Bracket Computing introduces Cloud Workload Protection Platform

At the heart of the Bracket Computing Cell is the Metavisor — Bracket’s unique, advanced form of virtualization that runs between the guest operating system and the hypervisor of the cloud underneath. Sitting at this critical point in the software stack — in the “data path” — allows Bracket to insert security services transparently and automatically for production workloads, without changes to the guest operating system or applications.   

 

“To protect customer data and business operations, enterprises need to extend their security posture onto any and all cloud services,” said John Pescatore, Director at SANS Institute. “Without consistent levels of security that can operate transparently across different cloud services, there is no safe way for businesses to truly consider the cloud as a big pool of on-demand capacity. Cloud is an area where doing security right allows the business to choose the best pool of capacity for a given workload based on availability, scalability, performance and price.”

 

The three new services delivered by the Computing Cell are:

 

 

In addition, the Computing Cell offers a rich distributed control system that can run either on premise or in the cloud, as well as a robust set of reporting and logging capabilities to provide visibility into the workloads being protected. 

 

“The Bracket Computing Cell deploys enterprise security controls underneath conventional VMs and cloud-native app containers in a way that is entirely transparent to development and operations teams,” said Jason Lango, Co-founder and CTO of Bracket Computing. “This allows central IT to have the control it needs without impacting the agility of the self-service cloud.”

 

Another technical innovation in the Bracket Computing Cell is the use of encryption for asset assurance and application and data segmentation. The Computing Cell’s built-in encryption is always on — ensuring that all data is always encrypted, all the time. The Computing Cell optimizes the encryption so it is very high performance, and uses a form of encryption that is authenticated. With these innovations, the Computing Cell can ensure that data at rest has not been tampered with or modified in any way as a result of data corruption or malicious acts. Bracket also has a unique secure boot capability, in which a known good version of a server is encrypted on the customer’s premises and decrypted only to boot in the cloud when authorized by IT policy. 

 

Given this ubiquitous encryption, when a server or a data volume is being accessed, a key must be released to access the data. This is the point where Bracket enforces a company’s policy. Each time a key is accessed, the policy is checked: What application is accessing this data? What country is it residing in? Is it facing the Internet or is it only internal? By using key release as a point of policy enforcement, policies follow the data. If a data set is copied, backed up or moved, the policy moves with it. The policy is fully decoupled from physical infrastructure, and does not rely on traditional IP address segmentation or physical boundaries — allowing application and data access policies to span hybrid clouds easily and flexibly.