With rapid adoption of cloud and massive workload migrations going on these days, data security has become even more important courtsey cyber attacks and security vulnerabilities making headlines like ever.
Its good to realize the power of Software Defined Data Center leveraging centralized management and powerful APIs. But at the same time, it makes it even more vital to think and plan about securing apps and workloads no matter where they are residing at any given time.
With that context, I did get a chance to check out HyTrust CloudControl Security which is available with VMware offerings on IBM Cloud.
Here are some pointers to udnerstand the HyTrust CloudControl Security in a nutshell:
- Hardening: Hytrust CloudControl helps you with stringent hypervisor hardening, provides authentication including RSA SecurID, CA ArcotID, Smartcards/PKI and work with Active Directory, RADIUS and TACACS+. What makes it really special is its Policy Control.
- RBAC: It gives you much more flexible / granular RBAC which once configured efficiently can really limit attack surface on protected objects such as hypervisors. For Example, you can create a role and assign a limited amount of commands a user can run on a hypervisor thereby protecting him to run any other commands beyond scope of his work. Similarly, CloudControl enables administrators to further limit or allows access to various resources and objects within vSphere, vCenter Server, and NSX.
- Policy Based Goverance: Its policy based governance gets you granular level logical security boundaries which can be treated as trusted objetcs. For example: I did check its functionality by looking at some policies, such as mapping virtual machines to specific hosts, where if a virtual machines gets migrated from Host A to Host B which is against the policy, its vmotion get’s failed saying HyTrust is restrciting this migrartion
- Centralized Management: HyTrust CloudControl appliances are deployed along side SDDC suite products where appliances act as a proxy for the region’s vSphere hosts, vCenter Server appliance, and NSX manager. As a result, users access the vSphere hosts, vCenter Server Appliance, and NSX Manager via specific, published IP (PIP) addresses assigned by the administrator.
- Solution Extensibilty: HyTrust CloudControl also has the ability to integrate with security information and event management (SIEM) tools such as IBM QRadar and VMware vRealize Log Insight.
- Audit / Logging: HyTrust comes with comprehensive auditing / logging capabilities which helps monitoring and tracking all activities being performed on protected objects.