In practice: How customers are using Shielded Virtual Machines to secure data

You’ve read and heard a lot from Microsoft about the unprecedented security provided by Shielded Virtual Machines in Windows Server 2016, but how is this feature being used by real customers? We decided to round up a few customer stories for you, to illustrate the various real-world benefits being reported by users of Shielded VMs in Windows Server 2016.

  • Managed hosting you can trust: The most security-conscious organizations often resist hosted solutions for fear that the hoster will have access to their data. For Rackspace, one of the biggest names in managed hosting, this perception was a sales blocker… until it wasn’t. Using Shielded Virtual Machines in Windows Server 2016, augmented by Microsoft System Center 2016 and Microsoft Operations Management Suite for better security monitoring, Rackspace can move customers into a private cloud with the highest level of security assurance.
  • More security, less cost: Convergent Computing (CCO), a boutique IT consulting company based in San Francisco, likes to use the technologies it recommends to customers. An early adopter of Windows Server 2016, CCO has been pleased with the results. “With Shielded VMs, Host Guardian Service, and software-defined networking, we can cost-effectively give customers the most secure network possible,” says Rand Morimoto, the company’s president. “With previous versions of Windows Server, we could create isolated networks but at a much higher cost, because we had to double every component. With Windows Server 2016, we deliver the same tight security at half the cost.”
  • Stopping the enemy at the gate: While most VM security involves protecting virtual machines from unauthorized access and malicious code, up to now there has been little to prevent a bad actor from copying the VM and running it in an unsecured environment where all its data can be privately exfiltrated. “No one else has an answer to the problem of how to protect your virtual machines from compromised fabric credentials or, heaven forbid, compromised admins,” says Kenny Lowe, head of emerging technologies at Brightsolid, one of the leading datacenter hosting companies in Scotland. The Host Guardian Service (HGS) in Windows Server 2016 protects against this through an attestation service which ensures that only trusted Hyper-V hosts can run your Shielded VMs. This closes the door on security exploits that can occur via the storage system, the network, or even while your VM is being backed up.
  • Reduced regulatory costs: ModusLink Global Solutions helps companies across many industries manage supply chains and logistics. For many customers, ModusLink handles their end-customer credit card data and must comply with ever-changing payment information regulatory requirements. “With Shielded VMs, we’re able to reduce the scope of what needs to be reviewed by PCI auditors, because Shielded VMs encrypt the data,” says Andrew Hamlin, Manager of IT Infrastructure at ModusLink. “The use of Shielded VMs reduces our regulatory compliance costs. We can eliminate outside monitoring services, which delivers a significant savings, and our own lean staff can manage a larger datacenter footprint. By reducing our costs, we can put out more competitive bids, which helps us win more deals.”

For more information on implementing shielded VMs to comply with ISO 27001, PCI, and Fedramp standards, download our free compliance-mapping white paper.