Updated:
HyTrust
Eric Chiu and Boris Strongin launched HyTrust in Mountain View in 2009, targeting a specific architectural vulnerability: the hypervisor layer that...
HyTrust
Eric Chiu and Boris Strongin launched HyTrust in Mountain View in 2009, targeting a specific architectural vulnerability: the hypervisor layer that controls virtualized infrastructure. Early customers were government agencies and financial institutions that needed to virtualize classified or regulated workloads but could not pass audit without restricting administrator access. The founders previously worked on security and systems infrastructure at VMware and Oracle; their insight was that virtualized and software-defined data centers required a new authorization model — policy enforcement tied to the virtual object, not the physical rack. HyTrust's product suite covered three zones that converged under the banner of cloud workload governance. Its flagship Boundary Controls enforced role-based access on vCenter and ESXi hosts, logging every privileged action. CloudControl extended the same posture to AWS, Azure, and OpenStack, letting security teams write a single policy that followed a virtual machine across on-prem and public clouds — a capability institutional buyers cited when comparing against native cloud tools. The third pillar, KeyControl, handled encryption key management for virtual machine disks and multi-cloud key distribution in a format that integrated with HSM hardware from Thales and Utimaco. The Department of Energy and several large US banks deployed HyTrust across their VMware footprints, per public case studies published by the firm and VMware. At the time of its acquisition by Entrust in January 2021, the company employed roughly 55 people and had raised $85 million in venture funding across seven rounds, per Crunchbase public filings, with backers including Trident Capital, Intel Capital, and Sway Ventures. Entrust, a 50-year-old identity and payments infrastructure company owned by private equity firm Thoma Bravo, bought HyTrust to stitch workload encryption into its certificate authority and hardware security module product line — building what Entrust described publicly as a "single source of truth for machine identities" across container, virtual, and bare-metal infrastructure. HyTrust's structural distinction was its policy-attached-to-workload model rather than policy-attached-to-network. Before distributed firewalls and microsegmentation became native cloud features, HyTrust made the virtual machine or container the enforcement point, which meant policy survived vMotion events, cloud migration, and infrastructure replacement. That architecture put it in a small peer set — alongside Catbird and CloudPassage — that treated the workload itself as the security boundary. The integration into Entrust, a Thoma Bravo portfolio company, imposed a predictable operating-company governance model: HyTrust's products now appear as Entrust CloudControl and Entrust KeyControl in a catalog aimed squarely at compliance-sensitive enterprises modernizing their on-prem data centers.
General information
Firm type
Asset Manager
Year founded
2009
AUM
Undisclosed
Location
Region
North America
Country
United States
City
Mountain View
Corporate office
Mountain View, CA, United States
Sector focus
Frequently asked questions
What did HyTrust's core technology actually enforce?
HyTrust enforced access control, two-factor authentication, and encryption policy on the virtualization management layer — the hypervisor and cloud control planes — rather than on guest operating systems or network perimeters. Its Boundary Controls product intercepted administrator commands to vCenter and ESXi, applied role-based rules, and logged every action for audit. This addressed a specific compliance gap: a single VMware administrator could theoretically copy, snapshot, or destroy every virtual machine in a data center.
Why did Entrust acquire HyTrust, and what happened to the products?
Entrust bought HyTrust in January 2021 to combine workload encryption and data access controls with its own hardware security modules, certificate management, and identity proofing tools — a vertically integrated platform for securing machine identities. The products now sell as Entrust CloudControl and Entrust KeyControl. Entrust's stated rationale was that enterprises migrating to hybrid cloud needed encryption keys and policy to follow data regardless of where workloads execute.
Which investors backed HyTrust before the acquisition?
HyTrust raised approximately $85 million from venture investors including Trident Capital, Intel Capital, Sway Ventures, Granite Ventures, and Cisco Investments. The final round before the acquisition was a $36 million Series E in 2018, which the firm announced it would use to expand multi-cloud support, according to Crunchbase funding records.
What kind of customers deployed HyTrust?
Public records and case studies indicate deployments within the US Department of Energy, national laboratories, large US financial institutions, and managed hosting providers who needed to demonstrate administrator separation-of-duties to auditors. The common thread was a regulated environment where virtualizing sensitive workloads required compensating controls on the hypervisor management plane.
How did HyTrust differ from VMware's own security tools?
VMware's native role-based access control and logging were tied to vSphere and evolved slowly. HyTrust offered policy federation across VMware, AWS, and Azure from a single console, hardware-rooted key management that integrated with external HSMs, and a compliance reporting module tuned for PCI DSS, HIPAA, and NIST 800-53 audits. HyTrust competed as a neutral layer that worked identically in vSphere, OpenStack, and public cloud.
Is HyTrust still an independent company?
No. Entrust Corporation, a private identity and data security firm owned by Thoma Bravo, acquired HyTrust as a wholly owned subsidiary in January 2021. The HyTrust products have been rebranded under the Entrust DataControl and KeyControl product lines. There is no standalone HyTrust entity operating today.
What was the founding team's background?
Co-founder and CEO Eric Chiu previously held security and product roles at VMware, Oracle, and enterprise storage firm Data Domain. Co-founder Boris Strongin also came from VMware, where he worked on virtualization platform security. Their shared VMware experience shaped the thesis that hypervisor-level security would become mandatory once organizations virtualized their most sensitive applications.
Profile maintained by Altss using OSINT (open-source intelligence), regulatory filings, licensed data partners, and verified direct submissions. Read the methodology. Last updated: . Continuous refresh with full update cycles at least every 30 days.
Need institutional-grade insight on family offices?
Altss delivers:
Prefer a guided tour?
We’ll walk you through: