This is a security automation product for use in a VMware environment. It's designed to manage security in a virtual environment by addressing the issue of concentration of risk inherent in the software-defined data center. The idea of concentration of risk is an interesting one that, perhaps, is not quite as obvious as it should be. In a physical data center there are many - sometimes a profusion of - physical servers. There may be multiple administrators dedicated to specific systems and, generally, everything is spread out so that a catastrophic failure or compromise is less likely since data and servers are somewhat decentralized.

Compare that with a virtual data center, which is much smaller physically, and administrators may have unfettered (and unmonitored) access across the entire system. That is where the notion of concentration of risk comes in. That which is easy to access is easy to compromise. Add the possibility for a public cloud where your data is, essentially, outside your direct control, and you have a compact target for attack. So a solution to that challenge needs to be built from the ground up to address both the environment and the threats. That is exactly what HyTrust CloudControl does.

CloudControl supports strong authentication, role-based access control, rule of four eyes (two-person) enforcement, policy enforcement, root password vaulting and infrastructure hardening. It can integrate with Intel's TXT system as well. Also, CloudControl is an excellent security administration tool from the perspectives of compliance and analysis. The menus and drill-downs are lucid and practical, and the tight integration with VMware and Active Directory adds to the product's versatility and power.

At a glance
Product CloudControl
Company HyTrust
Price Enterprise pricing starts at $63,750 for a single data center site with 20 ESXi CPU sockets; a free community edition for up to three hosts is also available.
What it does Cloud security automation mitigates the concentration of risk caused by virtualization.
What we liked Protection of the management infrastructure internally.