The following are the main features of SecureCloud and their benefits.
Uses industry-standard AES encryption (128, 192 or 256)
Encrypts and decrypts data in real time, so data at rest and data traversing the cloud infrastructure is always protected
Applies whole-volume encryption to secure all data, metadata and associated structures without impacting application functionality
Employs role-based management to help ensure proper separation of duties
Optional Active Directory authentication is supported
Performs audit logging for all agent, key, policy and user events
Provides detailed reporting and alerting features for logged events
SecureCloud can issue several types of notifications in response to cloud security events. Administrator notifications are sent via email to the designated administrator contacts. User notifications are presented in the requesting client’s browser. Both administrator and user notifications can be customized.
Utilizes identity- and integrity-based policy enforcement to ensure that only authorized virtual machines receive keys or access secure volumes
Automates key release and virtual machine authorization for rapid operations or requires manual approval for increased security
Delivers keys using SSL encrypted internet channels with additional layers of encrypted communication
From the SecureCloud Central Management Console, you can integrate user accounts accessing the Management Server Console with the Active Directory directory service and utilize the domain-based accounts to access the Management Server Console.
From the Central Management Console, you can set the thresholds for each monitored system attribute on the server:
Disk size remaining
Database size
Database connection
Encryption state
If one of these fails or reaches a specified threshold, an alert will be generated and either emailed to the administrator or sent to an SNMP server.
SecureCloud enables you to generate reports reoccurring for a specified span of time. Reports are saved to the Management Server so you can download a previously generated report (either one-time or reoccurring) from the Management Server Console.
SecureCloud offers log-maintenance-plan functionality and allow the appropriate account-user roles to delete system logs and manage the log maintenance.
SecureCloud enables you to write an plug-in for a Cloud Service Provider (CSP) that is not supported "out of the box." The plug-in is a thin, translation layer which communicates with the API of the CSP and presents a uniform interface between CSPs. The CSP-specific implementation will handle all logic specific to the CSP such that the rest of the Runtime Agent is CSP agnostic.
SecureCloud supports the use of a VMware vSphere API, so vSphere users can provision data storage devices and manage the encryption keys with SecureCloud. SecureCloud also supports device mounting for IDE, NFS, SCSI, and iSCSI, which enables SecureCloud to operate in a physical environment.
Trend Micro Single Sign-On (TMSSO) provides a shared licensee account between the Trend Micro License Management Platform (TMLMP) console and SecureCloud, where the user only needs to sign on once to access both systems. With only one account to manage, there is little risk of duplicate account errors.
Only the licensee user account is replicated to SecureCloud. All other user accounts within an organization are stored and managed locally by SecureCloud. The licensee account is the first user account of an organization that signs up for SecureCloud.
TMSSO is a more secure method of authentication than traditional SSO, which relies on cookies. TMSSO implements Security Assertion Markup Language (SAML), giving it the ability to integrate with other SSO solutions.
SecureCloud provides TMSSO for the SaaS, Hosted SecureCloud for Managed Service Providers, and SecureCloud for Managed Service Providers models. For the SecureCloud for Managed Service Providers model, managed-service providers can integrate SecureCloud into their system and use their own identity management solutions.
SecureCloud works with TMLMP to manage product licensing for tenant customers. A tenant customer can acquire a TMLMP account and register the SecureCloud service by signing up for a user account on TMLMP by completing a trial registration form. The TMLMP user account is assigned the administrator role in the SecureCloud Web Console. The tenant customer is able to accesses the SecureCloud Web Console using TMSSO without the need to logon again.
The SecureCloud Runtime Agent provides the Configuration Tool that enables you to specify your cloud service provider or load a new cloud service provider plugin that you have created, and save the configuration file for later use. From the SecureCloud Web Console you can easily provision devices for encryption.