Pivot3 bakes policy-based data-at-rest encryption into its HCI intelligence engine

Pivot3 enhances its security capabilities to provide the same native policy-based management for data at-rest that it has already been providing for performance and for data protection.

Mike Koponen, Senior Director, Product and Solutions Marketing, at Pivot3

Today, hyperconverged infrastructure [HCI] vendor Pivot3 is announcing the addition of new policy-based security management capabilities in its Intelligence Engine with its Acuity 10.6 software release. While some standards support is new, the previous version of the software had the same core security capabilities. The difference in the new software is that the encryption capabilities, which were previously provided through a third-party partnership, are now baked directly into the operating system, and are now fully automated through policy-based management. It adds to Pivot3’s overarching messaging around simplicity, by making its security easier to set up and use.

“All of our policy-based management before was around performance and data protection,” said Mike Koponen, Senior Director, Product and Solutions Marketing, at Pivot3. “For our security and analytics, we partnered with HyTrust. With this announcement, we have baked native data at-rest encryption into our HCI. For the customer, it automates the process of protecting sensitive data with encryption and key management.”

Koponen stressed that simplicity has been core to Pivot3’s differentiation around performance and data management, and that this will be a hallmark of policy-based security management as well.

“All that the customer has to do is assign a simple encryption policy, when they assign their performance and data protection policies,” he said.

“Companies are also looking to protect mission-critical data – without compromising performance,” Koponen added. “We have done this here by designing our data encryption algorithms to integrate with the Intel Xeon CPUs AES New Instructions. It leverages the Intel technology so that algorithms get offloaded to the Intel CPU set, which means there will be limited impact on performance.”

The encryption algorithms are also compliant with FIPS 140-2.

“This is new with the policy-based native encryption capability,” Koponen said. “We have also adhered to the Key Management Interoperability Protocol [KMIP] standards, which will provide broad support for other key managers who adhere to KMIP if the customer has another provider they prefer for that.”

Pivot3 has taken the encryption capability for data at-rest that used to come from HyTrust, and developed the new embedded capability themselves.

“We still continue to partner closely with HyTrust around key control, and around things like data in motion encryption and workload segmentation,” Koponen said. The HyTrust KeyControl is now integrated seamlessly with Pivot3’s policy-based security management, to enables enterprises to easily manage all encryption keys at scale.

“We still partner with HyTrust for key management, because you need a third-party provider there,” he noted. “For some higher-level security capabilities, we actually resell the HyTrust portfolio, for customers who need something beyond data at-rest encryption.”

Koponen said that the enhancements will have significant benefits for Pivot3 channel partners as well.

“Because data at-rest encryption is now part of the platform, there’s no need for the partner to do this separately, so it’s simpler for them,” he stated. “In addition, partners are working with customers to help them decide what they can do at the edge versus the core versus the public cloud. This encryption stays encrypted regardless of where it moves, so they don’t have to encrypt and decrypt it as you move it around. That also makes things simpler for them.”

Pivot3’s Acuity 10.6 with the new policy-based security management will be available before the end of the year.