S O L UT I O N S
O V E R V I E W
HyTrust DataControl ® for vCloud Air
Hybrid cloud transparent encryption for data security and compliance
VMware vCloud® Hybrid
Service™ is a secure,
dedicated hybrid cloud service
operated by VMware, built on
the trusted foundation of
VMware vSphere®.
The service supports existing
workloads and third-party
applications as well as new
application development, giving
IT a common platform for
seamlessly extending its data
center to the cloud.
®
HyTrust DataControl helps
organizations meet security
and compliance objectives by
encrypting data at rest in hybrid
cloud environments such as
vCloud Air
The Data Protection Challenge in
Hybrid Cloud
As organizations move to hybrid cloud models, concerns related to data sovereignty
and control inevitably arise. To move sensitive or regulated data outside of the
corporate data center, controls are required to ensure that the data cannot be
accessed in any unauthorized manner. Such controls are difficult to implement in the
public cloud because the organization does not control the infrastructure which leads
to risk, loss of visibility, and absence of the controls necessary to meet compliance
requirements.
A logical solution to this cloud data protection challenge is to encrypt data. By
encrypting data as it is stored in the cloud, organizations can retain a level of control
over access that can prevent data compromise. However encryption must be
implemented properly to ensure data privacy while avoiding excessive operational
overhead, expense, or performance penalty.
Application Independent Encryption for Cloud
®
HyTrust DataControl helps solve the hybrid cloud data security challenge by
delivering operationally efficient encryption for any data at rest. DataControl
operates transparently to applications and operating systems, encrypting data
within each virtual workload before it is written to storage. It supports hybrid cloud
deployment models, and workloads can be moved seamlessly between the
datacenter and vCloud Air with no operational overhead. Because the data is
always encrypted while in storage, data theft through compromise of the cloud
infrastructure is much less likely.
With DataControl organizations can
•
Prevent data theft from virtual machine compromise, snapshotting, backups, or
cloning;
•
Meet compliance control requirements using standards-based strong encryption
of data at rest and fully automatic, FIPS 140-2 validated key management;
•
Encrypt workloads or change encryption keys without application downtime or
interruption;
•
Automate security controls using full REST API support.
Flexible
Architecture,
Simple Deployment
H y T r u s t
D a t a C o n t r o l
f o r
v C l o u d
A i r
/
1
S O L UT I O N S
O V E R V I E W
Use Cases
Enterprise Cloud Applications:
Securely move apps and data to
vCloud Air for ease of access and
scale-up.
Cloud Dev & Test:
Prevent compromise of sensitive
data during development life cycle.
Secure Backup:
Maintain compliance separation of
duties and least privilege for
backups.
Default Encrypt-All:
Eliminates data classification
challenges.
To learn more visit HyTrust on the
vCloud Air Marketplace, or at
www.hytrust.com.
HyTrust DataControl is Different
HyTrust DataControl includes all the required components to deploy hybrid cloud
encryption. Unlike other solutions, DataControl includes integrated, fully automatic
key management and key storage facilities, making deployment simple and
eliminating finger-pointing between vendors. DataControl also allows the organization
to keep the vital key storage facility within the private datacenter, making it far easier
to secure. No public cloud provider ever has access to the encryption keys, and data
can be migrated between cloud platforms. Keys can even be “shredded’ to ensure all
copies of data deemed at the “end of its life” in either the private or public cloud can
be securely decommissioned.
How it Works
DataControl consists of two components: Policy Agents and the central HyTrust
®
KeyControl server. Policy Agents are installed in the guest operating system of each
virtual workload requiring encryption. The Policy Agents support all major Windows
and Linux operating system variants, as well as Intel AES-NI hardware acceleration
to minimize performance impact. Policy Agents encrypt and decrypt data to and from
virtual storage, completely independent of and transparent to the application,
database, or file service. This makes it practical to deploy DataControl across the
hybrid environment as a single, consistent encryption solution.
The KeyControl virtual server provides highly-available encryption key storage,
distributing keys to the Policy Agents allowing revoking access to keys if needed.
KeyControl also serves as the central point of solution administration.
Learn More
HyTrust DataControl can get you to private and hybrid cloud faster. To learn more
about how HyTrust and vCloud Hybrid Service can deliver a secure hybrid cloud,
download a free trial at http://info.hytrust.com/Try-HyTrust.html or contact
HyTrust at [email protected], or your VMware partner or sales representative.
P R O D U C T
D A T A S H E E T
/
2