Secure from Silicon Up

Cloud computing offers compelling opportunities for more cost efficient, flexible computing. However, security is a top-of-mind concern for IT professionals, especially in highly regulated industries such as government and financial services.Hremane ecurity survey.JPG

Data center managers now more than ever, are dealing with ever-increasing volumes of data traffic and storage due to a variety of reasons – including a social media explosion over recent years, the increased use of cloud-based technology, storage and multi-device syncing.
Taking the social media explosion as an example, Malaysians spend 75 percent of their time online either social networking or blog
gi
n
g. It also has one of the highest Facebook usa
ge statistics
[i]
in the world. Interestingly, international cloud service providers such as Amazon have
already identified this usage trend and the opportunity it presents; and are investing in Asia to support their international infrastructu
re.

Asia has a thriving data center industry, with sites in Malaysia and Singapore catering regionally, as well as growing data centers in India supporting international IT services.

With this level of growth (and the increased value of information) comes an attraction for hackers seeking to exploit company data for financial gain. In Australia, the Australian Information
Commissioner was advised of at least one data breach each week
for the financial year 2011/2012, an increase of 27 percent year
-on-year. The government has now moved to enforce mandatory reporting of data breaches, which is expected to send this number skyward in 2013.

This leaves many tough questions about how best to secure the data center and the information contained within, including:
  • How can you be sure that sensitive workloads run in protected and trusted environments to satisfy compliance requirements?
  • How can you confidently move workloads between systems without fear of spreading malware or exposing your images to stealthy threats?
  • When computing resources reside in fluid pools, how do you keep a compromised system from infecting other systems in that environment?
  • And how can you be sure that user devices, such as PCs, smart phones, tablets, and other emerging gadgets, access the data and workloads in the cloud in a secure manner? 
·       
Data security must radiate from the data center. A comprehensive approach to security in the cloud is to enable trust from the silicon up, which strengthens security and compliance. This is especially so if the stack is created combining hardware optimized for security with open-source cloud software. Such design will also help simplify the process of creating trust and verifying platform integrity in the cloud. 

Take a stack that build on open platform as an example which consists:

• Ubuntu® Server 12.04.2 from Canonical

• OpenStack* (the Folsom release, which includes integrated OpenAttestation* [OAT] software development kit [SDK])

• Servers powered by select Intel® Xeon® processors on which Intel® Trusted Execution Technology (Intel® TXT) is enabled


·      With this stack, Intel and Canonical bring differentiated and advanced security capabilities to open-source cloud deployment. The solution relies on tamper-resistant, hardware-based protections with mechanisms for verifying platform integrity. This hardware-based approach helps you enjoy the benefits of cloud computing with a higher level of confidence in the security of your systems and workloads.

Organizations need effective, efficient and proven security and trust solutions to minimize the complexities of managing cloud infrastructures and the workloads they wish to host there. They also need integration with existing IT systems and security tools.

Finally, trust solutions need to enable automated security reviews and audits to ensure security and overall trust. Fundamentally, organizations are searching for solutions and systems that behave in an expected way, ensuring that issues of trust are effectively addressed and managed.

The Taiwan Stock Exchange utilized Intel technology from the silicon up to ensure data security, you can find more information about how they achieved cloud security in the case study “Building trust and compliance in the Cloud with Intel Trusted Execution Technology”.

Working together

The transition towards a security conscious generation is happening, especially now with the influx of new technologies and cloud-based storage. Hackers and people looking to exploit company data for financial gain are continually working to develop new tricks and technologies to help them succeed.

A good example of the many evolving methods of hacking is Offensive Forensics, the process of hacking the forensics tools themselves. Offensive forensics is taking forensics techniques and analyzing file systems and memory in-depth. They will then
sift through the data for information assets.

While there will always be instances where data is compromised, the only way to minimize data loss or business impact is to ensure company data is protected within the data center with the latest technology. By operating a data center with security built into the silicon organizations can begin to build trust in the cloud.
*Other names and brands may be claimed as the property of others.


[i] Data is from the March 2013 GlobalWebIndex report titled

"Digital 2013- A Global Analysis of How Consumers Spend Their Media Time.
[ii] No computer system can provide absolute security under all

conditions. Intel® Trusted Execution Technology (Intel® TXT) requires a

computer with Intel® Virtualization Technology, an Intel TXT-enabled processor,

chipset, BIOS, Authenticated Code Modules and an Intel TXT-compatible measured

launched environment (MLE). Intel TXT also requires the system to contain a TPM

v1.s. For more information, visit www.intel.com/go/inteltxt. For a current list

of server manufacturers and models that support Intel TXT, see http://www.intel.in/content/www/in/en/architecture-and-technology/trusted-execution-technology/trusted-execution-technology-server-platforms-matrix.html.