Friday, May 11, 2012

Why Integrity Matters: A Silicon to Software Model to Accelerate Cloud Computing

The advantages of cloud computing – new levels of cost efficiency, rapid deployment and self-service are much talked about. Yet, while cloud computing remains a top executive priority, security factors are inhibiting broadscale adoption. Very recent Intel Peer Research on cloud computing “What’s Holding Back the Cloud” revealed that 56% of IT professionals are concerned about the inability of public cloud providers to measure security, and 61% indicate lack of visibility as a key concern for private cloud adoption.

What would it take to change that?  In that same research, 50% of IT professionals indicate that their confidence in public cloud would be  enhanced if they could set and enforce security policies across clouds, and 78% would be reassured through the ability to measure levels of security in real time.

This calls for a tectonic shift in the way that enterprises and service providers alike think about security, because old tools and practices are not suitable or efficient for the new cloud architectures. Virtualization, which underpins cloud and drives efficiency gains through shared hardware, removes the previous boundaries that provided strong physical isolation between workloads. Multiple lines of businesses or organizations can  share the same hardware, and virtual machines can be increasingly decoupled from server hardware for greater flexibility. But through this process, IT increasingly loses physical control and the ability to monitor workloads and data.

Intel and McAfee are partnering on a vision that delivers visibility and control from the hardware level through the security stack and across the client-to cloud communication chain. In this model, integrity measures provide real-time assurances of security, e.g.,  system is free of vulnerabilities and has not been tampered with. The integrity assessments are at multiple enforcement points to establish confidence in private and public cloud infrastructure and ultimately, a hybrid model which most organizations seek to adopt.  Cloud service providers and enterprises alike would benefit from this model, which proposes consistent  standards and interoperability as well as third party digital certificates and  strong collaboration with the industry ecosystem.

Even today, organizations  can leverage capabilities such as McAfee Cloud Secure to certify  that the sites that host or manage their data are free of vulnerabilities.  Using Intel Trusted Execution Technology (Intel TXT),  enterprises can verify that the server hardware is of a known good security state and can enforce a connection or resource allocation based on that state. Technologies such as McAfee  Application Control and Change Control buttressed with cloud-based Global Threat Intelligence deliver proactive security monitoring at the operating system, application and file level without the performance hit of conventional security technologies.  McAfee ePolicy Orchestrator  provides the backbone for consistent policy management bridging policy between an enterprise data center and clouds. And, with ePO’s open APIs, innovative integrators can take the Intel and McAfee building blocks  to build a custom end-to-end integrity model.

Over time, Intel and McAfee will explore capabilities to use silicon enhancements for stronger  integrity assessments and for enforcing controls based on the protection profiles of server hosts, virtual machines and endpoints, for which McAfee Deep Defender is a strong proof point.

This integrity model should help accelerate stronger cloud-specific security standards as well as third party certification programs that the industry is already moving towards.

For more information on this topic, be sure to read the full “What’s Holding Back the Cloud” report, and follow us on Twitter at @McAfeeBusiness for the latest on how McAfee and Intel are looking to enhance end-to-end cloud security.

By Greg Brown