Network Security

2014 Industry Innovators: Virtualization and cloud security

The year's Innovators in this group focus on security management in a cloud or virtual environment. Given that the cloud is a business construct rather than a technical one it is necessary to manage both the business and technical aspects of cloud computing. That means that security management must address the challenges of the virtual environment while similarly addressing the issues of shared systems, such as public clouds. Legal, contractual and business restrictions limit the organization's ability to control its security destiny in a cloud environment, so creativity is required to get the security job done.

Our Innovators do, in fact, get the job done – but in somewhat different ways. In one case the goal is managing the software-defined data center – the virtualized world – as if it was a legacy physical plant. This allows traditional approaches to data center management to translate to the virtual without losing the new levels of control demanded by a hypervisor-mediated operating environment. It does this by virtualizing the suite of management tools necessary to control security on the system and allow those tools to act across the software-defined enterprise.

The other Innovator focuses its efforts in the cloud where its virtual appliances manage security by forming what amounts to an encapsualization separate from the external environment. It does this using a specialized virtual appliance that interacts cleanly with the organization's virtual deployment without interfering with the underlying virtualization.

Because I operate a virtual environment at the university where I am CISO, we always are intrigued by innovations in this area. Both of these Innovators have been on our radar for a while and we think that they have the recipe for cloud and virtual security down just right. Ease of use and deployment, seamless integration with the underlying virtual system, and effective security are the hallmarks of this type of product. Both of our Innovators have that nailed.

This category is another one where we have seen some convergence and we expect a significant collection of Innovators here next year. For now, however, we think these two are at the top of the heap.

Vendor: HyTrust 

Flagship product: HyTrust CloudControl v4.0 and HyTrust DataControl v2.6 

Cost: Cloud control: starts at $63,750 for a single data center site with 20 ESXi CPU sockets; Data control: for 101-1000 VMs, the cost would be $45,250 per year, which includes high redundancy for up to eight clustered key management virtual appliances. 

Innovation: Virtual cloud-based datacenter security. 

Greatest strength: Innovative product that provides robust security to the cloud-based software datacenter.


While HyTrust is not new to the Innovators section, they bring back a whole suite of new innovations this year. HyTrust looked at the new trends of cloud-based datacenter virtualization and realized that there was a tremendous need for security mechanisms to complement virtualized infrastructures. Much in the way that locking rack cabinets prevent unauthorized access to hardware, HyTrust locks down the hypervisor and lets administrators control exactly who has different levels of access to administrative functions. HyTrust sits between vCenter and administrators, providing total security. It runs as a virtual machine in the software datacenter, quickly and easily adding a much needed level of security to virtualized and cloud computing.

New for this year are even more virtualization security features as well as robust logging. For the security features, HyTrust has introduced VM encryption. Encryption can be centrally managed from HyTrust, which can also handle key management. For organizations undergoing regulatory compliance, this is a massive plus because administrators can quickly and easily re-key any virtual machine without ever leaving their desk. Another new feature is virtual machine boundaries. One of the largest security vulnerabilities inherent with virtualization is that an authorized user could simply copy a virtual machine to external media and boot it up somewhere else. HyTrust has invented a way to fix this. Administrators can now set boundaries, effectively preventing virtual machine from being used anywhere except where the administrator has defined. Virtual machines can be restricted to booting only specific geographic areas, specific datacenters or even on specific VM hosts.

No good product is complete without logging, which HyTrust has introduced extensively. This extensive logging, as well as the centralized encryption management, have put this product in a unique place to massively simplify compliance auditing.

This is the third year running we have included HyTrust in our Innovators section, and we are glad to see that they keep coming back with more. They are constantly patenting new things and we like the way they have taken the ball and run with it in an area that desperately needed them to.

Vendor: Intigua 

Flagship product: Intigua Virtual Management Platform

Cost: Starts at an annual subscription price of $50K.

Innovation: Containerization of the complete management stack in a virtual environment.

Greatest strength: Ability to seamlessly and effectively manage a hybrid/virtual environment that includes legacy management tools.


When we asked the folks at Intigua what they do, their reply was, "Intigua Virtual Management Platform virtualizes existing management tools using proprietary container technology to encapsulate them in their entirety, and enables them to be centrally managed and automated via a robust policy engine.”That is a mouthful. We've heard it from these folks before, though, and they have proved their capability to our complete satisfaction.

First, the product is a virtual management platform and that is important because it can sit on the virtual system and communicate directly with the systems it needs to manage. It also containerizes management tools so that they can be managed centrally giving a side benefit of policy-based control. The control extends to most industry-leading management tools, including, among others, Splunk, Tripwire, SCOM/SCCM, SEP, NetBackup, IBM Tivoli Endpoint Manager (BigFix) and SolarWinds. These are the tools of the trade that data center engineers are used to using over the years. Including them in a virtual system is a huge plus, especially when they can be managed centrally.

Another way to think of Intigua is to consider it as an automation platform for centralized policy-based provisioning, configuration and control. We met the people at Intigua last year and, of course, we wanted to know what's new. The big thing is the development of more agents that can be virtualized and containerized. They are doing this, in part, by developing new strategic partnerships and moving to the area of infrastructure as a service. Management of systems in a remote – cloud-based – infrastructure is a big challenge but the Intigua system is well-suited for it.

As a step in that direction, the company can offer security and management as a service. That includes systems no matter where they reside and even includes hybrid systems. The whole idea is to make order out of management chaos. Automating for the sake of automating is a worthless and dangerous approach. As one of Intigua's Innovators told us, “When you automate a mess, you get an automated mess.” We couldn't have said it better ourselves.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.