Bracket Computing announced that the provability of PCI and HIPAA compliance is now available for organizations running regulated data in the hybrid cloud. Bracket's Workload Isolation solution, called the Computing Cell, is the first technology to build in provability of compliance by limiting audit scope, protecting regulated data, and ensuring consistent security controls across hybrid cloud environments.
The Bracket Computing Cell solves the problem of compliance in the cloud by building the technical safeguards to protect regulated data -- using encryption, key management, policy enforcement, and micro-segmentation. It also tying policies to workloads rather than any underlying infrastructure. This allows the Computing Cell to ensure the enforcement of a single, complete set of security policies and audit controls for enforcement by extending micro-segmentation across a workload's network, storage, and computing resources -- whether those assets reside on Virtual Machines on premise, or public cloud infrastructures like Amazon Web Services, Microsoft Azure, Google Cloud Platform, or some mixture of them all. This consistent set of controls also performs continual monitoring, automatically.
Bracket's technology is the first that prevents the unintended growth of compliance zones, a major cause of audit failure. Enterprises try to limit audit scope by controlling and limiting the environment that handles card holder data, but it's virtually impossible to control the spread of that data as it's replicated, backed up, or simply accessed from servers outside the compliance zone.
Bracket's Workload Isolation architecture cryptographically isolates personal data both at rest and in motion on the network at each individual VM and provides proof of it. This limits audit scope and gives compliance teams the assurance they need that the resources that have access to that data are secure, because the keys for decryption are never released to instances outside the scope. And since changes in IAM (identity and access management) or administrative privileges can never bypass Bracket's enforcement of these controls, auditors get the strongest possible guarantee of compliance.