Data Center Security: Blue Sky Ahead

    It’s seems like every week there is news of some security breach.  And then there is the attention around cloud computing; another popular news story.  Reading beyond the hype it seems the cloud isn’t being as aggressively deployed as some expect and the most common reason cited is security.

    • So what about cloud security?

    • What’s the big problem?

    • Are there really some new security concerns or is it just discomfort with not having physical control?

    Well, it’s likely a little of both and more.  As the headlines remind us, even a traditional data center is challenged to protect itself from all the attackers out there; especially has the type of attackers shift from notoriety seekers to organized crime and nation-states.  Big companies have invested a lot of time and money building the best expertise in the area they can.  So turning that expertise over to a third party without having the same level of detailed knowledge and control of the security procedures is difficult.  Cloud computing has additional challenge of multi-tenancy (that is different departments or different companies sharing the same resources).  Building some details into contracts on security methods and what happens when a breech occurs is essential; so is using the latest technology.

    Whether a traditional enterprise or a cloud, most businesses could benefit from protecting more of their data with encryption.  Surprisingly little Internet traffic, hard drives and database information is encrypted today.  Cost and key management are inhibitors, but so is the performance overhead.  Which DBA wants to take up to a 28% performance hit to turn on encryption?  Who wants to use SSL for anything more than completing e-business transaction if it’s going to bog down the web servers?  The new Intel® Xeon® 5600 series processors, with Intel® AES-NI allows improved performance from previous generations even when encryption is enabled.  That should help take care of most of the performance concerns and enable enterprises and clouds to use encryption where it wasn’t feasible before.


Source:  Internal Intel measurements with a web banking workload, comparing a Intel® Xeon® X5680 (3.33 GHz) with SSL ON compared with Intel Xeon® X5570 (2.93 GHz) with SSL OFF.

    And how about Intel® TXT, which is another new technology for servers on the Intel Xeon 5600 series processors?  Using the concept of trust to detect whether low level software have been altered using emerging attacks from today’s more sophisticated and better financed attackers.  Servers can use virtualization, build up strong software security barriers, with the knowledge that the low-level software these security applications are built upon haven’t been tampered with by hackers.  All of this promises to make virtualization used in cloud computing a little less scary.

    What do you think?

    What’s your critical security barrier for using the cloud today?

    Is there Intel technology that can be helping?