Sarbanes Oxley : Technology : Data Governance
HyTrust Partners with Intel to Enhance Security
HyTrust Boundary Controls ensure tighter geographic restrictions to ease compliance, deter data theft and prevent data center downtime
Founder & President
HyTrust Inc., the Cloud Security Automation Company, has announced that, building on technologies from Intel Corporation, it has developed powerful new capabilities to secure applications and data in virtualized data centers and the cloud. New HyTrust Boundary Controls let organizations proactively control where their virtual workloads can run, going much further than is currently possible in mitigating the risks of data mobility that virtualization and cloud create. Boundary Controls can simplify regulatory compliance, prevent data theft or misuse, and improve data center uptime.
“Vantiv, one of the nation’s largest payment processors uses HyTrust to provide additional control and insight over their virtual environment”
HyTrust Boundary Controls are built upon Intel®’s asset tagging and attestation services with root-of-trust supported by Intel® Trusted Execution Technology, or Intel® TXT. This hardware-based technology can be used to establish trust of server hardware, BIOS, and hypervisor, allowing sensitive workloads to run on a trusted platform. HyTrust Boundary Controls build upon these Intel® trust technologies to support cloud application and data policies based on additional, customer-defined attributes such as location, security zone, or desired hardware configuration.
“The unprecedented growth of virtualized and cloud computing infrastructures has upended traditional security practices, and that’s a critical concern in enterprises worldwide,” said Eric Chiu, president and co-founder at HyTrust. “Virtualization, by nature, makes workloads dynamic and mobile. There’s never been a way to ensure these workloads can only run in a trusted platform within a designated geography or resource segmentation. HyTrust Boundary Controls go much further than ever before in filling that void.”
There’s a critical need in the market for such capabilities. While virtualization and cloud computing have grown exponentially in the enterprise IT environment, they bring their share of security concerns. Just as Virtual Machines (VMs) offer huge benefits by being highly portable, there has never been an automated mechanism to ensure that these workloads can only be accessed via a specific, designated or trusted server in a trusted location, which is why Boundary Controls are so vital.
The National Institute of Standards and Technology (NIST) and the National Cybersecurity Center of Excellence have stated that the cloud can expose organizations to certain threats, risks and vulnerabilities brought about by the intentional or accidental movement of data across boundaries. Furthermore, this may expose organizations to legal, policy and regulatory risks, and, therefore, "root of trust” and geolocation capabilities are useful to facilitate faster adoption of cloud computing technologies that are safe and secure.
With HyTrust Boundary Controls, organizations can set policies for virtualized applications and data to enforce that they only run on a proven and trusted host that is physically located within defined parameters. By any definition, this significantly reduces the potential for theft or misuse of sensitive data, or any violation of regulatory compliance.
Boundary Controls have three primary use cases:
Geographic Boundary: Many organizations must comply with regional mandates. For example, privacy and data sovereignty laws—like those in Australia, Canada, and Europe—specifically require certain data to stay within country borders. As organizations expand cloud deployments, there’s increasing concern about how easily virtualized data sets can be moved across national boundaries or legal jurisdictions – accidentally or maliciously. As companies put mission critical systems that contain IP, credit card, healthcare, or other confidential information into cloud environments, they need assurance that their VMs and data will stay within their location jurisdictions in order to reduce liabilities.
Security Level: Organizations have long followed security practices geared to keep data from different risk classifications physically separated, usually by “air gapping” servers and applications. HyTrust Boundary Controls allow organizations to maintain and enforce this separation in virtualized environments, ensuring, for example, that workloads associated with one mission cannot be run on servers for another mission.
Availability Level: This function lets IT departments classify and automatically validate that the hardware in place meets the appropriate availability requirements for a given workload, ensuring that a mission-critical application cannot accidentally be moved to less-optimal configurations.
Industry Weighs In
Intel’s General Manager of Cloud Security in the Data Center Group, Ravi Varanasi, said: “Customers need an assured root-of-trust, and attested parameters like location information, that can be relied upon to allow seamless movement of VMs in various cloud deployments. Our goal with Intel root-of-trust attestation solutions (backed by Intel®TXT) is to be that trusted source upon which customers can build solutions, and that’s what HyTrust has done with Boundary Controls. As enterprises become increasingly reliant on software-defined networks within virtualized and cloud infrastructures, this is exactly the kind of policy-driven control – with an assured source of such policy information – needed to enhance security and ensure compliance.”
Primary Systems Architect, Luke Youngblood, McKesson, states, “McKesson is at the forefront of private cloud adoption— a model that gives us great flexibility, scalability and cost savings. At the same time, security is a top priority for McKesson and its customers, especially given the number of compliance mandates we are subject to. Ensuring trusted systems and placement of workloads not only enables security of our customer data, but also reduces cost and overhead of compliance audits by creating logical boundaries for regulated data. HyTrust Boundary Controls offer compelling technology to support data security and compliance initiatives.”
“VCE is the leader in converged infrastructure platforms, and many of our customers run business-critical systems containing sensitive data, intellectual property and classified information,” said Jamie Erbes, vice president, Product Management, VCE. “These data sets require the highest levels of security, and location-based controls add an additional security layer that helps ensure data compliance and prevent data theft. HyTrust Boundary Controls is a great set of tools for any organization that is concerned about data sovereignty or data theft.”
“Vantiv, one of the nation’s largest payment processors uses HyTrust to provide additional control and insight over their virtual environment,” said Richard Frye, senior security engineer at Vantiv. “HyTrust Boundary Controls offer a compelling next step in virtualization security. The ability to define and control the parameters for where applications can run and data can be accessed can substantially simplify compliance and mitigate risk.”
Enterprise Strategy Group (ESG) senior principal analyst, Jon Oltsik, said: “Surveying the environment, it’s clear that the pace of adoption of cloud computing has led to a situation where security and compliance technologies and standard processes can’t keep up. The industry needs innovative new technologies like HyTrust Boundary Controls to align the undeniable benefits of virtualized data centers with information security and regulatory compliance requirements.”
About HyTrust Boundary Controls
HyTrust Boundary Controls works just as its title suggests. By defining simple policies, IT administrators can automate when and where virtual workloads are able to run. If a virtual machine is copied or removed from its defined location, it will not run at all, and the data will not be decrypted on untrusted hosts or hosts outside the defined policy. Administrators set policies using HyTrust’s Label-Based Access Controls to suit specific priorities: geography, security level or availability level. To learn more about HyTrust Boundary Controls, download the Solution Brief or attend a webinar on October 2, 2014.
HyTrust is the Cloud Security Automation company. Its virtual appliances provide the essential foundation for cloud control, visibility, data security, management and compliance. HyTrust mitigates the risk of catastrophic failure— especially in light of the concentration of risk that occurs within virtualization and cloud environments. Organizations can now confidently take full advantage of the cloud, and even broaden deployment to mission-critical applications.
The Company is backed by top tier investors VMware, Cisco, Intel, In-Q-Tel, Fortinet, Granite Ventures, Trident Capital and Epic Ventures; and its partners include VMware; VCE; Symantec; CA; McAfee; Splunk; HP Arcsight; Accuvant; RSA and Intel.