Feeds

HyTrust trousers $13m from VMware and CIA sugar daddy In-Q-Tel

Snowden breach 'a huge wakeup call' for virty security

HP ProLiant Gen8: Integrated lifecycle automation

Business is booming at HyTrust, a maker of policy management and access control software for VMware virtual infrastructure, and whistleblower system admin Edward Snowden, who revealed the National Security Agency's web-spying PRISM project, is doing his inadvertent part to pump it up even further.

"The Snowden breach at the NSA has been a huge wakeup call," Eric Chiu, founder and president of HyTrust, tells El Reg. "Admins have always had access to resources, but in a virtual environment, it is even worse. Admins of virtual infrastructure can copy whole virtual machines. And now customers are shifting from an outside-in security environment to an inside-out model. You have to assume that somebody bad is already in your environment and figure out what you can do to monitor them."

HyTrust has been saying that IT shops should adopt a second approval rule for a lot of things that go on inside the data center for the past year, and the Snowden episode just makes this necessity all that more clear (at least, from the point of view of companies and governments).

The HyTrust virtual compliance appliance, which runs inside of an ESXi virtual machine and can monitor all changes to the hypervisor, its virtual machines, and their software stacks, hooks into LDAP or Active Directory for authentication and supports two-factor authentication with SecurID or smart cards. The HyTrust appliance becomes the "system of record" that snoops on all attempted changes in the virtual infrastructure, as well as approving changes that meet policies.

Funded and ready to expand

At the moment, the HyTrust appliance is restricted to VMware's ESXi hypervisor and its vCenter management console, but Chiu says thanks to $13m that the company just raised in Series C financing, HyTrust can expand out beyond the VMware stack to other hypervisors and cloud controllers used inside corporate and government data centers, as well as the same or similar software layers used on public clouds.

Chiu is not being specific about what other hypervisors or public clouds HyTrust will support next, but he says the company will be able to lock down at least one or two additional platforms this year, with others to follow.

It is ironic that VMware would help fund such moves. But by kicking in some dough, VMware not only keeps HyTrust engaged with its vSphere and vCloud stacks, but also gets insight into the company's future plans and has an inside track on a potential future acquisition.

In-Q-Tel, the venture capital arm of the US Central Intelligence Agency, was also one of the big investors in this third round. Epic Ventures and Trident Capital (which did the company's $5.5m first round) and Cisco Systems and Granite Ventures (which participated in the $10.5m second round) also kicked in dough during the third round.

The In-Q-Tel investment, says Chiu, will help HyTrust enhance its product in ways that help the intelligence community and also benefit both government and corporate customers. At the moment, HyTrust has close to a hundred customers, says Chiu – mostly Fortune 1000–class firms and large governments. He estimates that it has "in the millions of virtual machines under protection at this point."

Chiu says that revenues at HyTrust are expected to triple or quadruple this year, and one of the drivers is that companies want to move from maybe having 50 to 60 per cent of their workloads virtualized to something closer to 80 to 90 per cent. "What is really standing in the way is security for mission-critical workloads and their data," says Chiu, and of course, HyTrust thinks it has just the thing to solve that problem.

The third round of financing is usually a bit early to go public, but it is probably not too early for someone like VMware or Microsoft or Red Hat to swoop in and acquire a company like HyTrust. And that could happen. Chiu says he is working on scaling the HyTrust business right now and might entertain the idea of going public a few years down the road. ®

Reducing security risks from open source software

More from The Register

next story
Sysadmin Day 2014: Quick, there's still time to get the beers in
He walked over the broken glass, killed the thugs... and er... reconnected the cables*
SHOCK and AWS: The fall of Amazon's deflationary cloud
Just as Jeff Bezos did to books and CDs, Amazon's rivals are now doing to it
Amazon Reveals One Weird Trick: A Loss On Almost $20bn In Sales
Investors really hate it: Share price plunge as growth SLOWS in key AWS division
US judge: YES, cops or feds so can slurp an ENTIRE Gmail account
Crooks don't have folders labelled 'drug records', opines NY beak
Auntie remains MYSTIFIED by that weekend BBC iPlayer and website outage
Still doing 'forensics' on the caching layer – Beeb digi wonk
BlackBerry: Toss the server, mate... BES is in the CLOUD now
BlackBerry Enterprise Services takes aim at SMEs - but there's a catch
The triumph of VVOL: Everyone's jumping into bed with VMware
'Bandwagon'? Yes, we're on it and so what, say big dogs
Carbon tax repeal won't see data centre operators cut prices
Rackspace says electricity isn't a major cost, Equinix promises 'no levy'
prev story

Whitepapers

Designing a Defense for Mobile Applications
Learn about the various considerations for defending mobile applications - from the application architecture itself to the myriad testing technologies.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Top 8 considerations to enable and simplify mobility
In this whitepaper learn how to successfully add mobile capabilities simply and cost effectively.
Seven Steps to Software Security
Seven practical steps you can begin to take today to secure your applications and prevent the damages a successful cyber-attack can cause.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.