It’s not every day that government employees wake up to a big leak like the PRISM program and have to take steps to prevent similar whistleblowing by making their top-secret information less prone to being exposed. But now that PRISM is public, the U.S. government has announced plans to implement a two-man rule.
To enable that practice on the many clouds the intelligence community maintains, In-Q-Tel, the CIA-affiliated investment group, has invested an unspecified amount of money in HyTrust, which already provides security options in VMware environments for Boeing, Pepsi, Geico, Sallie Mae and other big companies. The deal was announced late on Sunday.
HyTrust, launched in 2009, has now taken on around $29 million from Cisco, VMware, Epic Ventures, Granite Ventures and Trident Capital in addition to In-Q-Tel, said Eric Chiu (pictured), HyTrust’s president and a co-founder.
The money will help build certain functionality out that will give intelligence agencies — and more large companies — what they want out of the product. Not only do intelligence agencies seek more fine-grained control over and better audits on who gets to copy data from or delete a virtual machine. They also need technology to implement the said two-man rule, which requires not one but two people to grant access to data.
As it stands now, HyTrust is software that plugs into vSphere. The only time a user knows it’s running is when he or she tries to do something that’s not permitted. “Otherwise, they just keep doing whatever they do (and it runs) in the background,” Chiu said.
VMware deployments are already pervasive inside many federal agencies, Chiu said. But it looks like the company won’t stop at enhancing just VMware environments.
Some people inside intelligence agencies appear keen on being just as nimble as developers inside big companies with complicated IT procedures who want to quickly spin up virtual machines on public-facing Infrastructure as a Service (IaaS). Going forward, HyTrust will work to make its security features run atop big IaaS products such as Amazon Web Services. Beyond that, Chiu said, the company is looking at developing a system for controlling what and when might be able to get transferred over to a big cloud like AWS.
That makes a world of sense. AWS has been doing more to accommodate government needs — take its recently attained FedRAMP compliance as an example of this — and it has also been keen on locking down a hefty contract from the CIA. Security enhancements from HyTrust could entice, say, the NSA jump onto AWS as well. And there’s also a recently revealed request for proposals for cloud services from the Defense Information Systems Agency.
Although it’s possible HyTrust could cook up security capabilities for more clouds, for the time it looks like the investment could translate into more intelligence jumping onto AWS in the next few years.