Illumio Takes Aim at Policy-Driven Security

The startup, backed with big venture funding, emerges from stealth mode with the Illumio Adaptive Security Platform.


Security startup Illumio emerged from stealth mode today with the promise of enabling a new policy-driven future for IT workloads. Illumio is venture backed and to date has raised $42.5 million in funding.

PJ Kirner, CTO and co-founder of Illumio, told eWEEK that he saw a gap in the market between how security works in static and distributed data center environments. In modern distributed data centers, workloads move around and scale up and down on a regular basis, he said. As such, there is a need for security to be just as agile as the workloads, which is where the Illumio Adaptive Security Platform (ASP) comes into play.

ASP is made up of several components, including the Virtual Enforcement Node, which is a piece of software that runs on the data center workload. The Virtual Enforcement Node has the deployment context of the workload, including both server and network elements.

"Understanding the context of what is happening inside of workloads is not something you can get at from just the network point of view," Kirner said.

The other key component of the Illumio ASP is the Policy Compute Engine. Kirner explained that the Policy Compute Engine builds a full view of the environment that it is securing. Policy can then be pushed back down to the Virtual Enforcement Nodes for deployment.

From a policy enforcement perspective, the Illumio Policy Compute Engine can enable enforcement and access control, he said. It can also provide confidentially options for data in motion.

In many IT environments, there are already various sources of policy. Kirner said that Illumio can work with that too.

"We have customers that have sources of truth for an IT policy," Kirner said. "Our high-level model allows organizations to map their policies into the Illumio platform."

The ability to map policy is a feature within ASP that Illumio has branded as Illumination, and it provides a visual representation of what is going on in a network. Kirner said the policy model is a high-level declarative model that uses the context that comes from the workload to dynamically and continuously assess the status and compliance of a data center workload deployment.

The idea of attaching policies to workloads is one that Cisco is also chasing. In April, Cisco announced its OpFlex open-source protocol for defining high-level network policies. For OpenStack cloud deployment, VMware has been backing a project known as Congress that aims to deliver unified cloud policy. Allan Cohen, chief commercial officer at Illumio, told eWEEK that his company's platform is unique and is not tied to any hardware implementation.

Cohen noted that Illumio has two delivery models for ASP—on-premises and software-as-a-service (SaaS) cloud versions. Although Illumio is only emerging publicly from stealth mode today, Kirner emphasized that the platform has already been proven in customer deployments over the course of this year.

"We have got a lot of value from interacting with our customers at a close technical level," Kirner said.

Sean Michael Kerner is a senior editor at eWEEK and Follow him on Twitter @TechJournalist.

Sean Michael Kerner

Sean Michael Kerner

Sean Michael Kerner is an Internet consultant, strategist, and contributor to several leading IT business web sites.