Security Experts:

HyTrust Models New Feature After Nuclear Weapon Launch Controls

HyTrust 3.0 Integrates ‘Secondary Approval’ Feature To Safeguard Against Operational Downtime and Internal Security Breaches.

At the RSA Europe Conference in London this week, HyTrust, a provider of policy management and access control solutions for virtual environments, released version 3.0 of its HyTrust Appliance.

The latest version, which despite its name is not a physical piece of hardware, but rather a virtual appliance, includes several improvements, but the most notable is a new "secondary approval" feature that enforces the two-person rule, made famous by the US Air Force’s general rule focusing on nuclear missile launches.

Nuclear Launch Controls“According to US Air Force Instruction (AFI) 91-104, the two-person rule was designed to prevent the accidental or malicious launch of nuclear weapons by a single individual,” explained Eric Chiu, founder and president of HyTrust in a statement.

“Similarly, HyTrust’s new Secondary Approval feature mandates designated approvers authorize high-impact operations prior to users with administration privileges being able to execute actions that can impact the business or even bring down the entire data center,” he added.

So-called “privileged users” of an organization’s virtualization platform typically have much greater administrative power than counterparts who manage physical data center infrastructure. They can copy, power off or delete a business-critical VM with a few clicks from any location in the world, or any device.

VMware and other virtualization platforms do not provide adequate control, the company says, including viable methods of requiring additional checks for actions that can result in negative consequences. Thus, secondary approval is designed to prevent malicious actions or unintended ones to virtual machines (VMs), critical applications and data, from causing damage to business operations.

“Both organizations that have implemented virtualization extensively across their infrastructure and those embarking on an initial virtualization project face the critical problem of ensuring that administrators and other privileged users with access to the hypervisor are appropriately constrained and monitored on an ongoing basis," noted Steve Coplan, Senior Analyst  at 451 Research. "Equally, however, these constraints should not stand in the way of operational efficiency and should be enforced in conjunction with a set of best practices for the configuration and management of virtualized environments."

HyTrust Appliance 3.0 is generally available now. 

HyTrust Appliance Enterprise Edition is licensed at $750 per CPU for each ESX or EXSi host. It’s also offered as a free, full-featured community version. 

view counter
Steve Ragan is a security reporter and contributor for SecurityWeek. Prior to joining the journalism world in 2005, he spent 15 years as a freelance IT contractor focused on endpoint security and security training.