to the PDF file

D ATA S H E E T
HyTrust
CloudControl
4.1
Security breaches are happening with increasing
frequency, and savvy attackers are repeatedly
targeting administrative credentials to expand
their reach and remain undetected. In virtualized
environments, administrators typically have very
broad privileges with minimal monitoring, and are
therefore an ideal target. HyTrust CloudControl™
is a virtual appliance that addresses these critical
security and compliance requirements for
virtualized infrastructure.
The Challenge
Virtualization and software-defined networking
provide operational and financial benefits by
consolidating servers, networking, and storage
Fine-Grained
Authorization
Audit-Quality
Logging
into a concentrated software layer. It has
delivered dramatic increases in capacity
utilization, IT administration efficiency,
HyTrust
CloudControl
and agility.
However, the administrators of these environments
have unprecedented power and span of control:
a privileged user with administrative access to the
virtual infrastructure — or someone who gains
their credentials — can easily exfiltrate sensitive
Strong
Authentication
Infrastructure
Integrity
data in bulk, as well as disrupt the operations of
mission critical applications with a few clicks.
Virtualization management tools lack the
The Solution
authentication, continuous monitoring, auditing,
HyTrust CloudControl™ software lets enterprises
and accountability for this administrative
virtualize even mission critical applications and
activity. This lack of visibility and control of
deploy multitenant private clouds while reducing
virtual infrastructure makes meeting compliance
risk of breaches or accidental misconfiguration.
mandates such as PCI impossible. More
importantly, companies that don’t secure these
CloudControl doesn’t require administrators to
accounts are vulnerable to the type of data breaches
change their workflow or management tools,
and theft that can go undetected for months.
but simply adds the critical security controls
and visibility necessary to achieve security and
compliance in virtualized infrastructure and
private clouds.
Cloud Under Control
hytrust.com
650.681.8100
D ATA S H E E T
Forensic-Quality Logs
How It Works
HyTrust CloudControl is deployed as a transparent
proxy on the management plane between
administrators and vSphere, or KVM hosts.
• Compiles complete audit trails required for
compliance and fast incident response
• Records and alerts on essential audit data
including attempted/denied operations, source
IP addresses, and details of VM reconfigurations
• Provides comprehensive reports and integrates
with SIEM solutions including McAfee
ePolicy Orchestrator, VMware LogInsight,
Symantec Control Compliance Suite, RSA
envision, HP ArcSight, and Splunk
VMware
vSphere
Hypervisor Configuration Hardening
• Provides templates for and continually monitors
hypervisor configuration to ensure compliance
with security best practices (VMware hardening
guide) and compliance requirements (e.g.,
Management
Clients
PCI, HIPAA)
HyTrust CloudControl is deployed as a transparent proxy
on the management plane between administrators and
the ESXi or KVM hosts.
Key Capabilities
Strong Authentication
• Supports two-factor authentication to ensure
administrators are who they say they are and
prevent identity spoofing
• Integrates with Active Directory, RSA SecurID,
CA ArcotID, RADIUS, and Smartcards/PKI
• Provides root password vaulting to tightly
secure ESXi server root access.
Policy-Based Authorization
• Limits or prevents harm to critical workloads
by enforcing enterprise-defined policies
• Applies both role-based and asset-based
access control rules to achieve separation of
duties and resource isolation, with no changes
to user workflows
• Provides secondary approval workflow to
ensure additional control and visibility for
sensitive operations
• Automates configuration policy definition,
enforcement, and remediation
•Supports HyTrust Boundary Controls in conjunction
with Intel TXT (ensuring hardware-based root of
trust) and policy-based controls that prevent
workloads from running outside a defined boundary,
such as a datacenter or country border
The Benefits
• Reduce risk of data breach through twofactor authentication, continuous monitoring
and policy-based control of privileged
administrator accounts
• Simplify audits and ensure compliance
through configuration hardening and thorough
logging and reporting of admin actions or
attempted actions
• Supports secure multi-tenancy and drives
uptime in next-gen datacenters and private clouds
• Mitigate risks of extended data center downtime
• Contain and prevent damage due to privileged
account misuse
To learn more about HyTrust, visit
hytrust.com/products/why-hytrust.
HyTrust, the HyTrust logo, and Virtualization Under Control are trademarks or registered trademarks of HYTRUST, Inc. or its subsidiaries in the United States and other
jurisdictions. All other company and productnames mentioned are used only for identification purposes and may be trademarks or registered trademarks of their
respective companies. © 2013-2014 HyTrust, Inc. All rights reserved. Part Number: DS-007-001
Cloud Under Control
hytrust.com
650.681.8100