Skyport Systems, the well-funded network security startup run by a who’s-who of former Cisco and Juniper execs, has finally revealed its product. If your money was on high-concept policy or orchestration software, bad news: it’s a server.
A server, that is, engineered with a singular focus on security. Skyport has reimagined standard infrastructure approaches to everything from board design to billing. It’s a surprising about-face from the general trend toward commodity hardware and the exultation of software — but a look under the hood reveals an approach that borrows deeply from recent innovations in networking.
As Skyport co-founder and CTO Michael Beesley put it in a recent interview with SDxCentral, the SkySecure Server is a tiny software-defined network, using OpenFlow to enforce policy on hosted workloads internally without any change to the external network.
The idea for Skyport came together in the late spring of 2013, when Beesley was doing a stint as entrepreneur-in-residence at Sutter Hill Ventures. There, Beesley connected with Will Eatherton (now Skyport’s vice president of engineering) and Rob Rodgers (the company’s “cookie structurer,” according to his LinkedIn profile). All three had served in senior engineering roles at both Juniper and Cisco. Together, they hatched the idea for a server built with security at its core.
“We had several different ideas about what could be done to enhance security” in the data center, Beesley recalls. “The next observation was that security and compute have never been integrated.”
Historically, servers running even the most sensitive applications have far less security built into their hardware than an Xbox or an iPhone does. Instead, access management control through the network has been the primary tactic for keeping bad actors out of private servers.
That security model has evolved unevenly in the age of the cloud. In recent years, sophisticated criminals have been winning the battle, as evidenced by breach after massive breach.
“The wars with the most casualties were the ones where the technology exceeded the tactics,” Skyport Corporate VP Doug Gourlay told us recently in San Francisco. “What we’ve seen recently has proven that software cannot police software. We realized we needed to reestablish that trusted hardware root in the infrastructure.”
The key to Skyport’s approach to security is a unique hardware architecture that physically separates workloads from the rest of the network. The server, running dual eight-core Intel Xeon processors, communicates with the network only through a separate I/O controller. The two components have independent secure cryptoprocessors running separate operating systems.
Applications running on the server side of the device can’t make external connections — even DNS requests — on their own. Rather, they request a connection from the controller, which only issues the request if it matches the policy whitelist.
The idea is to prevent malware from gaining access to applications through port scans — there are no exposed application ports to scan. If an application is corrupted, the system is designed to prevent exfiltration of sensitive data. A common exfiltration method — slipping data into DNS headers and directing them to a criminally-controlled server — simply wouldn’t work, says Beesley, since applications running on the server cannot make their own DNS requests.
Gourlay compares the philosophy to that of a vault. “Even if you get in,” he says, “we want to make it extremely hard to break back out.”
An impressive amount of thought has been put into protecting and securing the Skyport server’s policy enforcement ability. The servers are manufactured at two U.S.-based facilities and ship with cryptographically-signed photos of the internal boards. A hardware-based audit trail logs connections from factory boot until a cryptographic certificate verifying the server’s destruction is issued. The server’s firmware, operating system, and active workloads are compared against golden masters stored on an encrypted, tamper-resistant chip, in order to prevent corrupted versions from subverting the system.
Aside from the two SFP+ slots running to the I/O controller, there are no external ports.
One of the most intriguing things about Skyport’s product isn’t the technology; it’s the business model. The units, slated for general availability in June, are sold on a monthly billing plan similar to cellphone plans — after a three year contract, you get a replacement hardware unit free when you re-sign. Sources put the monthly rate, which is not listed publicly, at roughly $2,500 per unit.
“It is monetized as a service, and we consider the service and the software to be the key value,” says Beesley.
The service aspect includes the audit trail Skyport pledges to maintain “forever,” even beyond the destruction of the unit, and a cloud-based server management portal and data warehouse.
It’s a model and a product not quite like anything that’s come before it, making the endeavor a gamble and success far from certain. But as Skyport execs point out, even capturing a single percentage point or two of the massive global server market would bring huge returns for the venture, which is backed by $37 million in funding.
“In the five-year time frame,” says Beesley, “success for us would look like a public company.”