Control your corner of the cloud.

Transcription

1 Chapter 1 of 5 Control your corner of the cloud. From the halls of government to the high-rise towers of the corporate world, forward-looking organizations are recognizing the potential of cloud computing models. The cloud is now widely seen as a path to a wide range of business and IT benefits from dynamic provisioning to meet unpredictable workloads to a more cost-effective approach to the acquisition and use of IT resources. But that s all the easy part seeing the benefits. Before your organization can move critical applications to the cloud, you need to overcome well-founded concerns about security risks that arise with cloud deployments. Today s cloud environments face an ever-growing range of security threats, such as hypervisor and firmware attacks and malicious root-kit installations designed to take control of an operating system. The platform itself is now a target. These new security threats are emerging in a time when the requirements and mandates for data security are higher than ever before. Tighter industry and government regulations, along with wellpublicized data security breaches, have raised the bar for data center security to new heights. In this climate, your organization can t move applications and data to the cloud until you have complete confidence in your security strategy. This need is a key driver for trusted compute pools. Trusted compute pools give you the assurance that the operating systems and virtual machine managers (VMMs) that run on a set of physical servers have been measured and checked against a known, trusted code state. Trusted compute pools allow you to control more aspects of your cloud deployment, so you get the advantages of the cloud along with many of the secure attributes of a privately owned environment. The trusted pool spans hardware, the virtualization engine, the virtualization management system, and the security reporting system. Along the way, the trusted compute pool creates visibility and transparency for compliance and audit purposes. It gives you the reporting mechanism you need to attest to the security of the cloud environment. Trusted compute pools allow you to control more aspects of your cloud deployment. While they are essential for cloud deployments, trusted compute pools aren t the be-all and end-all of cloud security. Rather, they create a hardware-level foundation that supports additional security policies and enables secure multi-tenancy operations. In this sense, trusted compute pools help you achieve the level of trust you need to move high-end applications to the cloud with all the confidence that comes with a tightly controlled, private data center. Ultimately, with trusted compute pools you have greater control over your corner of the cloud. NEXT UP: Security in the cloud begins on the ground.

2 Chapter 2 of 5 Security in the cloud begins on the ground. If your organization is thinking of moving applications and data to the cloud, you re no doubt thinking about a security strategy. But how do you start building your cloud security strategy? In Intel s view, cloud security begins on the ground with the physical servers on which cloud infrastructure is built. Why? Because hardware-level security is a lot like the foundation on a house. The structure that rises from the foundation is only as strong as the concrete that it sits on. By deploying your workloads exclusively across a foundation of server pools that have been tested, validated, and determined secure, you take a crucial first step toward securing your cloud. This is the concept of trusted compute pools. Trusted compute pools give you the ability to establish, log, and communicate the trustworthiness of the servers you re using in the cloud data center. These capabilities create a baseline for security, compliance, and assurance of platform integrity. You know that when the operating systems on your servers are launched, they are running only approved code. What s more, trusted compute pools allow you to attest to the safety of your computing infrastructure. You can prove that your physical and virtual infrastructure components are trustworthy. This is a critical capability because if you can t attest to the safety of your computing infrastructure, you can t attest to the security of the data, software, and services running on top of that infrastructure. Trusted compute pools create a hierarchy of trust that is rooted in hardware and that extends to the other components of a secure infrastructure including virtual machines and the applications that run on them. Higher-level security policies are built on the secure foundation to create a trusted computing environment that gives you many of the security benefits of a privately owned data center along with the benefits of a cloud environment. One important caveat: When we are talking about trusted compute pools, we are talking about a secure foundation for your trusted compute Trusted compute pools give you the ability to establish, log, and communicate the trustworthiness of the servers you re using. environment. While this is a crucial first step toward establishing a trusted compute environment, the security of your data and applications also depends on the security of your virtual machines, virtual machine managers, applications, and other exposure points that are above the hardware level. Security solutions at all of these layers work together to create a trusted environment that is ready for your mission-critical applications. NEXT UP: Building your cloud on technologies of trust.

3 Chapter 3 of 5 Building your cloud on technologies of trust. Trusted compute pools leverage multiple advanced technologies to create a secure hardware foundation for cloud computing. Taken together, these technologies enable increased isolation and safer migration of virtual machines, hardware-assisted protection against launch-time attacks, and faster data encryption and decryption. Let s walk though some of the most important technologies that enable trusted compute pools. The foundation for hardware-level security is Intel Trusted Execution Technology (Intel TXT). This technology enables an accurate comparison of the critical elements of the launch environment against a known good source. This Measured Launch Environment (MLE) provides hardware-based enforcement mechanisms to block the launch of code that does not match approved code. This approvedcode approach enhances security by blocking both known and unknown threats. Even if you haven t recognized a new malicious root-kit hypervisor, Intel TXT will block the threat simply because the malware doesn t match the approved code. If the code is unapproved, it doesn t get loaded. Similarly, Intel TXT can enable policies that restrict the migration of virtual machines to only trusted platforms within a trusted compute pool. Virtual machines (VMs) that were created on a trusted platform can then migrate freely within the trusted pool. Like travelers at an airport, VMs that have cleared the security check can move freely between gates. Intel Virtualization Technology (Intel VT) is another important component of trusted compute pools. Intel VT increases virtualization software performance with a hardware assist. This performance enhancement allows virtualization to be more viable in a cloud environment. Intel VT also creates memory protections and allows for some VM isolation. Another technology that complements trusted compute pools is Intel Advanced Encryption Standard New Instructions (Intel AES-NI). This technology enhances the performance of data encryption tools and better performance makes encryption more viable in cloud data centers. In addition, Intel AES-NI helps reduce the risk of side-channel attacks on AES by performing decryption and encryption completely in hardware without the need for software lookup tables. Like travelers at an airport, VMs that have cleared the security check can move freely between gates. Taken together, these technologies help you create a secure hardware foundation that supports layers of higher-level security policies. These layers make cloud computing feasible and give your organization the confidence to move applications and data to the cloud. NEXT UP: Sound policies for controlling your cloud.

4 Chapter 4 of 5 Sound policies for controlling your cloud. When it comes to protecting your data and applications in the cloud, security policies rule the skies. Through security policies, you harden your security infrastructure and control how your workloads are handled, so your data touches only known good systems. This is where trust originates. There are many ways to configure the solution stack to get to the policies that drive toward trusted compute pools. To keep things simple, we ll look at a theoretical stack that has four layers. Host layer At the hardware level, security policies are enabled by Intel Trusted Execution Technology (Intel TXT). This technology is designed to harden computing platforms to ward off hypervisor and firmware attacks, malicious root-kit installations, and other threats. Intel TXT uses the processor to initiate a trusted boot and provide assurance of platform integrity. Intel TXT works in tandem with Trusted Platform Modules (TPMs) that comply with specifications from the Trusted Computing Group. The TPM component stores policies from the hardware manufacturer and the platform owner. In addition, Intel TXT is designed to work with industry-standard encryption tools. Virtualization layer The virtualization layer is where the hypervisors live. At this level, policies harden the virtualization infrastructure, following known best practices, such as VMware s security hardening guidelines. These guidelines explain how to securely deploy hypervisors in a production environment. Virtualization management layer The virtualization management layer aggregates the platform trust status from the hypervisors running on the host systems. This is accomplished via a virtualization manager, such as VMware vcenter*. The virtualization manager can challenge a host system to find out if it is trustworthy specifically if it booted up in a known, trusted state, as measured by Intel TXT. The virtualization management layer provides an application programming interface (API) that allows the next layer, which encompasses security and compliance applications, to gather information on the state of the physical hosts and the hypervisors running on them. Security application layer The security application layer encompasses security policy engines such as the HyTrust* Appliance and compliance consoles such as the RSA Archer egrc* (enterprise governance, risk and compliance) suite. These applications can take the information the virtualization manager has aggregated on platform trust and compare it against expectations, and use it to define and enforce policies or rules or present it for reporting and audit functions. Say, for example, that the server platform is supposed to be in compliance with a company s guidelines on the Federal Information Security Management Act (FISMA) for data protection that mandates that a platform hosting a sensitive workload must be trusted. The compliance application verifies whether this is the case or not and then shows the results in a dashboard view. In this manner, the layers of the solution stack build on each other to create a trusted compute pool. When all the levels of the stack are working together, you can verify the trustworthiness of your cloud environment. NEXT UP: Rent the cloud, own the key.

5 Chapter 5 of 5 Rent the cloud, own the key. To run high-value mission-critical applications in the cloud, you should ideally have the same level of security in the cloud that you have with privately owned infrastructure where you own the building and systems, where you lock your own doors, and where you have your own IT people managing everything. The reality is, it s difficult to achieve that level of trust when you re using someone else s infrastructure and sharing that infrastructure with other tenants. A multi-tenant environment creates new types of risks and new requirements for security. One approach to addressing these requirements is the creation of trusted compute pools that act as safe zones within the multi-tenant data center. Trusted compute pools help you reduce security risks and gain the confidence you need to use the cloud for your mission-critical applications. They essentially allow you to own the key to your rented corner of the cloud. Trusted compute pools begin with technology that is built into the processor silicon. This hardware-based approach provides strong platform protections and facilitates compliance with policies, regulations, and standards. You wouldn t want to go to the cloud without them. To make the vision of trusted compute pools a reality in today s data centers, Intel delivers a range of enabling technologies. These include Intel Trusted Execution Technology (Intel TXT) to enable an accurate comparison of the critical elements of the launch environment against a known good source and to block the launch of unapproved code. Other important foundational elements include Intel Virtualization Technology (Intel VT), which increases virtualization software performance, and Intel Advanced Encryption Standard New Instructions (Intel AES-NI), which enhances the performance of data encryption tools. These complementary technologies work together to enable the creation of trusted compute pools that help protect your hardware platforms, data, and applications against an ever-growing range of threats. The cloud security problem, of course, is much larger than that the challenges of protecting your hardware from rogue hypervisors, malicious rootkit installations, and other malware. But putting hardware-level protections in place is a critical first step in the process of building a comprehensive cloud security solution. When you establish trusted compute pools, you create a sound foundation for a trusted compute environment. This Trusted compute pools act as safe zones within the multi-tenant data center. foundation gives you the assurance that your mission-critical applications and data are moving across platforms you know and trust.