Virtuozzo puts a lid on container security with new data encryption feature


Server virtualization firm Virtuozzo, which was spun out of German tech company Parallels IP Holdings GmbH last year, is beefing up data security on its software platform with the addition of a new disk encryption feature for containers.

The company, which offers a infrastructure platform that lets users deploy containers, virtual machines, and software-defined storage from a single console, said data security concerns are one of the main reasons why many enterprises are yet to deploy containers in production. By offering container disk encryption on its platform, the company says, users will be able to better protect company and customer data while taking advantage of the infrastructure agility that containers provide.

The data used by containers is now encrypted “at rest” as a standard feature on Virtuozzo’s platform. The data is only decrypted when it’s loaded into the memory to be accessed by applications, before being encrypted once more when written back onto the disk to be stored. The entire process is automated, and as a further safeguard, the data is only accessible via encryption keys integrated with a key management system.

The new feature is a welcome addition to Virtuozzo’s platform as it helps to shore up one of the most vulnerable aspects of software containers, which is the data that containerized applications rely on. Over the last year, much of the focus on container security has been on the applications themselves, while the data has often been overlooked.

Virtuozzo isn’t the first company to take this approach. Last year, a company called Thales e-Security Inc. announced a new encryption package that, among other things, gives users the ability to encrypt and re-key containerized data without taking the applications that use it offline.

Virtuozzo’s encryption feature doesn’t appear to be all that different from Thales’ offering, but one of the main differences is it encrypts the entire disk, so that both the applications and the data itself are secured, George Karidis, chief executive at Virtuozzo, said in an interview via email. Moreover, Virtuozzo’s feature comes bundled with the company’s platform, whereas Thales’ encryption tools come packaged with its Vormetric Data Security Platform, alongside various other security products.

“There is no need to deal with multiple vendors and there are no additional charges for deploying encrypted containers, as [data encryption] is just a native part of our product,” Karidis explained.

Virtuozzo said its container data encryption feature is available now, at no extra charge. All customers need to do to get up and running is specify the encryption key ID they wish to use when creating a new Virtuozzo container, and the platform will do the rest.

Image credit: Echosystem via