A cloud security automation company will announce this week the addition of several features to its flagship software that will improve the ability of businesses to secure their virtual workloads by locations, security zones, and hardware configurations.
HyTrust software allows enterprises to secure their data in the cloud and in virtualized data centers by providing tools to encrypt data and determine access privileges. HyTrust Cloud Control allows businesses to segment different parts of their virtual networks by providing privileges to only those people who need it. Heads of different departments, for instance, can access only the data they need to access, and admins can be restricted from performing potentially dangerous actions, such as the deletion of entire virtual operating systems, by utilizing protections that require confirmation from two or more different administrators to complete such volatile tasks.
HyTrust makes it possible for businesses to control access rights to different types of data, but what happens when they want to control where data can be accessed? Suppose a virtual workload is only allowed to run in a certain geographical location, such as in the U.S., and for regulatory reasons, it is not allowed to run outside the country's borders. The addition of HyTrust Boundary Controls provides even more power for admins to decide how, and now where, trusted users can access certain data.
In his company's announcement, Eric Chiu, president and co-founder at HyTrust commented on the growing need for virtual environment protections and the capabilities of Boundary Controls.
"The unprecedented growth of virtualized and cloud computing infrastructures has upended traditional security practices, and that's a critical concern in enterprises worldwide," Chiu said. "Virtualization, by nature, makes workloads dynamic and mobile. There's never been a way to ensure these workloads can only run in a trusted platform within a designated geography or resource segmentation. HyTrust Boundary Controls goes much further than ever before in filling that void."
Boundary Controls works by taking advantage of Intel (News - Alert) Trusted Execution Technology (TXT) that allows hardware to be marked for use only in trusted environments. It provides attestation by determining the authenticity of hardware and operating systems and makes sure the OSs boot in trusted environments. It can establish trust with hardware, BIOS, and hypervisors to make sure sensitive workloads only run in the environments for which they are intended.
"This is really what is needed in the cloud," he said. "Without automated processes, this is a highly-dangerous environment."
Specifically, he addressed the need for businesses to be able to focus on their operations without having to worry about the security of their data in potentially hazardous cloud environments. The availability of businesses to run their entire operations in the cloud means that the whole of their data could be stolen or deleted with a simple command, and in a matter of seconds, if not properly secured. Traditional firewalls cannot defend against admins who already have access to trusted systems, so it is no wonder that businesses stress about the need for internal and external security.
Within a business's walls, HyTrust automates security controls by determining the trust levels of employees within those walls, and it makes sure that people are only allowed to access the content to which they are privileged. If they are not privileged, they do not get in, and admins who are privileged enough to view all system contents are contained by secondary controls that require multiple parties to confirm the most dangerous of actions.
"If you can secure private and public cloud workloads and allow organizations to have [control] over their virtual environments," Chiu continued, "that's huge."
Now, Boundary Controls makes it easier for businesses to automatically protect their data from being accidentally or purposefully (maliciously) operated in hardware environments or physical locations where it was not originally intended. Data will remain encrypted until Intel TXT proves that it is trustworthy, and admins can continue operating their core business functions without a second thought on security.