Securing the Post-Chewy Center SDDC: Enhanced Multi-Cloud Workload Security - HyTrust

Securing the Post-Chewy Center SDDC: Enhanced Multi-Cloud Workload Security

Today we announced updates to our DataControl and CloudControl products to help provide even better protection for the new virtualized and multi-cloud enterprise. Over the past few years the data center has changed radically, but security has struggled to keep up, necessitating a new approach.

Hard Shell, Chewy Center
Hard Shell, Chewy Center. The way it used to be.

John Kindervag at Forrester was one of the first to really characterize the sea change with his “No More Chewy Center: The Zero Trust Model of Information Security.” – a classic white paper and good read in its original form, with a completely updated version available at the link above. The typical enterprise security architecture used to be primarily perimeter-based – you had a firewall of some sort, a crunchy outer shell, protecting the various hosts on your network, the chewy center.

Pre-cloud, pre-XaaS that approach was relatively reasonable, but things have changed. Now, with highly porous architectures with SaaS and virtualization and private, public and hybrid cloud approaches all in play, it is a lot tougher to protect the perimeter. In fact, you may not even be able to define the perimeter.

With that said, one thing that you can do is move your security from the perimeter to the workload – the atomistic building block of the new SDDC. Regardless of whether that workload is running in a container or a virtual machine, we are seeing new challenges arising in response to the evolution of the modern data center and enterprise IT architecture. More on this here.

For example, while IT used to be focused on in-house virtualization with perhaps some functions on a single provider’s cloud, we are now seeing mixed models and multi-cloud efforts become more common. Of course, while there may be excellent reasons to add another cloud platform, be they cost, performance or otherwise, IT needs to contain the operational complexity of adding yet another platform and that is where our multi-cloud solutions come in – providing a single pane of glass across public clouds including IBM SoftLayer, AWS, Microsoft Azure, VMware vCloud and private offerings including VMware ESX and NSX as well as hyperconverged solutions like Nutanix, Pivot3 and Dell EMC’s VxRail and VxRack.

Our customers have told us that keeping their data secure on the cloud is a concern. That’s why we rolled out military grade, FIP-140-2 Level 1 certified and FIPS-140-2 Level 3 capable (just add an HSM) encryption where the encryption stays with the workload but is centrally managed by a KMIPs compliant server. Now you can manage HyTrust and 3rd party encryption from a single key management server (and yes, not only are high availability options available, they are free – included with DataControl).

Another challenge our customers face is the need to avoid downtime, which is compounded by the fact that best practices and some regulatory requirements call for periodic encryption rekeying. With traditional approaches this can cause considerable downtime – with some estimates topping 41 hours per terabyte. Obviously a problem since few acceptable maintenance windows are this large. That’s where our Zero Downtime Encryption comes in – we can rekey in the background with intelligent throttling in response to CPU load. Now, you can have your cake and eat it too.

Compliance and visibility are further challenges many of our customers have mentioned. In response, we have enhanced CloudControl with better dashboards and alerting and compliance templates supporting PCI, HIPAA, SOX and other compliance regimes. This is combined with forensics grade logging and better tools, all of which combine to provide more opportunities to provide enhance security and compliance with greater automation and even better visibility.

So the good news is that while the days of the crunchy outer shell have passed, there are effective solutions that can be used to protect the individual workloads composing the new SDDC. The even better news is that as we announced today, these solutions are getting better and better in response to customer input.

Finally, speaking of things getting better and better, we not only have our legendary VMworld party at VMworld in Las Vegas this year (Tuesday night at the House of Blues – come by the booth to get your ticket), but we are also offering a chance to win a Round the World Trip. Come by Booth 734, get scanned, and you are registered to win. We’ll be drawing a winner Wednesday, August 31 at 3PM. Be sure to drop by, because you must be present to win! More on what’s happening at VMworld here.

Hope to see you at the show!

We have placed cookies on your device to help make this website better. By continuing to use this website you agree to our Cookie Policy.