2 min read

Cloud provider offers location-based VM protection

CloudSecurity & Privacy

The advantage of virtualization is that it lets administrators put virtual machines anywhere in the cloud. The disadvantage of virtualization is that unless secured they can be copied by anyone and taken anywhere.

HyTrust Inc. which makes virtualization and cloud security solutions sold through the channel and direct, believes it has taken a step closer to closing the doors on the problem

The Mountain View, Calf., company  already makes Cloud Control for giving policy and audit control over administrative operators for virtual environments, and Data Control for encrypting VMs.

But on Tuesday it will announce Cloud Control 4.0, to be released  at the end of the month, will include the ability to set boundary controls, which leverages the latest location identification capability in Intel Xeon CPUs with  Trusted  Execution Technology (TXT).

Briefly, because TXT can identify where hosts are, it means IT administrators can use HyTrust software to set policies on where VMs can reside, be encypted and decrypted.

“We’ve inherently solved what is the biggest (security) issue around virtualization, which is portability” with Boundary Control, Eric Chiu, president and co-founder of HyTrust, said in an interview.

First, a little background: Since Intel introduced TXT some four years ago, it makes sure when physical servers boot their BIOS and hypervisors haven’t been tampered with. Cloud Control uses that information for the setting of security policies by tagging physical and virtual hosts. Data Control extends protection with encryption.

With the ability now to set physical boundary controls on VMs by reading the new information in TXT. administrators can go one step further. In Cloud Control  Chiu said, “we can then enforce policy to say ‘German VMs can only run on a German located host, classified data can only run on a classified host.or virtual machines with my intellectual property can only run within my four walls — you can’t copy that machine and spin it up in Amazon.’

Through Data Control, administrators can set policy to allow data to be decrypted in approved locations.

Formed almost seven years ago, HyTrust’s investors include Intel, VMware and Cisco Systems Inc. Not surprisingly, Cloud and Data Control are sold through VCE Inc.the partnership between the trio for selling converged stacks of server, storage and networking solutions.

It also sells through channel partners of Symantec (which white labels its solutions) Intel’s McAfee division, Cisco, Trend Micro and CA Technologies.

Organizations can also buy HyTrust through system integrators. In Canada, one of them is Ottawa’s Northern Micro.

Chiu said HyTrust wants to extend its presence here, are looking for more partners and recently hired a Toronto-based sales director. “We’re starting to see the Canadian market happening,” he said. “We really need to be present to win. We’ve got a pretty broad sales team across North America now, so we hired in Canada. Next year we’ll expand to Europe.”