Cloud Security Automation company HyTrust has partnered with Intel to help secure applications and data in virtualized data centers, with a new feature called HyTrust Boundary Controls.
The new controls leverage Intel's Trusted Execution Technology (TXT) to provide processor-level attestation of the hardware, BIOS and hypervisor to help keep workloads safe from malware and rootkits. Intel Capital joined VMware, Fortinet and In-Q-Tel last year in an $18.5 million financing round for HyTrust.
Trusted Geolocation in the cloud
Workloads have become increasingly portable across virtualized computing infrastructures in the enterprise, leaving security and compliance teams scrambling to track and secure resources and enforce policies.
HyTrust says that its new Boundary Controls allow organizations to set policies for virtualized applications and data to enforce that they run on a proven and trusted host that is physically located within defined parameters. These automated mechanisms then ensure that workloads can only be accessed via a specific, designated or trusted server in a trusted location. The company says this will help reduce the potential for theft or misuse of sensitive data, or any violation of regulatory compliance.
The geo-fencing capabilities work just like title suggests, HyTrust says. Boundary Controls policies set when and where virtual workloads are able to run. With these controls in place, "if the virtual machine is copied or removed from its defined location, it will not run at all, and the data will not be decrypted on untrusted hosts."
Besides policy control by country, state, county or province, HyTrust Label-Based access controls can segment data and data centers based on risk classification or level of confidentiality. An availability control allows IT to classify and validate that hardware in place meets the appropriate availability requirements for a given workload.
Ravi Varanasi, General Manager of Cloud Security at Intel said "customers need an assured root-of-trust and attested parameters like location information that can be relied upon to allow seamless movement of VMs in various cloud deployments. As enterprises become increasingly reliant on software-defined networks within virtualized and cloud infrastructures, HyTrust Boundary Controls are exactly the kind of policy driven control with an assured source of such policy information needed to enhance security and ensure compliance."
Intel added hardware assisted security such as TXT and Intel AES New Instructions (Intel AES-NI) in the Xeon E5 architecture years ago. Intel's TXT hardware technology stemmed from the Trusted Platform Module (TPM), which is based on an initiative from the Trusted Computing Group (TCG), which aimed to defend against software-based attacks that attempted to change a platform's configuration. TCG and the Trusted Platform Module have since worked with numerous international standards and have been published as ISO/IEC 11889 parts 1-4. Intel's TXT is used in a variety of hardware and software platforms, such as Dell, Hitachi, IBM, Quanta, Red Hat, Supermicro, VCE, VMware and others.