Encrypting Virtual Machines with HyTrust’s New Acquisition: HighCloud Security

I recently pounced on the opportunity to sit down with Eric Chiu, the President and Co-Founder of HyTrust, to talk about his company’s security solution and their recent acquisition of HighCloud. Stick a pin in the HighCloud bit – we’ll come back to that – and let’s first look at the HyTrust Appliance. I’ll admit that I only had a cursory knowledge of the solution until recently, and am very glad that I was able to go deeper on the tech.

vSphere is rather lackluster with auditing and logging features. I’m not talking about collection and analytics around the logs, which is solved with products like Splunk or vCenter Log Insight, but rather the vSphere environment itself offers only minimal amounts of data and protection. One also has to delve through vast collections of hardening guides in order to “tune” vSphere into being a bit more of a closed system. For instance – how difficult it is to determine and audit which administrator changed the amount of RAM on a virtual machine? Or who is logged into a vSphere host with SSH using the root account?

HyTrust Appliance

This is where the HyTrust Appliance looks to make a difference. It transparently shims itself into the middle of all transactions that occur between you and the various management systems (vSphere Client, Web Client, SSH, etc.) as a proxy device. You or your administrators do not realize you’re going through the HyTrust Appliance, so there is no need to learn a new interface.

hytrust-appliance

Because the appliance can see all of the commands being issued to the management endpoint, such as vCenter, it can also do a number of really neat things based on the policies and rules created. This includes the ability to determine who can connect, what they can see, and what actions can be taken once connected – including approvals. Eric brought up a good example – an administrator connects into vSphere and goes to delete a production VM. The production environment requires IT management approval before a delete action can occur. The HyTrust Appliance fires off a request email to IT management to ensure they want the VM deleted. If approved, the HyTrust Appliance executes the command, and if not the command is dropped. Imagine if the administrator was accidentally trying to delete the wrong VM, or was maliciously doing it, or someone had accessed his or her account to perform the delete – lots of great use cases here.

Vaulting Root Access

HyTrust can also vault root accounts, meaning the administration of root passwords is placed in the care of the HyTrust Appliance. Administrators can check out root access without actually knowing the root password. This eliminates two major issues that I see in many vSphere environments:

  1. Everyone knows the root password, because it was set universally on all hosts and was shared out.
  2. No one knows who connected in as root to goof something up, because of item #1 – this is impossible to audit.

hytrust-router-mode

Automated Hardening and Platform Integrity

In this software defined data center (SDDC) driven world, automation is king. The idea is to abstract, pool, and automate. This resonated with me when talking to Mr. Chiu about policy driven security with the appliance. Their solution has the ability to pull in the latest hardening guide recommendations, compliance requirements (think HIPPA or SOX), or custom security requirements, and lay them over the vSphere host. As new hosts are brought into the environment, this same policy driven management system will apply the security enforcement to the new host. The leg work goes into creating the policy in a wire-once format, and is then repeatable via policy.

Workloads can also be tethered to specific hosts that qualify as “trusted” by policy. Examples include hosts that have been hardened for security, meet a compliance requirement, have been tagged for a specific use case, or have a required hardware function such as Intel TXT (Trusted Execution Technology). If an administrator attempts to migrate a workload to an untrusted host, the migration will be blocked. If you’re into compliance and have to prove that your virtual workload has never operated in an untrusted environment, this sounds super handy.

hytrust-dashboard

Acquisition of HighCloud Security

Assuming your management facing connections are secured by HyTrust, the next evolution is securing the virtual workload. This is where HighCloud Security comes into the fold. Their solution can use encryption to protect the virtual machine itself, which includes any snapshots or suspended VMs. There are two pretty big wins around this:

  • Cloud Mobility – If you find a business case to migrate from one cloud provider to another, you can feel safe that any data left on the old cloud provider’s servers is worthless (I called this the Virtual Shredder, and Eric called it a Virtual Brick – which one is more clever?)
  • Data Security – Should something happen to your workloads in the cloud provider’s environment, such as theft of the virtual machine, the data is encrypted and worthless to the thief

As per Mr. Chiu –

“HyTrust represents the control point for cloud management, providing automated policy-based security for private cloud environments that can enable both trusted hybrid clouds and ‘cloaked’ public clouds. HighCloud encryption, meanwhile, can be deployed in private, hybrid and public clouds, ensuring data security and privacy as organizations migrate between these environments.”

hytrust-info

The solution is licensed on a per-VM basis, which makes sense to me. It’s an easy cost model to pass along to the business, and many service request dashboards offer the ability to bundle in custom costs. I would just add an “encrypt VM” option for a set price. HyTrust plans to develop other licensing programs over time for a combined solution of HyTrust + HighCloud, but today they are separate – the HyTrust Appliance solution is licensed on a per CPU socket of each VMware host protected.