At Networking Field Day 11 I had the privilege of visiting Skyport Systems in Mountain View, CA and hearing first hand about their product offering, SkySecure. At first I thought Doug Gourlay was talking about some next-gen firewall until I realized that the solution itself included the X86 virtualization.
Let’s start with the definition from the Skyport Systems website:
The SkySecure System is designed to host critical and exposed application workloads that are the highest priority for the business to protect. The solution is an implementation of hyper-secured infrastructure that integrates compute, security, virtualization and policy in a pre-configured, managed infrastructure platform. The components listed below operate as a single turn-key system inclusive of all necessary software and hardware. This allows the system to maintain a secure configuration throughout its existence by providing embedded, layered, and compartmentalized security starting at the point of manufacture and verified continually throughout its existence.
Let me boil that down, if just for me. In short SkySecure is a near turn-key ultra secure virtualization platform (based on Xen) relying on hardware based security IO co-processors and Trusted Hardware Platform (TPM) chips to validate the integrity of the system. It provides network microsegmentation along with per-VM firewall and DMZ capabilities among it’s many features.
One of the most alluring features to me with experience in Healthcare and Retail industries is the clientless footprint of the solution on the actual guest VM. There’s literally nothing to install onto the Windows or Linux guest VM, no management agent, no firewall or proxy agent, nothing. With fairly stringent regulations around HIPAA and PCI compliance the ability to secure a system from the rest of the network without touching the system itself is very useful indeed. This is especially useful when looking at ShieldWeb
The presentation included a memorable quote from a comment made to a Brian Krebs story titled, Target Hackers Broke in Via HVAC Company. The quote, “If you think technology can fix security, you don’t understand technology and you don’t understand security.”, really defines the challenges facing IT with respect to security. In my opinion security is always a delicate balance between completely open and completely locked down. The users would like it completely open while the security professionals and auditors would like it completely locked down. It’s important to strike an even balance and I would argue that Skyport Systems has a solution that can help provide that balance.
In the age of whitebox servers, SkySecure is a highly specialized solution that includes hardware, software and management components that can be leveraged to secure extremely critical applications and highly sensitive systems.
As a disclaimer I received no compensation for my attendance of Networking Field Day 11 from Gestalt IT or any of the sponsors. Gestalt IT did provide for my travel arrangements, hotel accommodations and meals while in Santa Clara, CA.