Two of the biggest benefits of the public cloud—the distributed nature of its assets and the absence of need for a company to invest in back-end infrastructure—are also two things that make it extremely vulnerable to hackers, as well as tricky to secure.

To meet these challenges, a small California security firm is offering an ambitious new solution to secure data on public clouds through what it claims is the first “cloud virtualization system.” Sunnyvale, Calif.-based startup Bracket Computing Inc. has unveiled a new set of tools for encryption, authentication and management of enterprise assets on the public cloud that complements a system for virtualizing enterprise assets on public clouds it unveiled last October when it emerged from stealth mode.

The new tools are aimed at customers already using that solution, called Bracket Computing Cells, which allows the enterprise to consolidate all of the assets and data it has on a public cloud into a virtual data center that they can manage as if it is an on-premise data center, according to the company.

The Bracket Security Fabric now adds a significant layer of security to this virtualized system, encrypting entire workloads backed by automated key management and preboot authentication to provide confidentiality, integrity and authenticity of data within Computing Cells, Bracket said in a press statement.

Specifics of the Bracket Security Fabric include an always-on cryptographic engine that is transparent and consistent across multiple clouds, making encryption the new boundary for the distributed data center, the company said. The Computing Cell can encrypt entire workloads—all virtual machine or container instances and attached storage, including root volumes, data volumes and server-based instance storage—to enable enterprises to process and store sensitive data on the public cloud more securely.

Bracket’s new security software also uses authentication to control access to apps and data protected by the encrypted boundary. Authentication creates visibility, allowing the enterprise to identify, authorize, verify and track every user, resource and access to any app or data in their virtual data center, the company said.

Another aspect of the solution is that it roots this encryption and authentication in trust anchors such as key appliances, directory services and certificate authorities that remain under enterprise control, according to the company. This allows enterprises to extend control over the location of encryption keys to address data residency and compliance requirements. Moreover, cloud service providers and other tenants cannot view or access any cryptographic root keys, ensuring independence and isolation of enterprise assets, according to Bracket.

Early customers of the company, which has garnered significant funding from investment firms as well as strategic big-name corporate investors GE (GE) and Qualcomm (QCOM), so far are giving Bracket positive feedback on Computing Cells, said Bracket CEO Tom Gillis in a press statement. In fact, it was actually their input that informed the company about how to expand security of its system with its Security Fabric, he said.

“We’ve been surprised and gratified by how fast our customers have come to trust the public cloud when using Bracket’s Computing Cells,” Gillis said. “In fact, they’ve quickly pushed us to take our security infrastructure and expand it even further to enable them to run their most sensitive production workloads in the cloud.”