunk; HP Arcsight; Accuvant; RSA and Intel.
HyTrust; HyTrust, Inc.; HyTrust CloudControl (HTCC); HyTrust DataControl (HTDC); HyTrust DataControl: VM Edition; HyTrust DataControl: Virtual Storage Edition; HyTrust DataControl: AWS Edition; HyTrust KeyControl (HTKC); HyTrust Appliance; HyTrust Appliance Community Edition; HyTrust Cloud Control; HighCloud; HighCloud DSM; HighCloud VMV; HighCloud Key and Policy Server; “Virtualization Under Control”; “Cloud Under Control” and “Virtualization & Cloud Under Control” are all trademarks of HyTrust, Inc. All other names and trademarks are property of their respective firms.
VCE is a registered trademark or trademark of VCE Company LLC in the United States and/or other countries.
All other names and trademarks are the property of their respective firms.