Hemma Prafullchandra wears many hats.
As both the chief technology officer and the senior vice president for products at HyTrust (a position she has held for the last four of her six years at the company) as well as more recently its head of engineering and chief information security officer, she is also, according to her corporate bio, “an evangelist for what’s possible.”
Clearly, that is a role she takes to heart since, aside from her bevy of posts at HyTrust—a Mountain View company focused on security, compliance and control software for the virtualization of IT infrastructure—she is an outspoken industry expert in the area of the secure deployment of virtualization, especially in cloud computing. An active participant in the PCI SSC Virtualization SIG, she’s also a frequent industry speak on the topic of security and virtualization—most recently at OpenStack Summit in Atlanta in May.
“Virtualization and cloud [have created] new trends in the concentration of the threat surface, and that informs our security feature set,” Prafullchandra says. “We are making sure the industry is recognizing this in security, and working on security industry bodies on how to handle virtualization.”
From an information security standpoint, Prafullchandra admits that it is challenging championing how to secure cloud in virtualized data structures. But she underscores the progress that is already being made to secure these infrastructures, and hopes for greater collaboration as organizations develop and implement information security programs in this environment. “At every level, we need more openness and more collaboration,” she says. “People don’t know yet what they don’t know.”
Prafullchandra, for her part, knows a lot about the connection between networked environments and information security. Though she started out holding technical and management positions in networking at Critical Path and Sun Microsystems earlier in her career, she segued into security during her time at Sun in the early 1990s, where she also did foundational work on the Java 2 security model. She spent several years, between her time at Sun and her arrival at HyTrust in 2008, working as the vice president for advanced products and research at VeriSign and later as chief technology officer at FuGen Solutions, a managed provider of federated identity interoperability and compliance services.
Tim Grance, senior computer scientist at NIST, has known Prafullchandra for 10 years and frequently worked with her on projects, including a recent paper they authored on virtualization and geolocating the workload. “She has a pretty broad set of experiences…which she has been able to bring to bear,” Grance says. “A lot of people aren’t always able to apply it. She is a recognized leader in the field, and she has one it with grace and humor.”