HyTrust partners with Intel

HyTrust Boundary Controls ensure tighter geographic restrictions to ease compliance, deter data theft and prevent data center downtime.

  • 10 years ago Posted in

HyTrust Inc. has announced that, building on technologies from Intel Corporation, it has developed powerful new capabilities to secure applications and data in virtualized data centers and the cloud. New HyTrust Boundary Controls let organizations proactively control where their virtual workloads can run, going much further than is currently possible in mitigating the risks of data mobility that virtualization and cloud create. Boundary Controls can simplify regulatory compliance, prevent data theft or misuse, and improve data center uptime.


HyTrust Boundary Controls are built upon Intel®’s asset tagging and attestation services with root-of-trust supported by Intel® Trusted Execution Technology, or Intel® TXT. This hardware-based technology can be used to establish trust of server hardware, BIOS, and hypervisor, allowing sensitive workloads to run on a trusted platform. HyTrust Boundary Controls build upon these Intel® trust technologies to support cloud application and data policies based on additional, customer-defined attributes such as location, security zone, or desired hardware configuration.


“The unprecedented growth of virtualized and cloud computing infrastructures has upended traditional security practices, and that’s a critical concern in enterprises worldwide,” said Eric Chiu, president and co-founder at HyTrust. “Virtualization, by nature, makes workloads dynamic and mobile. There’s never been a way to ensure these workloads can only run in a trusted platform within a designated geography or resource segmentation. HyTrust Boundary Controls go much further than ever before in filling that void.”


There’s a critical need in the market for such capabilities. While virtualization and cloud computing have grown exponentially in the enterprise IT environment, they bring their share of security concerns. Just as Virtual Machines (VMs) offer huge benefits by being highly portable, there has never been an automated mechanism to ensure that these workloads can only be accessed via a specific, designated or trusted server in a trusted location, which is why Boundary Controls are so vital.
The National Institute of Standards and Technology (NIST) and the National Cybersecurity Center of Excellence have stated that the cloud can expose organizations to certain threats, risks and vulnerabilities brought about by the intentional or accidental movement of data across boundaries. Furthermore, this may expose organizations to legal, policy and regulatory risks, and, therefore, "root of trust” and geolocation capabilities are useful to facilitate faster adoption of cloud computing technologies that are safe and secure.


With HyTrust Boundary Controls, organizations can set policies for virtualized applications and data to enforce that they only run on a proven and trusted host that is physically located within defined parameters. By any definition, this significantly reduces the potential for theft or misuse of sensitive data, or any violation of regulatory compliance.


Boundary Controls have three primary use cases:
· Geographic Boundary: Many organizations must comply with regional mandates. For example, privacy and data sovereignty laws—like those in Australia, Canada, and Europe—specifically require certain data to stay within country borders. As organizations expand cloud deployments, there’s increasing concern about how easily virtualized data sets can be moved across national boundaries or legal jurisdictions – accidentally or maliciously. As companies put mission critical systems that contain IP, credit card, healthcare, or other confidential information into cloud environments, they need assurance that their VMs and data will stay within their location jurisdictions in order to reduce liabilities.
· Security Level: Organizations have long followed security practices geared to keep data from different risk classifications physically separated, usually by “air gapping” servers and applications. HyTrust Boundary Controls allow organizations to maintain and enforce this separation in virtualized environments, ensuring, for example, that workloads associated with one mission cannot be run on servers for another mission.
· Availability Level: This function lets IT departments classify and automatically validate that the hardware in place meets the appropriate availability requirements for a given workload, ensuring that a mission-critical application cannot accidentally be moved to less-optimal configurations.


Intel’s General Manager of Cloud Security in the Data Center Group, Ravi Varanasi, commented: “Customers need an assured root-of-trust, and attested parameters like location information, that can be relied upon to allow seamless movement of VMs in various cloud deployments. Our goal with Intel root-of-trust attestation solutions (backed by Intel®TXT) is to be that trusted source upon which customers can build solutions, and that’s what HyTrust has done with Boundary Controls. As enterprises become increasingly reliant on software-defined networks within virtualized and cloud infrastructures, this is exactly the kind of policy-driven control – with an assured source of such policy information – needed to enhance security and ensure compliance.”
 

TMF Group, a leading provider of critical administrative services for global businesses, turned to...
Strengthening its cloud credentials as part of its mission to champion the broader UK tech sector...
Nearly all UK IT managers surveyed (98%) state cloud investment is an organisational priority for...
LetsGetChecked is a global healthcare solutions company that provides the tools to manage health...
Node4 to the rescue.
Commvault provides cloud-first organisations with greater choice and flexibility to protect and...
On the morning of September 20, Executive Director of the Board of Huawei and CEO of Huawei Cloud...
Global IT Business-to-Business (B2B) revenues, coming from data centers, IT services and devices,...