Cloud
5/13/2015
12:00 AM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Bracket Computing Announces High-Assurance Security Capabilities for Hyperscale Clouds

Bracket Security Fabric Allows Large Enterprises to Move Their Most Sensitive Workloads to the Public Cloud with Confidence

Sunnyvale, CA, May 12, 2015 – Bracket Computing, Inc., the industry’s first cloud virtualization company, today introduced an advanced security suite with high-assurance encryption, authentication and key management capabilities that further extend its industry-leading approach to securing the public cloud. Now enterprises deploying Bracket Computing Cells can confidently use the public cloud for their most sensitive workloads.

With the addition of this suite, the Bracket Security Fabric brings encryption and authentication under the authoritative control of the enterprise to extend a trusted boundary consistently across multiple clouds for the first time. Bracket uniquely encrypts entire workloads backed by automated key management and preboot authentication to ensure the confidentiality, integrity and authenticity of data within Computing Cells. By tightly integrating security into infrastructure, Bracket eliminates the performance and complexity trade-offs that plague other security approaches, while delivering full automation and visibility.

“We’ve been surprised and gratified by how fast our customers have come to trust the public cloud when using Bracket’s Computing Cells,” said Tom Gillis, CEO of Bracket Computing. “In fact, they’ve quickly pushed us to take our security infrastructure and expand it even further, to enable them to run their most sensitive production workloads in the cloud. From today onward they can.”

Industry experts have been impressed with the performance of the Bracket Security Fabric, a new security architecture that was introduced to the marketplace with the launch of the Bracket Computing Cell late last year.

“Cloud computing has huge business advantages, and enterprise IT security teams need to find ways to securely enable business use or else enterprise security will simply be bypassed,” said John Pescatore, director of Emerging Security Trends at the SANS Institute. “Security solutions that transparently and scalably extend existing enterprise security controls to cloud services and enable data-centric protection and visibility are key.”

“In a world where workloads are distributed across multiple environments, encryption provides a new boundary that secures data wherever it is,” said Dan Boneh, co-director of the Computer Security Lab and professor of Computer Science at Stanford University. “Bracket’s approach to encryption—transparently extending absolute, authoritative control over fully encrypted workloads—achieves data protection requirements for the most sensitive workloads.”

Encryption as the New Boundary

The Bracket Security Fabric incorporates an always-on cryptographic engine that is transparent and consistent across multiple clouds, making encryption the new boundary for the distributed data center. The Computing Cell is the only infrastructure service that encrypts entire workloads—all virtual machine or container instances and attached storage, including root volumes, data volumes and server-based instance storage—to enable enterprises to process and store sensitive data on the public cloud. This encryption ensures that data is completely opaque to underlying cloud service providers and the outside world, wherever the data resides. In addition, Bracket provides enterprises with the industry’s first multi-cloud encrypted network gateway, ensuring that data traveling over untrusted networks is fully protected.

State-of-the-Art Authentication for Full Visibility

Bracket’s security software implements state-of-the-art authentication to control access to all applications and data protected by this encrypted boundary. Authentication creates visibility, allowing the enterprise to identify, authorize, verify and track every user, every resource and access to any application or data. The Computing Cell is the only infrastructure service that uses hardware security modules coupled with integrity validation of images to ensure that workloads launch only after preboot authentication.

Absolute and Authoritative Control Rooted in Enterprise Trust Anchors

With Bracket, encryption and authentication are rooted in trust anchors (key appliances, directory services and certificate authorities) that remain under the absolute and authoritative control of the enterprise, allowing enterprises to extend control over the location of encryption keys to address data residency and compliance requirements. Bracket integrates with these trust anchors to automate key management that includes key rotation every 90 days with background rekeying of storage volumes. Cloud service providers and other tenants cannot view or access any cryptographic root keys, ensuring independence and isolation that meets enterprise security requirements.

Integrated into Infrastructure for Complete Transparency, Consistency and Automation

By imagining security as an integral part of the Computing Cell, Bracket eliminates the need for agents or appliances and removes the performance and complexity trade-offs of those approaches. Bracket is the only solution that automatically scales and configures the seemingly infinite capacity of the public cloud on demand, ensuring that security never gets in the way of performance. Enterprises get always-on, highly scalable security that is transparent to applications and completely consistent across computing environments. Bracket backs its security offering with unique SLAs for confidentiality, integrity and availability.

About Bracket Computing

Bracket Computing created the industry’s first Cloud Virtualization System with the development of its Computing Cell in 2011, with the ultimate goal of delivering enterprise computing that is driven by business needs, not hardware limitations. Today Computing Cells harness the public cloud for the enterprise, combining their scale, elasticity and efficiency with the security, performance and control of a dedicated hardware data center. Bracket Computing is a private company whose investors include venture firms Andreessen Horowitz, Norwest Venture Partners, Sutter Hill Ventures, ARTIS Ventures and Allegis Capital, and strategic corporate investors GE and Qualcomm. The company is headquartered in Sunnyvale, California. For more information, visit www.brkt.com.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Ulf Mattsson
50%
50%
Ulf Mattsson,
User Rank: Moderator
5/13/2015 | 11:27:35 AM
Encryption
I like that "The Computing Cell is the only infrastructure service that encrypts entire workloads—all virtual machine or container instances and attached storage, including root volumes, data volumes and server-based instance storage—to enable enterprises to process and store sensitive data on the public cloud." But if the data is very sensitive you may not even want the encryption keys to be sent to the cloud when they are used for encryption and decryption of the storage volumes.

A recent report from Gartner had some good news and concluded that "Cloud Data Protection Gateways" provides a "High Benefit Rating" and "offer a way to secure sensitive enterprise data and files stored in cloud applications". Cloud Encryption Gateways encrypts data before sending it into the cloud. This approach can be very effective in addressing attacks against cloud data and compliance with regulations.

Ulf Mattsson, CTO Protegrity
1.9 Billion Data Records Exposed in First Half of 2017
Kelly Jackson Higgins, Executive Editor at Dark Reading,  9/20/2017
Get Serious about IoT Security
Derek Manky, Global Security Strategist, Fortinet,  9/20/2017
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
Security Vulnerabilities: The Next Wave
Just when you thought it was safe, researchers have unveiled a new round of IT security flaws. Is your enterprise ready?
Flash Poll
[Strategic Security Report] How Enterprises Are Attacking the IT Security Problem
[Strategic Security Report] How Enterprises Are Attacking the IT Security Problem
Enterprises are spending more of their IT budgets on cybersecurity technology. How do your organization's security plans and strategies compare to what others are doing? Here's an in-depth look.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.