Software That Gives IT Security Control in a Self-Service World
Bracket Computing, a pioneer in security for public and private cloud computing, today introduced major enhancements to its Cloud Workload Protection Platform, known as the Computing Cell. This software is designed to give IT the security and policy controls it needs without impacting the speed and agility of the self-service cloud. With Bracket, enterprises get the advanced isolation and security they need to deploy their workloads on both private and public clouds.
At the heart of the Bracket Computing Cell is the Metavisor — Bracket’s unique, advanced form of virtualization that runs between the guest operating system and the hypervisor of the cloud underneath. Sitting at this critical point in the software stack — in the “data path” — allows Bracket to insert security services transparently and automatically for production workloads, without changes to the guest operating system or applications.
“To protect customer data and business operations, enterprises need to extend their security posture onto any and all cloud services,” said John Pescatore, Director at SANS Institute. “Without consistent levels of security that can operate transparently across different cloud services, there is no safe way for businesses to truly consider the cloud as a big pool of on-demand capacity. Cloud is an area where doing security right allows the business to choose the best pool of capacity for a given workload based on availability, scalability, performance and price.”
The three new services delivered by the Computing Cell are:
- Transparent Encryption of all data in motion (in addition to data at rest);
- Cryptographic Assurance, providing an integrity layer for assets with an extended root of trust; and
- Application and Data Segmentation, enforcing data-centric policies for access to individual workloads.
In addition, the Computing Cell offers a rich distributed control system that can run either on premise or in the cloud, as well as a robust set of reporting and logging capabilities to provide visibility into the workloads being protected.
“The Bracket Computing Cell deploys enterprise security controls underneath conventional VMs and cloud-native app containers in a way that is entirely transparent to development and operations teams,” said Jason Lango, Co-founder and CTO of Bracket Computing. “This allows central IT to have the control it needs without impacting the agility of the self-service cloud.”
Another technical innovation in the Bracket Computing Cell is the use of encryption for asset assurance and application and data segmentation. The Computing Cell’s built-in encryption is always on — ensuring that all data is always encrypted, all the time. The Computing Cell optimizes the encryption so it is very high performance, and uses a form of encryption that is authenticated. With these innovations, the Computing Cell can ensure that data at rest has not been tampered with or modified in any way as a result of data corruption or malicious acts. Bracket also has a unique secure boot capability, in which a known good version of a server is encrypted on the customer’s premises and decrypted only to boot in the cloud when authorized by IT policy.
Given this ubiquitous encryption, when a server or a data volume is being accessed, a key must be released to access the data. This is the point where Bracket enforces a company’s policy. Each time a key is accessed, the policy is checked: What application is accessing this data? What country is it residing in? Is it facing the Internet or is it only internal? By using key release as a point of policy enforcement, policies follow the data. If a data set is copied, backed up or moved, the policy moves with it. The policy is fully decoupled from physical infrastructure, and does not rely on traditional IP address segmentation or physical boundaries — allowing application and data access policies to span hybrid clouds easily and flexibly.
Large, security-focused F500 companies are using the Bracket Computing Cell to safely and securely deploy workloads on the public cloud across a broad range of use cases. Large media companies run their CRM system with the Computing Cell. A major payroll processing company is using it to deploy a next-generation payroll application, while Hollywood studios are using the Computing Cell to render visual effects during peak production times.
The Bracket Computing Cell is available now. Find out more at www.brkt.com