Security startup Skyport today is revealing the first details about its approach to change the security market with a new hardware and software security platform.
Skyport was still in stealth mode in mid-April when it announced its $30 million Series B round of funding, which brought its total funding up to $37 million. Now exiting from the stealth stage, the company is divulging more information on its platform.
At the core of Skyport’s platform is the SkySecure Server, a physical server platform.
“SkySecure Server is a Trusted Compute Platform, making use of capabilities specified by the Trusted Computing Group (TCG), that has a reduced threat surface and a secured supply chain,” Doug Gourlay, corporate vice president at Skyport, told eWEEK.
The SkySecure Server has no ports or interfaces that do not go through the Skyport Secure I/O controller, Gourlay said. The I/O controller is made in the United States by Intel, he added. All the chips on the physical server have all had epoxy applied to physically secure them to the chassis, and the entire chassis has been designed to be a tamper-evident box.
Skyport is even taking measures during the assembly process for the servers to ensure integrity.
“As a box goes through the manufacturing process, we stop it, key it and take a picture of the motherboard,” Gourlay said. “Then we sign that with the key that was put in the server, becoming a record in the log file for the server.”
A customer is able to go back through any point in the lifecycle of a server to verify hardware, software and firmware to verify that no violation has occurred. Gourlay explained that when the system boots, the SkySecure Server performs a remote attestation exercise, where the SkySecure Center service checks the integrity of firmware, BIOS, software and cryptography.
The operating system that runs on the SkySecure is based on the Debian Linux operating system and hardened with Security Enhanced Linux (SELinux) mandatory access controls. Applications are run as Xen hypervisor virtual machines, with each VM getting its own unique instance on the SkySecure server I/O controller by way of the Single Route I/O Virtualization (SR-IOV).
“That lets us create a private firewall and application security perimeter around each and every VM,” Gourlay said.
Today, the Xen hypervisor is the virtualization technology Skyport uses, though, according to Stefan Dyckerhoff, Skyport Systems CEO, that’s not a key point. “The architecture of the system has been purpose-built to be somewhat hypervisor-agnostic,” Dyckerhoff told eWEEK. “That will also allow us to do containers in the future.”
Rather than simply selling boxes with support, Skyport is selling its technology, including the hardware server, as a service. The initial list price is approximately $2,500 a month per system, according to Gourlay.
“At the end of say a three-year term, if a customer decides to renew, we take the server back and give them a new server, after migrating the workloads and destroying the old server,” Gourlay said. “What the customer is really buying from us is a unit of compute capacity and an ongoing security capability.”
Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.