When you think about securing containers, you might consider using lightweight virtual machines to isolate them in a multitenant environment. Or perhaps you want to employ Istio to get the benefits of mTLS on all intra-container communications. Or you can use various vendors to perform forensics and ensure containers aren’t altering data or running processes that they shouldn’t be. Zettaset, however, takes a different and more basic approach, in some ways — they encrypt the data, so that even if a breach occurs, the data is worthless to the attacker.
This week at the Cloud Foundry Summit in Philadelphia, Zettaset has brought its software-defined encryption technology to Cloud Foundry and BOSH deployments with the launch of XCrypt Service Encryption for Cloud Foundry. CEO Jim Vogt explains that the new approach has been designed specifically for optimal performance and scalability in distributed systems and elastic cloud environments.
“Old, centralized models of encryption are far too granular, produce too much latency, and simply can’t scale. They are no longer viable based on the needs of today’s organizations,” said Vogt in a company statement. “Zettaset has set out to address this market demand by patenting new ‘point-and-click’ encryption technology encompassing software-based key management, administration, and licensing to maximize the innovation potential of distributed environments.”
While Zettaset is focused on bringing its technology to the latest in software application architecture, he says that it still really boils down to protecting data on physical devices, no matter how abstracted that process may be.
“As you travel further and further into virtual environments and to environments where people are setting up foundations and instances and have a need to protect the data that they’re working on, you simply can’t do that with a centralized or appliance-based model,” said Vogt in an interview. “All virtual environments, including containers, find a physical device. So, if you’re setting up a container or you’re setting up a Cloud Foundry instance, that data’s going to be stored somewhere physically. The most prominent threat out there still is physical theft of the data. When you’re not using the data, you want to make sure it’s bolted down and encrypted. And while you are using the data, if you’re transferring that data between containers or nodes or whatever the case might be, you want to make sure it’s encrypted as well.”
XCrypt Service Encryption encrypts the volume the data service is deployed on, in order to preserve performance, and works with any data service, including Greenplum, Redis, Crunchy Data, MariaDB, and others. The XCrypt Service includes both the BOSH add-on as well as the BOSH release license and key managers, which “automate the management of policies that protect and control access to business-critical encryption keys, thus bridging the gap between manual, insecure ways of managing encryption keys and a complex key management system with a large number of options and settings,” according to the company statement.
When asked if Zettaset was coming soon to Kubernetes deployments, Vogt chuckled and offered the following response.
“I would say stay tuned,” said Vogt. “Everybody’s moving towards containers and we’re basically headed in that same direction. They’re headed more virtual. We’re headed more virtual.”
The Cloud Foundry Foundation is a sponsor of The New Stack.
Feature image: Zettaset Director of Engineering Maksum Yankovsky (Left) and Zettaset Vice President and Marketing Jeff Harrell, at the Cloud Foundry Summit.