Bracket encrypts entire workloads backed by automated key management and preboot authentication to ensure the integrity of data.
There aren't too many IT companies willing to get into the cloud virtualization business, because it's so hard to do. And there aren't many companies willing to try and virtualize entire workloads. But neither of those challenges has held back Bracket Computing
The Sunnyvale, Calif.-based startup on May 12 launched a new suite of security tools, called Bracket Security Fabric, which features high-level encryption, authentication and key management capabilities to secure the public cloud for enterprise use.
It is designed for enterprises already deploying Bracket Computing Cells. Bracket emerged from stealth mode last October to unveil the Cell
, which it describes as the world's first automated cloud virtualization system.
Companies that use Cells, Bracket CEO Tom Gillis said, will obtain reliable, high-performing enterprise-grade security and control that they require to run significant workloads on the public cloud. Bracket does this by encapsulating all of an enterprise's IT assets and services—cloud or otherwise—into a virtual data center that acts and feels just like a physical data center.
Now, with the Security Fabric, Bracket has the higher-level security layer it needs to protect all these workloads.
Security Fabric uses encryption and authentication to form a trusted boundary consistently across multiple clouds. Bracket encrypts entire workloads backed by automated key management and preboot authentication to ensure the confidentiality, integrity and authenticity of data within computing cells.
By tightly integrating security into infrastructure, Bracket eliminates the performance and complexity trade-offs that plague other security approaches, while delivering full automation and visibility, Gillis told eWEEK.
Gillis said he's gratified that Bracket users are helping the company move forward with its production development. "In fact, they've quickly pushed us to take our security infrastructure and expand it even further, to enable them to run their most sensitive production workloads in the cloud," he said.
Bracket Security Fabric incorporates an always-on cryptographic engine that is transparent and consistent across multiple clouds, making encryption a new boundary for the distributed data center.
Encrypts Entire Workloads
Bracket claims that the Computing Cell is the only infrastructure service that encrypts entire workloads—all virtual machine or container instances and attached storage, including root volumes, data volumes and server-based instance storage—to enable enterprises to process and store sensitive data on the public cloud. This encryption ensures that data is opaque to underlying cloud service providers and the outside world, wherever the data resides.
In addition, Bracket provides what it describes as the industry's first multi-cloud encrypted network gateway, ensuring that data traveling over untrusted networks is fully protected, Gillis said.
Bracket also implements state-of-the-art authentication to control access to all applications and data protected by this encrypted boundary. Authentication creates visibility, allowing the enterprise to identify, authorize, verify and track every user, every resource and access to any application or data. The Computing Cell is the only infrastructure service that uses hardware security modules coupled with integrity validation of images to ensure that workloads launch only after preboot authentication, Gillis said.
In the Bracket scheme, encryption and authentication are rooted in trust anchors (key appliances, directory services and certificate authorities) that remain under the absolute and authoritative control of the enterprise, allowing enterprises to extend control over the location of encryption keys to address data residency and compliance requirements. Bracket integrates with these trust anchors to automate key management that includes key rotation every 90 days with background rekeying of storage volumes, Gillis said.
Cloud service providers and other tenants cannot view or access any cryptographic root keys, ensuring independence and isolation that meets enterprise security requirements.
With security baked into the hardware, Bracket eliminates the need for agents or appliances and removes the performance and complexity trade-offs of those approaches, Gillis said.