HighCloud security has an offering which allows to encrypt VMware vSphere, vCD public or private based workloads. The technology will be able to protect data by encrypting data at rest, where HyTrust was offering up to now, a security and hardening of the whole vSphere infrastructure via policies which for example are used to setup a two persons approval process before action. So this acquisition will bring an additional layer of security by encrypting sensitive data automatically, based on policies.
Via Hytrust you can protect for example VMs, datastores or other objects of vSphere infrastructure via policy. And deletion of those objects would need an approval from another person. We all can Imagine an admin wanting to delete some objects, because of X reasons… There is also an error deletion which can be prevented as well.
HyTrust's aproach is simple. Their product deploys itself as virtual appliance and acts as a router and proxy. So before you hit vCenter to authenticate yourself, to access your infrastructure the communication must pass through the HyTrust product. ALL the management traffic must pass through the appliance. Direct host root accounts are replaced by AD authentication and if host isn't part of a domain, then HyTrust supplly an account which offers the root level access, but only to the person who has the right level of access. HyTrust Appliance also uses root password vaulting, which enables certain administrators to check out a temporary password for one-time access.
The plans according to the roadmap are, to bring both products together, to be deployed as a vApp and managed through an unique single management console. I wasn't aware, but Hytrust is is backed by top tier investors VMware, Cisco Systems, Intel Corporation.
Find the details from the acquisition below:
HyTrust Acquires HighCloud Security
Integrating administrative visibility and control with encryption and key management offers unprecedented security for cloud environments
MOUNTAIN VIEW, Calif. – November 7, 2013 – HyTrust Inc., the Cloud Security Automation Company, today announced that it has acquired HighCloud Security, a leader in cloud encryption and key management software. By combining HyTrust’s powerful administrative visibility and control with HighCloud’s strengths in encryption and key management, the acquisition offers customers of both companies an unprecedented level of flexibility in addressing security, compliance and data privacy requirements in in all cloud environments—private, public and hybrid.
“With the increasing prevalence of data breaches, leaks of classified information by insiders, and surveillance in the cloud, data security and privacy are more important than perhaps ever before,” said HyTrust CEO John De Santis. “Cloud computing in all its forms has become the top technology priority for every enterprise, and that’s why we’ve quadrupled our growth at HyTrust in just the past year. By bringing HighCloud Security’s market-leading technologies into the HyTrust family of solutions, we can take to market the strongest protection for virtualized cloud infrastructure available anywhere.”
The combined offering from HyTrust and HighCloud enables ‘cloaked’ private, hybrid and public clouds and helps address three of the primary security concerns in cloud environments. These are:
- The broad level of access available to privileged users with malicious intent (or those who acquire their credentials)
- Breaches and other data center disasters caused not by criminal intent but through human error or misconfiguration
- Challenges involved in maintaining the security and privacy of the data itself
While these issues don’t always get the attention they deserve, security executives are certainly aware of the concerns that stem from in-house misuse. A recent report1 from Forrester Research notes that insiders rather than extraneous criminal elements were the top source of breaches in the past 12 months, and 36% of them were caused not by malfeasance but by inadvertent misuse of data by employees.
In this environment, HyTrust and HighCloud Security offer unique and complementary strengths to the market.
Eric Chiu, president and founder of HyTrust, said: “HyTrust represents the control point for cloud management, providing automated policy-based security for private cloud environments that can enable both trusted hybrid clouds and ‘cloaked’ public clouds. HighCloud encryption, meanwhile, can be deployed in private, hybrid and public clouds, ensuring data security and privacy as organizations migrate between these environments.”
Cloud computing, and the security concerns that go with it, remain a top priority for most organizations. According to technology analyst firm Gartner Inc., nearly half of large enterprises have deployed a private cloud service and three-fourths expect to have hybrid cloud deployments by 2015.2 A full 80% of organizations intend to use cloud services in some form within the next year, while 60% plan to increase their investment in the next two to five years.3
Chiu continued: “The service also enables a unique level of ‘walk-way’ freedom by making it possible to securely change cloud providers or decommission from the cloud without having to worry about data being left behind. This also makes it easier for corporations to achieve compliance with regulations such as HIPAA and PCI.”
While the technologies can already be used together, the HighCloud solution will in the future be integrated into HyTrust to more tightly bind administrative controls with data security in cloud environments, making encryption and key management invisible to the end user. HighCloud’s engineering team will join HyTrust, continuing to provide support and maintenance to existing customers, and moving forward with the development of HighCloud’s technology roadmap.
“HighCloud and HyTrust have had many ties over the years and solve complementary problems for customers,” said Bill Hackenberger, co-founder, president and CEO of HighCloud Security. “Together, HyTrust and HighCloud give enterprises unprecedented ability to address security, compliance and data privacy requirements for all cloud environments, private, hybrid and public.”
Industry Analysts, Customers & Partners Approve
Todd Pavone, executive vice president of Product Development and Strategy at VCE, the industry leader in Converged Infrastructure, explained, “Security is critical to the adoption of cloud computing. HyTrust's acquisition of HighCloud Security is a home run— it greatly enhances the level of security in a range of evolving user environments while easing the implementation of new technologies.”
Wayne Pauley, senior analyst at Enterprise Strategy Group, said, “HyTrust sits at the center of an important IT ecosystem, providing the control, security configuration, compliance assurance and visibility needed to reap the benefits of the cloud. With HighCloud, HyTrust adds strong, cloud-optimized data security to its portfolio – a critical requirement for data protection and compliance. And customers gain improved security for data at rest – enabling the same level of visibility in the new virtual datacenter as its physical counterparts.”
Jeff Byrne, senior analyst & consultant, Taneja Group, said, “In the move towards software-defined data centers, HyTrust is a key enabler for software-defined security with the ability to automate and orchestrate controls across the cloud. The HighCloud acquisition is a major step that supports HyTrust’s vision of enabling automated, policy-based security for the cloud to prevent breaches and data center disasters.”
Shannon Poulin, vice president of marketing for Intel's Datacenter and Connected Systems Group, said, “HyTrust is a strategic collaborator in Intel’s software-defined infrastructure initiative, which allows security to be automated and provisioned on-demand across private, hybrid, and public clouds in order to safeguard data, maintain compliance, and increase SLAs. HyTrust’s addition of automated encryption and key management, combined with Intel AES-NI acceleration, gives organizations even greater confidence to run their most mission-critical workloads in the cloud while retaining the highest level of data security and privacy.”
Dave Shackleford, founder of Voodoo Security, said, “HyTrust has built a strong position for protecting against the insider threat in virtualized datacenters. HighCloud encryption and key management effectively secures the data in these environments, as well as in public clouds. This acquisition gives HyTrust an interesting opportunity to expand its market position, providing tighter controls over both people and data in the cloud.”
Eric Novikoff, COO of ENKI, a cloud service provider, said, “Security and data privacy are paramount for our customers, especially those with compliance requirements. The combined strengths of HyTrust and HighCloud technologies make this a truly compelling solution that helps us mitigate customer concerns and expand our offering to more security-sensitive customers.”
Derek Brink, vice president and research fellow for IT Security, Aberdeen Group, said, “Aberdeen’s research has consistently shown that security, compliance, and visibility are among the leading inhibitors to even faster adoption of virtualization and cloud. It has also shown that augmenting the security capabilities of cloud solution providers, while retaining enterprise visibility and control, corresponds with about one-third less cost per application per year, driven in part by better security and in part by more consistent and efficient operations. HyTrust’s acquisition of HighCloud Security is very much in line with these findings, and should be seen as a good move for both companies and their respective customers and business partners.”
Forrester analysts John Kindervag, Stephanie Balaouras, Rick Holland and Heidi Shey reported4, “Increasingly, customers want vendors to embed more security functionality into a single service or product. Consolidated offerings give security and risk (S&R) professionals more visibility and control into their environment and they also reduce the operational complexity and cost of managing individual point products.” They continue, “Forrester’s Zero Trust model states that S&R pros must eliminate the idea of an internal trusted network and an untrusted external network. Three concepts underpin Zero Trust. S&R pros must: 1) verify and secure all resources regardless of location; 2) limit and strictly enforce access control across all user populations, devices, channels, and hosting models; and 3) log and inspect all traffic, both internal and external.” HyTrust is delivering the highest levels of visibility and control for cloud environments as would be available for physical datacenters. And it has further consolidated the broadest range of capabilities under one umbrella so that organizations can ensure strong security and compliance.
HyTrust will conduct a webinar on Wednesday, November 20, 2013 at 2:00 PM (EST) to communicate this news in greater detail and demonstrate how, with this move, the company is enabling end-to-end security for cloud environments. Please register here: www.hytrust.com/highcloud
About HighCloud Security
Founded by Silicon Valley veterans, Bill Hackenberger and Steve Pate, HighCloud Security offers encryption and key management software designed specifically to address the unique security challenges of virtualized server infrastructures. Virtual machines are mobile, dynamic and contain specific files that can contain sensitive data even when the VMs are dormant. HighCloud addresses these specific vulnerabilities with strong encryption that travels with each VM, encrypts even snapshot and suspended files, and allows organizations to secure data in private, public and hybrid clouds.
About HyTrust (www.hytrust.com)
Cloud Under Control™
Headquartered in Mountain View, CA, HyTrust® is the Cloud Security Automation (CSA) company. HyTrust delivers the essential real-time control, security, administrative account monitoring, logging and compliance assurance necessary to enable the benefits of cloud adoption and virtualization of critical workloads. The Company is backed by top tier investors VMware, Cisco Systems, Intel Corporation, In-Q-Tel, Fortinet, Granite Ventures, Trident Capital, and Epic Ventures; its partners include VMware, VCE, Symantec, CA, McAfee, Splunk; HP Arcsight, Accuvant, RSA and Intel Corporation.