HyTrust, which delivers policy management and access control technology to virtual environments, has added a new feature to its new HyTrust Appliance 3.0 that requires two people to approve certain tasks to protect against accidental or malicious actions that could harm the virtual environment.
Called “Secondary Approval,” the feature automatically stops certain potentially high-risk actions and tells the user that they need a second person to approve the action, said Eric Chiu, president and founder of HyTrust, who unveiled the new technology at VMworld 2012, which is winding up in San Francisco.
Chiu compared Secondary Approval to the fail-safe systems used in U.S. nuclear missile silos or Air Force bombers. It requires two people to each turn a key at the same time to launch the missile or drop the bombs. The keys are far enough apart so that no one person can turn both keys at once.
Secondary approval would be activated if a user sought such actions as to delete a virtual machine, turn off the Microsoft Windows Exchange server in the middle of a workday, or copy or remove from the network sensitive files, such as a database of customer credit card numbers.
Like the pop-up message that asks “Are You Sure?” in many computer programs, the message in this situation would read, “Permission denied. Secondary Approval required.” The system then sends an email to staff people empowered to approve or deny a request.
“With Secondary Approval, we have now built workflow-based approvals for those sensitive operations,” Chiu said. “It says you may want a second set of eyes on that before it’s allowed to happen.”
The person asked to approve the task would likely ask more questions of the requestor to determine whether to approve it or not. It may be that the user wants to delete a virtual machine because it’s a duplicate, which would be okay. Or the attempt would have been inadvertent because the user hit the wrong combination of keys or clicked on the wrong button.
“Every admin I’ve talked to has a story about how they fat-fingered some production resource at some time. And there’s no ‘Undo’ button,” said Chiu.
But Secondary Approval could also prevent a malicious action like the one that occurred at Shoinogi Pharmaceuticals in 2011. There, a disgruntled fired employee gained access to the network of the U.S. subsidiary of the Japanese drug company from a WiFi hotspot at a McDonald’s restaurant 100 miles away from the New Jersey data center, Chiu said.
He snuck in through a back door opening in the network and deleted all the company’s production virtual machines (VMs) and all their VMware ESX host hypervisors. The network was down for a week while IT staff rebuilt the entire virtual infrastructure, he said.
“It was equivalent to burning down the data center. And he did it in under five minutes,” Chiu said.
The perpetrator, Jason Cornish, was arrested by the FBI and pleaded guilty to federal charges of computer intrusion.
HyTrust is now making its 3.0 appliance available on VMware’s vSphere 5.1 virtualization operating system, which was introduced at VMworld 2012. It has also been certified as “Vblock Ready” for the Vblock Systems virtual infrastructure platform from VCE, which is a joint venture between VMware, Cisco Systems and EMC.