Free ESG report : Seamless data management with Avere FXT

Business is booming at HyTrust, a maker of policy management and access control software for VMware virtual infrastructure, and whistleblower system admin Edward Snowden, who revealed the National Security Agency's web-spying PRISM project, is doing his inadvertent part to pump it up even further.

"The Snowden breach at the NSA has been a huge wakeup call," Eric Chiu, founder and president of HyTrust, tells El Reg. "Admins have always had access to resources, but in a virtual environment, it is even worse. Admins of virtual infrastructure can copy whole virtual machines. And now customers are shifting from an outside-in security environment to an inside-out model. You have to assume that somebody bad is already in your environment and figure out what you can do to monitor them."

HyTrust has been saying that IT shops should adopt a second approval rule for a lot of things that go on inside the data center for the past year, and the Snowden episode just makes this necessity all that more clear (at least, from the point of view of companies and governments).

The HyTrust virtual compliance appliance, which runs inside of an ESXi virtual machine and can monitor all changes to the hypervisor, its virtual machines, and their software stacks, hooks into LDAP or Active Directory for authentication and supports two-factor authentication with SecurID or smart cards. The HyTrust appliance becomes the "system of record" that snoops on all attempted changes in the virtual infrastructure, as well as approving changes that meet policies.

Funded and ready to expand

At the moment, the HyTrust appliance is restricted to VMware's ESXi hypervisor and its vCenter management console, but Chiu says thanks to $13m that the company just raised in Series C financing, HyTrust can expand out beyond the VMware stack to other hypervisors and cloud controllers used inside corporate and government data centers, as well as the same or similar software layers used on public clouds.

Chiu is not being specific about what other hypervisors or public clouds HyTrust will support next, but he says the company will be able to lock down at least one or two additional platforms this year, with others to follow.

It is ironic that VMware would help fund such moves. But by kicking in some dough, VMware not only keeps HyTrust engaged with its vSphere and vCloud stacks, but also gets insight into the company's future plans and has an inside track on a potential future acquisition.

In-Q-Tel, the venture capital arm of the US Central Intelligence Agency, was also one of the big investors in this third round. Epic Ventures and Trident Capital (which did the company's $5.5m first round) and Cisco Systems and Granite Ventures (which participated in the $10.5m second round) also kicked in dough during the third round.

The In-Q-Tel investment, says Chiu, will help HyTrust enhance its product in ways that help the intelligence community and also benefit both government and corporate customers. At the moment, HyTrust has close to a hundred customers, says Chiu – mostly Fortune 1000–class firms and large governments. He estimates that it has "in the millions of virtual machines under protection at this point."

Chiu says that revenues at HyTrust are expected to triple or quadruple this year, and one of the drivers is that companies want to move from maybe having 50 to 60 per cent of their workloads virtualized to something closer to 80 to 90 per cent. "What is really standing in the way is security for mission-critical workloads and their data," says Chiu, and of course, HyTrust thinks it has just the thing to solve that problem.

The third round of financing is usually a bit early to go public, but it is probably not too early for someone like VMware or Microsoft or Red Hat to swoop in and acquire a company like HyTrust. And that could happen. Chiu says he is working on scaling the HyTrust business right now and might entertain the idea of going public a few years down the road. ®

5 ways to reduce advertising network latency