How can data protection technology be used in the cloud?

More users, more devices, more content… By year 2015, we’ll add another 1 billion users to today’s 1.5 billion1, over 10 billion connected devices at 2.5x today’s rate, more complex content requiring 20x today’s compute capacity. Today’s infrastructure will be exceeded if we don’t find a more energy efficient, scalable, cost effective, and secure way to handle the exponential growth. Cloud computing, the next fundamental shift in IT, is bound to be the answer.

What’s holding back the cloud today? Security/privacy, the fact that company’s data which may include intellectual property is off premise in the cloud, is a top concern. They could be more accessible by  criminals, spies, or competitors.  Today’s cloud services providers do not yet offer extensive guarantees or remedy in case of data breach. Quality of service is not guaranteed either. Governance and compliance is also a concern because data in public clouds could be stored in unspecified locations, other countries due to lower energy cost, sourced from unnamed providers, and containing data from multiple customers.

How to resolve some of these security issues in the cloud? Data protection technology such as encryption can be applied to provide the defense in depth needed for data in flight, data at rest, and data in applications. Even if the system is compromised, even if the data is lost, the data is still safe with encryption.

There are three main usage models in the cloud where data protection technology such as Intel® AES-NI comes into play. Intel® AES-NI reduces the computation tax from encryption, which is one of the three reasons some companies are not encrypting today. The other two reasons are deployment cost and key management capabilities.

The three usage models surround encrypted emails such as Google’s premium service, futuristic usage model is VDI streaming or transfer of virtual machine securely, and that of secure video streaming.  These are outlined below:

1) With the growth of online trading, ecommerce, online banking  services, as well as the growth of emails, Netcraft’s SSL survey reported more than 1 million web sites using SSL to provide secure connections to their public web sites. The first survey, in November 1996, found just 3,283 sites. Since then, the number of SSL sites has had an average compound growth of 65% per annum.

In an encrypted email scenario, encryption can potentially provide premium for the provider while providing data protection across the internet. Rather than http//:, one would see https:// when one subscribes to Google’s encrypted mail service. We’re also seeing that small medium businesses (SMB) are moving corporate emails into the cloud for cost, efficiency and security reasons.  As such, secure transaction will be on the rise and Intel® AES-NI will play a major role in reducing the computation tax there.

2) A more futuristic usage model entails coupling VM migration with virtual desktop model in a cloud setting.  The idea is that a VM with company specific information could be encrypted, transferred over secure channel, to the client machine. At the end of the day or a contractor’s contracting period, that VM with updates can be sent back to the server. This usage model alleviates the need to provision expensive high end machines for development for each person. Announced at VMworld 2010, VMware View 4.5 is able to deliver an encrypted virtual machine from the server to the client where AES-NI is applied to decrypt at the client side.  This usage model saves operational cost and provides mobility extending into the cloud.

3) Another usage model is surrounding secured video streaming. From the backend, there could be video files, DVD titles (aka Netflix), live video streaming (aka Olympic games) to an end user’s laptop or TV. Enroute in the cloud, transcoding (customizing resolution and frame rate to client’s capabilities) and streaming (Streaming Real Time Protocol) takes place on various workstation and servers, and the payload is being decoded, decrypted and displayed on smartphone, laptop/desktop or smartTV. Vidyo, a conferencing software, demoed in 2010 IDF PSO keynote, takes advantage of the Intel® AES New Instructions set (AESNI) in a 3-point high definition encrypted video conference. The server distributes video to the client points, instead of point to point transmission.

With these usage models (some futuristic), we encourage you to deploy encryption everywhere, use AES when doing so, and use Intel® AES-NI to reduce the computation tax for making the federated, automated, and client-aware cloud more secure in our 2015 vision!

1IDC “The Internet Reaches Late Adolescence” Dec 2009, extrapolation by Intel for 2015