S O L UT I O N S O V E R V I E W HyTrust DataControl ® for vCloud Air Hybrid cloud transparent encryption for data security and compliance VMware vCloud® Hybrid Service™ is a secure, dedicated hybrid cloud service operated by VMware, built on the trusted foundation of VMware vSphere®. The service supports existing workloads and third-party applications as well as new application development, giving IT a common platform for seamlessly extending its data center to the cloud. ® HyTrust DataControl helps organizations meet security and compliance objectives by encrypting data at rest in hybrid cloud environments such as vCloud Air The Data Protection Challenge in Hybrid Cloud As organizations move to hybrid cloud models, concerns related to data sovereignty and control inevitably arise. To move sensitive or regulated data outside of the corporate data center, controls are required to ensure that the data cannot be accessed in any unauthorized manner. Such controls are difficult to implement in the public cloud because the organization does not control the infrastructure which leads to risk, loss of visibility, and absence of the controls necessary to meet compliance requirements. A logical solution to this cloud data protection challenge is to encrypt data. By encrypting data as it is stored in the cloud, organizations can retain a level of control over access that can prevent data compromise. However encryption must be implemented properly to ensure data privacy while avoiding excessive operational overhead, expense, or performance penalty. Application Independent Encryption for Cloud ® HyTrust DataControl helps solve the hybrid cloud data security challenge by delivering operationally efficient encryption for any data at rest. DataControl operates transparently to applications and operating systems, encrypting data within each virtual workload before it is written to storage. It supports hybrid cloud deployment models, and workloads can be moved seamlessly between the datacenter and vCloud Air with no operational overhead. Because the data is always encrypted while in storage, data theft through compromise of the cloud infrastructure is much less likely. With DataControl organizations can • Prevent data theft from virtual machine compromise, snapshotting, backups, or cloning; • Meet compliance control requirements using standards-based strong encryption of data at rest and fully automatic, FIPS 140-2 validated key management; • Encrypt workloads or change encryption keys without application downtime or interruption; • Automate security controls using full REST API support. Flexible Architecture, Simple Deployment H y T r u s t D a t a C o n t r o l f o r v C l o u d A i r / 1 S O L UT I O N S O V E R V I E W Use Cases Enterprise Cloud Applications: Securely move apps and data to vCloud Air for ease of access and scale-up. Cloud Dev & Test: Prevent compromise of sensitive data during development life cycle. Secure Backup: Maintain compliance separation of duties and least privilege for backups. Default Encrypt-All: Eliminates data classification challenges. To learn more visit HyTrust on the vCloud Air Marketplace, or at www.hytrust.com. HyTrust DataControl is Different HyTrust DataControl includes all the required components to deploy hybrid cloud encryption. Unlike other solutions, DataControl includes integrated, fully automatic key management and key storage facilities, making deployment simple and eliminating finger-pointing between vendors. DataControl also allows the organization to keep the vital key storage facility within the private datacenter, making it far easier to secure. No public cloud provider ever has access to the encryption keys, and data can be migrated between cloud platforms. Keys can even be “shredded’ to ensure all copies of data deemed at the “end of its life” in either the private or public cloud can be securely decommissioned. How it Works DataControl consists of two components: Policy Agents and the central HyTrust ® KeyControl server. Policy Agents are installed in the guest operating system of each virtual workload requiring encryption. The Policy Agents support all major Windows and Linux operating system variants, as well as Intel AES-NI hardware acceleration to minimize performance impact. Policy Agents encrypt and decrypt data to and from virtual storage, completely independent of and transparent to the application, database, or file service. This makes it practical to deploy DataControl across the hybrid environment as a single, consistent encryption solution. The KeyControl virtual server provides highly-available encryption key storage, distributing keys to the Policy Agents allowing revoking access to keys if needed. KeyControl also serves as the central point of solution administration. Learn More HyTrust DataControl can get you to private and hybrid cloud faster. To learn more about how HyTrust and vCloud Hybrid Service can deliver a secure hybrid cloud, download a free trial at http://info.hytrust.com/Try-HyTrust.html or contact HyTrust at [email protected], or your VMware partner or sales representative. P R O D U C T D A T A S H E E T / 2
© Copyright 2024