We have written before about HyTrust and its growing ecosystem of partners, but now HyTrust has acquired HighCloud Security, a provider of encryption and key management for the virtual and IaaS environments. HyTrust provides control and visibility into actions by virtualization administrators within a VMware vSphere or vCloud environment. With the acquisition of HighCloud Security, HyTrust now adds data privacy to its suite of tools. Initially, HighCloud Security’s encryption and key management will be separate products, but there are many ways in which the technologies can be combined. The purchase changes HyTrust’s unique stance in the industry.
HyTrust has provided the following infographic (Figure 1) to explain the reasons behind its acquisition of HighCloud Security. They were missing the data privacy component within private and public IaaS clouds.
Yet, as we know from the article Virtualizing Business Critical Applications – Integrity & Confidentiality, encryption is quite important to virtual environments and to private and public IaaS based clouds. There is no one place in which encryption can currently be placed within the virtual environment where the administrator of that virtual environment cannot get information to decrypt the data. Encryption is either too low, and the resultant data is readily available after it is read from the storage device, or it just requires the administrator (or a really good electronic copy) to run a set of administrator-only commands to dump memory and therefore be able to decrypt the virtual machine disk files. HighCloud Security provides an encrypting virtual storage appliance that fits within the stack above and below the layers discussed. This is the nature of virtual storage appliances. To combat the additional security issues this presents, you require operational security to be in place. This is the only answer I have come up with to some of my Security Questions from VMworld 2013.
HyTrust provides operational controls to ensure that the dangerous commands that allow data spying can not be run and that the administrator will not be able to immediately access the virtual disk data, while HighCloud Security provides the data at rest encryption required by many security and compliance policies. The combination solves many security problems. I hope to see finer integration, perhaps a set of automatic rules to be put into effect within HyTrust, if HighCloud Security is also in use (at the very least).
The union also gives HyTrust a ready-made non-VMware IaaS based product that can run within AWS and other locations. This shows that the future direction of HyTrust is to become multi-hypervisor and also to control administrative access within IaaS cloud environments. Most virtualization security experts for VMware vSphere would generally advise putting HyTrust in play, as it lends control and visibility into administrator actions. HyTrust is as important as it ever was. When you add in encryption, it becomes even more important. I do not see this changing, but I do see direct competition with other encryption vendors. As long as the HyTrust products stay unbundled, the competition should only impact the HyTrust HighCloud Security product.
This is just a first step for HyTrust on its way to become more of a player within the non-VMware virtual and cloud environments and provide products to fit within other areas of the secure hybrid cloud.