HighCloud Security Beefs Up Data Security, Privacy, Key Management for All Clouds
HighCloud Security is shipping an update to its cloud encryption and key management software for data and virtual machine security. HighCloud Security 2.0 lets enterprise IT and cloud service providers lock down data in all private, public and hybrid clouds. IDN speaks with HighCloud CTO and co-founder Steve Pate.
HighCloud Security is shipping an update to its cloud encryption and key management software for data and virtual machine security. HighCloud Security 2.0 lets enterprise IT and cloud service providers lock down data in all private, public and hybrid clouds.
HighCloud Security 2.0 aims to reduce attack vectors, de-mystify encryption for IT admins moving to clouds, and remove cloud-driven concerns over data privacy and compliance, according to HighCloud CTO and co-founder Steve Pate. “As organizations seek to take advantage of the elasticity and IT cost savings of the cloud, data security is often the gating factor,” Pate told IDN.
CTO and co-founder
Moreover, virtualization architectures introduce a whole new [set of] security and compliance challenges, he added. When data is distributed across virtual and physical environments, backups and snapshots can leave sensitive data highly vulnerable.
“The fact that data leaves the building and is in the hands of others [thanks to clouds] makes most IT managers very nervous,” Pate said. “Even if encryption is offered in the cloud, would you trust your provider if they hold the keys?” he asked. Putting it another way, “Would you put your family jewels in a safe and give someone else the key for it?”
To address these sleepless-night concerns, HighCloud Security provides what Pate calls an easy-to-use “drop in” solution to empower IT to use the public cloud, while keeping control and establishing protections and policies for the company data.
“You don't need the service provider to encrypt your data. You never have to worry about your data sitting on backup tapes in geographies that would concern you,” Pate said. Further, IT can safely decommission the data from the cloud with only a few mouse clicks, he added. HighCloud Security works with all public IaaS cloud environments and all cloud frameworks (OpenStack, CloudStack, etc.), Pate said.
HighCloud Security offers these key features:
- GUI-based or API-driven interfaces
- Multi-level encryption, under the hypervisor for whole VM or within the VM
- Ability to have a CSP host keys or host keys yourself
- Ability to have the Key Server run on hardware (most secure), as a VM (most flexible) or have a cluster that combines both
- Automatic rekey or dynamic key rotation capabilities. This means IT sets the date in the HighCloud policy screen, and it never needs to bring down apps/VMs.
Pate described HighCloud’s two key products, and how they secure virtual environments.
“HighCloud's Virtual Machine Vault (VMV) solution was designed to allow organizations to protect the whole VM including snapshot and suspend files. We provide for encryption of all parts of the VM and provide encrypted backup images,” Pate said.
HighCloud’s Data Security Module (DSM) provides encryption within the VM to provide a full encrypted path – all the way from the VM, the hypervisor to storage. “This alleviates any concerns around VM administrators with too much privilege,” Pate added. This seamless integration is possible because “HighCloud’s approach is transparent to hypervisor, storage or other security technologies,” he added. Notably, HighCloud’s VM-based data security module works on Linux, which is the dominant OS among public IaaS environments, Pate said.
Used together, HighCloud’s VMV and DSM (along with full multi-tenancy within the HighCloud Key and Policy Server) provides a comprehensive solution to allow cloud users to meet the new PCI virtualization guidelines, he added.
Pate also detailed the steps HighCloud follows to provide security.
HighCloud provides encryption both above the hypervisor (within Linux and Windows VMs using the Data Security Module) and below the hypervisor (using the Virtual Machine Vault) where whole VMs can be encrypted. Regardless of the choice made, administration is through the HighCloud Key and Policy Server, a fully multi-tenant, highly-available set of key servers (KPS).
Within the data center, installing and configuring the KPS/VMV combination takes less than 15 minutes or less than five minutes using the virtual appliance for VMware. Once policy has been established and the encrypted datastore mounted through the hypervisor, encrypting VMs is as easy as performing a storage VMotion/Live Migration so no need to bring applications down. The VMs are now encrypted and encrypted backups can now be generated. Furthermore, if you need to rotate encryption keys, it’s simply a matter of policy. We’ll rotate from old to new keys with no application/VM downtime.
Using the same key server, organizations can encrypt data within VMs in the public cloud. The same user interface or APIs can be used regardless of hypervisor platforms or public cloud environment (Amazon AWS, Savvis VPDC, OpenStack, CloudStack). HighCloud generates alerts (available through email) as well as audit messages which are locally available or through an external log server using standard protocols.
HighCloud Security 2.0 is available now in freemium and free trial programs.