|Headquarters||Palo Alto, California, U.S.|
|Key people||Oded Horovitz (CEO, co-founder)
Steve Weis (CTO, co-founder)
Todd Thiemann (VP Marketing)
Carl Waldspurger (Advisor)
Udi Paret (Sr VP Business Development)
PrivateCore is a venture-backed startup located in Palo Alto, California that develops software to secure server data in use through memory encryption. The company’s attestation and memory encryption technology fills a gap that exists between “data in motion” encryption (TLS, email encryption) and “data at rest” encryption (disk encryption, tape encryption) by protecting “data in use” (random access memory). PrivateCore memory encryption technology protects against threats to servers such as cold boot attacks, hardware advanced persistent threats, rootkits/bootkits, computer hardware supply chain attacks, and physical threats to servers from insiders.
PrivateCore was founded in 2011 by security veterans from VMware and Google with seed funding from Foundation Capital. PrivateCore “virtualizes” physical security and enables service providers and enterprises deploy servers processing sensitive data in outsourced environments while maintaining security around data in use.
The company’s memory encryption technology has been spurred by a number of industry trends including the increasing sophistication of hackers, a larger number of servers in outsourced environments, larger amounts of sensitive data being placed in persistent memory, and x86 virtualization technology which can increase the environment attack surface.
PrivateCore’s focus is securing data-in-use on x86 servers. The company has taken advantage of recent microprocessor innovations including larger microprocessor caches and hardware cryptographic acceleration technology that enable more effective methods of encrypting memory while maintaining acceptable application performance. The technology approach goes beyond previous academic research efforts such as TRESOR.
PrivateCore assumes that the only element that need be trusted in a system is the Central Processing Unit (CPU). The firm uses Trusted Platform Module (TPM) chips and Intel Trusted Execution Technology (Intel TXT) to provide remote server attestation. PrivateCore also supports the cryptographic hardware acceleration provided by Intel AES-NI technology.
PrivateCore technology is positioned as being most applicable to outsourced or hosted environments where the enterprise cannot have trust in the compute infrastructure.
The PrivateCore vCage product portfolio comprises vCage Manager and vCage Host. vCage Manager validates the integrity of x86 servers running Linux as well as the vCage Host. vCage Host installs on bare-metal servers and provides a hardened hypervisor based on KVM that can secure server random access memory (RAM) with AES encryption. vCage Host does this by loading a secure hypervisor into CPU cache and acting as a gateway to encrypt memory paging in and out between the CPU cache and RAM. vCage memory encryption leverages the KVM hypervisor but also has the potential to support other hypervisors. vCage Host supports existing KVM management tools.
vCage supports a number of use cases including creating OpenStack trusted computing pools as well as protecting x86 servers in co-location and bare-metal cloud environments.
vCage Manager and vCage Host became generally available on 11 February 2014.
- CrunchBase, PrivateCore, June 6, 2012: "PrivateCore"
- Angellist, PrivateCore, June 6, 2012: "PrivateCore"
- Dark Reading, Robert Lemos, January 31, 2013:"The Physical Security Factor With Cloud Providers"
- StartUpBeat, StartUpBeat Editor, June 25, 2012:"PrivateCore has built a private computing platform that gives users a high level of data security, online or off"