Control your corner of the cloud.

Size: px
Start display at page:

Download "Control your corner of the cloud."

Transcription

1 Chapter 1 of 5 Control your corner of the cloud. From the halls of government to the high-rise towers of the corporate world, forward-looking organizations are recognizing the potential of cloud computing models. The cloud is now widely seen as a path to a wide range of business and IT benefits from dynamic provisioning to meet unpredictable workloads to a more cost-effective approach to the acquisition and use of IT resources. But that s all the easy part seeing the benefits. Before your organization can move critical applications to the cloud, you need to overcome well-founded concerns about security risks that arise with cloud deployments. Today s cloud environments face an ever-growing range of security threats, such as hypervisor and firmware attacks and malicious root-kit installations designed to take control of an operating system. The platform itself is now a target. These new security threats are emerging in a time when the requirements and mandates for data security are higher than ever before. Tighter industry and government regulations, along with wellpublicized data security breaches, have raised the bar for data center security to new heights. In this climate, your organization can t move applications and data to the cloud until you have complete confidence in your security strategy. This need is a key driver for trusted compute pools. Trusted compute pools give you the assurance that the operating systems and virtual machine managers (VMMs) that run on a set of physical servers have been measured and checked against a known, trusted code state. Trusted compute pools allow you to control more aspects of your cloud deployment, so you get the advantages of the cloud along with many of the secure attributes of a privately owned environment. The trusted pool spans hardware, the virtualization engine, the virtualization management system, and the security reporting system. Along the way, the trusted compute pool creates visibility and transparency for compliance and audit purposes. It gives you the reporting mechanism you need to attest to the security of the cloud environment. Trusted compute pools allow you to control more aspects of your cloud deployment. While they are essential for cloud deployments, trusted compute pools aren t the be-all and end-all of cloud security. Rather, they create a hardware-level foundation that supports additional security policies and enables secure multi-tenancy operations. In this sense, trusted compute pools help you achieve the level of trust you need to move high-end applications to the cloud with all the confidence that comes with a tightly controlled, private data center. Ultimately, with trusted compute pools you have greater control over your corner of the cloud. NEXT UP: Security in the cloud begins on the ground.

2 Chapter 2 of 5 Security in the cloud begins on the ground. If your organization is thinking of moving applications and data to the cloud, you re no doubt thinking about a security strategy. But how do you start building your cloud security strategy? In Intel s view, cloud security begins on the ground with the physical servers on which cloud infrastructure is built. Why? Because hardware-level security is a lot like the foundation on a house. The structure that rises from the foundation is only as strong as the concrete that it sits on. By deploying your workloads exclusively across a foundation of server pools that have been tested, validated, and determined secure, you take a crucial first step toward securing your cloud. This is the concept of trusted compute pools. Trusted compute pools give you the ability to establish, log, and communicate the trustworthiness of the servers you re using in the cloud data center. These capabilities create a baseline for security, compliance, and assurance of platform integrity. You know that when the operating systems on your servers are launched, they are running only approved code. What s more, trusted compute pools allow you to attest to the safety of your computing infrastructure. You can prove that your physical and virtual infrastructure components are trustworthy. This is a critical capability because if you can t attest to the safety of your computing infrastructure, you can t attest to the security of the data, software, and services running on top of that infrastructure. Trusted compute pools create a hierarchy of trust that is rooted in hardware and that extends to the other components of a secure infrastructure including virtual machines and the applications that run on them. Higher-level security policies are built on the secure foundation to create a trusted computing environment that gives you many of the security benefits of a privately owned data center along with the benefits of a cloud environment. One important caveat: When we are talking about trusted compute pools, we are talking about a secure foundation for your trusted compute Trusted compute pools give you the ability to establish, log, and communicate the trustworthiness of the servers you re using. environment. While this is a crucial first step toward establishing a trusted compute environment, the security of your data and applications also depends on the security of your virtual machines, virtual machine managers, applications, and other exposure points that are above the hardware level. Security solutions at all of these layers work together to create a trusted environment that is ready for your mission-critical applications. NEXT UP: Building your cloud on technologies of trust.

3 Chapter 3 of 5 Building your cloud on technologies of trust. Trusted compute pools leverage multiple advanced technologies to create a secure hardware foundation for cloud computing. Taken together, these technologies enable increased isolation and safer migration of virtual machines, hardware-assisted protection against launch-time attacks, and faster data encryption and decryption. Let s walk though some of the most important technologies that enable trusted compute pools. The foundation for hardware-level security is Intel Trusted Execution Technology (Intel TXT). This technology enables an accurate comparison of the critical elements of the launch environment against a known good source. This Measured Launch Environment (MLE) provides hardware-based enforcement mechanisms to block the launch of code that does not match approved code. This approvedcode approach enhances security by blocking both known and unknown threats. Even if you haven t recognized a new malicious root-kit hypervisor, Intel TXT will block the threat simply because the malware doesn t match the approved code. If the code is unapproved, it doesn t get loaded. Similarly, Intel TXT can enable policies that restrict the migration of virtual machines to only trusted platforms within a trusted compute pool. Virtual machines (VMs) that were created on a trusted platform can then migrate freely within the trusted pool. Like travelers at an airport, VMs that have cleared the security check can move freely between gates. Intel Virtualization Technology (Intel VT) is another important component of trusted compute pools. Intel VT increases virtualization software performance with a hardware assist. This performance enhancement allows virtualization to be more viable in a cloud environment. Intel VT also creates memory protections and allows for some VM isolation. Another technology that complements trusted compute pools is Intel Advanced Encryption Standard New Instructions (Intel AES-NI). This technology enhances the performance of data encryption tools and better performance makes encryption more viable in cloud data centers. In addition, Intel AES-NI helps reduce the risk of side-channel attacks on AES by performing decryption and encryption completely in hardware without the need for software lookup tables. Like travelers at an airport, VMs that have cleared the security check can move freely between gates. Taken together, these technologies help you create a secure hardware foundation that supports layers of higher-level security policies. These layers make cloud computing feasible and give your organization the confidence to move applications and data to the cloud. NEXT UP: Sound policies for controlling your cloud.

4 Chapter 4 of 5 Sound policies for controlling your cloud. When it comes to protecting your data and applications in the cloud, security policies rule the skies. Through security policies, you harden your security infrastructure and control how your workloads are handled, so your data touches only known good systems. This is where trust originates. There are many ways to configure the solution stack to get to the policies that drive toward trusted compute pools. To keep things simple, we ll look at a theoretical stack that has four layers. Host layer At the hardware level, security policies are enabled by Intel Trusted Execution Technology (Intel TXT). This technology is designed to harden computing platforms to ward off hypervisor and firmware attacks, malicious root-kit installations, and other threats. Intel TXT uses the processor to initiate a trusted boot and provide assurance of platform integrity. Intel TXT works in tandem with Trusted Platform Modules (TPMs) that comply with specifications from the Trusted Computing Group. The TPM component stores policies from the hardware manufacturer and the platform owner. In addition, Intel TXT is designed to work with industry-standard encryption tools. Virtualization layer The virtualization layer is where the hypervisors live. At this level, policies harden the virtualization infrastructure, following known best practices, such as VMware s security hardening guidelines. These guidelines explain how to securely deploy hypervisors in a production environment. Virtualization management layer The virtualization management layer aggregates the platform trust status from the hypervisors running on the host systems. This is accomplished via a virtualization manager, such as VMware vcenter*. The virtualization manager can challenge a host system to find out if it is trustworthy specifically if it booted up in a known, trusted state, as measured by Intel TXT. The virtualization management layer provides an application programming interface (API) that allows the next layer, which encompasses security and compliance applications, to gather information on the state of the physical hosts and the hypervisors running on them. Security application layer The security application layer encompasses security policy engines such as the HyTrust* Appliance and compliance consoles such as the RSA Archer egrc* (enterprise governance, risk and compliance) suite. These applications can take the information the virtualization manager has aggregated on platform trust and compare it against expectations, and use it to define and enforce policies or rules or present it for reporting and audit functions. Say, for example, that the server platform is supposed to be in compliance with a company s guidelines on the Federal Information Security Management Act (FISMA) for data protection that mandates that a platform hosting a sensitive workload must be trusted. The compliance application verifies whether this is the case or not and then shows the results in a dashboard view. In this manner, the layers of the solution stack build on each other to create a trusted compute pool. When all the levels of the stack are working together, you can verify the trustworthiness of your cloud environment. NEXT UP: Rent the cloud, own the key.

5 Chapter 5 of 5 Rent the cloud, own the key. To run high-value mission-critical applications in the cloud, you should ideally have the same level of security in the cloud that you have with privately owned infrastructure where you own the building and systems, where you lock your own doors, and where you have your own IT people managing everything. The reality is, it s difficult to achieve that level of trust when you re using someone else s infrastructure and sharing that infrastructure with other tenants. A multi-tenant environment creates new types of risks and new requirements for security. One approach to addressing these requirements is the creation of trusted compute pools that act as safe zones within the multi-tenant data center. Trusted compute pools help you reduce security risks and gain the confidence you need to use the cloud for your mission-critical applications. They essentially allow you to own the key to your rented corner of the cloud. Trusted compute pools begin with technology that is built into the processor silicon. This hardware-based approach provides strong platform protections and facilitates compliance with policies, regulations, and standards. You wouldn t want to go to the cloud without them. To make the vision of trusted compute pools a reality in today s data centers, Intel delivers a range of enabling technologies. These include Intel Trusted Execution Technology (Intel TXT) to enable an accurate comparison of the critical elements of the launch environment against a known good source and to block the launch of unapproved code. Other important foundational elements include Intel Virtualization Technology (Intel VT), which increases virtualization software performance, and Intel Advanced Encryption Standard New Instructions (Intel AES-NI), which enhances the performance of data encryption tools. These complementary technologies work together to enable the creation of trusted compute pools that help protect your hardware platforms, data, and applications against an ever-growing range of threats. The cloud security problem, of course, is much larger than that the challenges of protecting your hardware from rogue hypervisors, malicious rootkit installations, and other malware. But putting hardware-level protections in place is a critical first step in the process of building a comprehensive cloud security solution. When you establish trusted compute pools, you create a sound foundation for a trusted compute environment. This Trusted compute pools act as safe zones within the multi-tenant data center. foundation gives you the assurance that your mission-critical applications and data are moving across platforms you know and trust.

Trusted Geolocation in The Cloud Technical Demonstration

Trusted Geolocation in The Cloud Technical Demonstration Trusted Geolocation in The Cloud Technical Demonstration NIST Interagency Report 7904 - Trusted Geolocation in the Cloud: Proof of Concept Implementation Trusted Geolocation in the Cloud Business Business

More information

Trusted Geolocation in the Cloud. Based on NIST Interagency Report 7904 - Trusted Geolocation in the Cloud: Proof of Concept Implementation

Trusted Geolocation in the Cloud. Based on NIST Interagency Report 7904 - Trusted Geolocation in the Cloud: Proof of Concept Implementation Trusted Geolocation in the Cloud Based on NIST Interagency Report 7904 - Trusted Geolocation in the Cloud: Proof of Concept Implementation 2 Agenda Definition of cloud computing Trusted Geolocation in

More information

Intel Cloud Builders Guide: Cloud Design and Deployment on Intel Platforms

Intel Cloud Builders Guide: Cloud Design and Deployment on Intel Platforms Intel Cloud Builders Guide Intel Xeon Processor 5600 Series Parallels* Security Monitoring and Service Catalog for Public Cloud VPS Services Parallels, Inc. Intel Cloud Builders Guide: Cloud Design and

More information

TRUSTED WORKLOAD MIGRATION WITH EMC, RSA, INTEL, AND HYTRUST

TRUSTED WORKLOAD MIGRATION WITH EMC, RSA, INTEL, AND HYTRUST White Paper TRUSTED WORKLOAD MIGRATION WITH EMC, RSA, INTEL, AND HYTRUST Nondisruptive trusted workload migration between data centers Active enforcement of hardware-level security policy compliance Enhanced

More information

H Y T RUST: S OLUTION B RIEF. Solve the Nosy Neighbor Problem in Multi-Tenant Environments

H Y T RUST: S OLUTION B RIEF. Solve the Nosy Neighbor Problem in Multi-Tenant Environments H Y T RUST: S OLUTION B RIEF Solve the Nosy Neighbor Problem in Multi-Tenant Environments Summary A private cloud with multiple tenants such as business units of an enterprise or customers of a cloud service

More information

Intel Trusted Execution Technology

Intel Trusted Execution Technology white paper Intel Trusted Execution Technology Intel Trusted Execution Technology Hardware-based Technology for Enhancing Server Platform Security Executive Summary A building is only as good as its foundation.

More information

Index. BIOS rootkit, 119 Broad network access, 107

Index. BIOS rootkit, 119 Broad network access, 107 Index A Administrative components, 81, 83 Anti-malware, 125 ANY policy, 47 Asset tag, 114 Asymmetric encryption, 24 Attestation commercial market, 85 facts, 79 Intel TXT conceptual architecture, 85 models,

More information

Drawbacks to Traditional Approaches When Securing Cloud Environments

Drawbacks to Traditional Approaches When Securing Cloud Environments WHITE PAPER Drawbacks to Traditional Approaches When Securing Cloud Environments Drawbacks to Traditional Approaches When Securing Cloud Environments Exec Summary Exec Summary Securing the VMware vsphere

More information

Long Distance Workload Migration

Long Distance Workload Migration Long Distance Workload Migration Secure Data Access and Movement Between Clouds Mark Lesher Sr. Director EMC 2 Cloud Infrastructure Solutions September 10 1 Drivers for Long Distance Workload Migration

More information

Securing the Intelligent Network

Securing the Intelligent Network WHITE PAPER Securing the Intelligent Network Securing the Intelligent Network New Threats Demand New Strategies The network is the door to your organization for both legitimate users and would-be attackers.

More information

Secure Multi Tenancy In the Cloud. Boris Strongin VP Engineering and Co-founder, Hytrust Inc. bstrongin@hytrust.com

Secure Multi Tenancy In the Cloud. Boris Strongin VP Engineering and Co-founder, Hytrust Inc. bstrongin@hytrust.com Secure Multi Tenancy In the Cloud Boris Strongin VP Engineering and Co-founder, Hytrust Inc. bstrongin@hytrust.com At-a-Glance Trends Do MORE with LESS Increased Insider Threat Increasing IT spend on cloud

More information

Overcoming the Security Challenges of the Cloud

Overcoming the Security Challenges of the Cloud Overcoming the Security Challenges of the Cloud Best Practices for Keeping Your Data and Your Organization Safe 1.800.800.0014 www.pcconnection.com 2013 PC Connection, Inc. All rights reserved. PC Connection

More information

Security in the Cloud

Security in the Cloud solution brief Cloud Computing Security in the Cloud Intel Xeon Processor E5-4600/2600/2400/1600 Intel Technologies Enable More Secure Business Computing in the Cloud Would you like to begin transforming

More information

Building Trust and Compliance in the Cloud with Intel Trusted Execution Technology

Building Trust and Compliance in the Cloud with Intel Trusted Execution Technology WHITE PAPER Intel Trusted Execution Technology Intel Xeon Processor Secure Cloud Computing Building Trust and Compliance in the Cloud with Intel Trusted Execution Technology The Taiwan Stock Exchange Corporation

More information

Overcoming Security Challenges to Virtualize Internet-facing Applications

Overcoming Security Challenges to Virtualize Internet-facing Applications Intel IT IT Best Practices Cloud Security and Secure ization November 2011 Overcoming Security Challenges to ize Internet-facing Applications Executive Overview To enable virtualization of Internet-facing

More information

Securing Data in the Virtual Data Center and Cloud: Requirements for Effective Encryption

Securing Data in the Virtual Data Center and Cloud: Requirements for Effective Encryption THE DATA PROTECTIO TIO N COMPANY Securing Data in the Virtual Data Center and Cloud: Requirements for Effective Encryption whitepaper Executive Summary Long an important security measure, encryption has

More information

Trend Micro Cloud Protection

Trend Micro Cloud Protection A Trend Micro White Paper August 2015 Trend Micro Cloud Protection Security for Your Unique Cloud Infrastructure Contents Introduction...3 Private Cloud...4 VM-Level Security...4 Agentless Security to

More information

Intel Cloud Builders Guide: Cloud Design and Deployment on Intel Platforms

Intel Cloud Builders Guide: Cloud Design and Deployment on Intel Platforms Intel Cloud Builders Guide Intel Xeon Processor Servers Enhanced Cloud Security with HyTrust* and VMware* Intel Cloud Builders Guide: Cloud Design and Deployment on Intel Platforms Enhanced Cloud Security

More information

CLOUD SECURITY: Secure Your Infrastructure

CLOUD SECURITY: Secure Your Infrastructure CLOUD SECURITY: Secure Your Infrastructure 1 Challenges to security Security challenges are growing more complex. ATTACKERS HAVE EVOLVED TECHNOLOGY ARCHITECTURE HAS CHANGED NIST, HIPAA, PCI-DSS, SOX INCREASED

More information

Creating a More Secure Datacenter and Cloud

Creating a More Secure Datacenter and Cloud Chapter 7 Creating a More Secure Datacenter and Cloud Every cloud has its silver lining but it is sometimes a little difficult to get it to the mint. Don Marquis This book has discussed the utilities and

More information

Planning Guide Cloud Security

Planning Guide Cloud Security SEPTEMBER 2011 Planning Guide Cloud Security Seven Steps for Building Security in the Cloud from the Ground Up Why you should read this document: This guide provides practical information to help you integrate

More information

How to Achieve Operational Assurance in Your Private Cloud

How to Achieve Operational Assurance in Your Private Cloud How to Achieve Operational Assurance in Your Private Cloud As enterprises implement private cloud and next-generation data centers to achieve cost efficiencies and support business agility, operational

More information

Security Auditing in a Virtual Environment

Security Auditing in a Virtual Environment Security Auditing in a Virtual Environment Security auditing considerations within a Virtual Environment Increasing and widespread use of the virtual platform can be seen as a direct response by enterprises

More information

Securing Virtual Applications and Servers

Securing Virtual Applications and Servers White Paper Securing Virtual Applications and Servers Overview Security concerns are the most often cited obstacle to application virtualization and adoption of cloud-computing models. Merely replicating

More information

opportunity Mechanisms to Protect Data in the Open Cloud

opportunity Mechanisms to Protect Data in the Open Cloud Open Source on Intel white paper OpenStack* Intel Xeon processors Intel Trusted Execution Technology Intel Advanced Encryption Standard New Instructions Mechanisms to Protect Data in the Open Cloud Intel

More information

Security and Privacy in Public Clouds. David Lie Department of Electrical and Computer Engineering University of Toronto

Security and Privacy in Public Clouds. David Lie Department of Electrical and Computer Engineering University of Toronto Security and Privacy in Public Clouds David Lie Department of Electrical and Computer Engineering University of Toronto 1 Cloud Computing Cloud computing can (and is) applied to almost everything today.

More information

IBM PowerSC. Security and compliance solution designed to protect virtualized datacenters. Highlights. IBM Systems and Technology Data Sheet

IBM PowerSC. Security and compliance solution designed to protect virtualized datacenters. Highlights. IBM Systems and Technology Data Sheet IBM PowerSC Security and compliance solution designed to protect virtualized datacenters Highlights Simplify security management and compliance measurement Reduce administration costs of meeting compliance

More information

JANUARY 2013. Industry Brief

JANUARY 2013. Industry Brief JANUARY 2013 Industry Brief Securing the Cloud for Financial Institutions An Overview of Cloud Security Issues Facing the Financial Services Industry and Intel Technologies for Securing the Financial Cloud

More information

ProtectV. Securing Sensitive Data in Virtual and Cloud Environments. Executive Summary

ProtectV. Securing Sensitive Data in Virtual and Cloud Environments. Executive Summary VISIBILITY DATA GOVERNANCE SYSTEM OS PARTITION UNIFIED MANAGEMENT CENTRAL AUDIT POINT ACCESS MONITORING ENCRYPTION STORAGE VOLUME POLICY ENFORCEMENT ProtectV SECURITY SNAPSHOT (backup) DATA PROTECTION

More information

What s Holding Back the Cloud?

What s Holding Back the Cloud? MAY 2012 Peer Research What s Holding Back the Cloud? Intel Survey on Increasing IT Professionals Confidence in Cloud Security Why You Should Read This Document This report captures key findings from a

More information

Improving OpenStack* Hybrid Cloud Security

Improving OpenStack* Hybrid Cloud Security SOLUTION BRIEF Intel Trusted Execution Technology Hybrid Security Improving OpenStack* Hybrid Security Together, Intel, Mirantis, and IBM SoftLayer demonstrate how Intel Trusted Execution Technology, attestation,

More information

Effective End-to-End Cloud Security

Effective End-to-End Cloud Security Effective End-to-End Cloud Security Securing Your Journey to the Cloud Trend Micro SecureCloud A Trend Micro & VMware White Paper August 2011 I. EXECUTIVE SUMMARY This is the first paper of a series of

More information

Protect Root Abuse privilege on Hypervisor (Cloud Security)

Protect Root Abuse privilege on Hypervisor (Cloud Security) Protect Root Abuse privilege on Hypervisor (Cloud Security) Nantharat Puwarang, CISSP Senior Technical Consultant Protect Software Defined Data Center 1 The Road to Software Defined Data Centers: Virtualization

More information

Accelerate OpenStack* Together. * OpenStack is a registered trademark of the OpenStack Foundation

Accelerate OpenStack* Together. * OpenStack is a registered trademark of the OpenStack Foundation Accelerate OpenStack* Together * OpenStack is a registered trademark of the OpenStack Foundation Where are your workloads running Ensuring Boundary Control in OpenStack Cloud. Raghu Yeluri Principal Engineer,

More information

QTS Leverages HyTrust to Build a FedRAMP Compliant Cloud

QTS Leverages HyTrust to Build a FedRAMP Compliant Cloud CASE STUD QTS Leverages HyTrust to Build a FedRAMP Compliant Cloud The technology and expertise provided by HyTrust dramatically simplified the process of preparing for our FedRAMP certification. HyTrust

More information

Securing the Journey to the Private Cloud. Dominique Dessy RSA, the Security Division of EMC

Securing the Journey to the Private Cloud. Dominique Dessy RSA, the Security Division of EMC Securing the Journey to the Private Cloud Dominique Dessy RSA, the Security Division of EMC June 2010 Securing the Journey to The Private Cloud The Journey IT Production Business Production IT-As-A-Service

More information

Tenable Webcast Summary Managing Vulnerabilities in Virtualized and Cloud-based Deployments

Tenable Webcast Summary Managing Vulnerabilities in Virtualized and Cloud-based Deployments Tenable Webcast Summary Managing Vulnerabilities in Virtualized and Cloud-based Deployments Introduction Server virtualization and private cloud services offer compelling benefits, including hardware consolidation,

More information

Cisco Unified Network Services: Overcome Obstacles to Cloud-Ready Deployments

Cisco Unified Network Services: Overcome Obstacles to Cloud-Ready Deployments Cisco Unified Network Services: Overcome Obstacles to Cloud-Ready Deployments What You Will Learn Deploying network services in virtual data centers is extremely challenging. Traditionally, such Layer

More information

Intel Cloud Builders Guide: Cloud Design and Deployment on Intel Platforms

Intel Cloud Builders Guide: Cloud Design and Deployment on Intel Platforms Intel Cloud Builders Guide Intel Xeon Processor-based Servers Enhancing Cloud Platform Security with Enomaly ECP* HAE and Dell PowerEdge* Servers Intel Cloud Builders Guide: Cloud Design and Deployment

More information

What are your firm s plans to adopt x86 server virtualization? Not interested

What are your firm s plans to adopt x86 server virtualization? Not interested The benefits of server virtualization are widely accepted and the majority of organizations have deployed virtualization technologies. Organizations are virtualizing mission-critical workloads but must

More information

Industry Brief Healthcare Cloud Security

Industry Brief Healthcare Cloud Security JANUARY 2013 Industry Brief Healthcare Cloud Security An Overview of Cloud Security Issues Facing Healthcare Organizations and Intel Technologies for Securing the Healthcare Cloud Why You Should Read This

More information

IBM PowerSC. Security and compliance solution designed to protect virtualised data centres. Highlights. IBM Systems and Technology Data Sheet

IBM PowerSC. Security and compliance solution designed to protect virtualised data centres. Highlights. IBM Systems and Technology Data Sheet IBM PowerSC Security and compliance solution designed to protect virtualised data centres Highlights Simplify security management and compliance measurement Reduce administration costs of meeting compliance

More information

16 April 2015. Cloud Security. Dr. Andreas Wespi. 2015 IBM Corporation

16 April 2015. Cloud Security. Dr. Andreas Wespi. 2015 IBM Corporation 16 April 2015 Cloud Security Dr. Andreas Wespi The Roots of Cloud Computing Malcolm McLean, one of the founders of Cloud Computing, back in 1956 Born on Nov. 14, 1913, in Maxton, North Carolina Malcolm

More information

UNCLASSIFIED Version 1.0 May 2012

UNCLASSIFIED Version 1.0 May 2012 Secure By Default: Platforms Computing platforms contain vulnerabilities that can be exploited for malicious purposes. Often exploitation does not require a high degree of expertise, as tools and advice

More information

Intel Service Assurance Administrator. Product Overview

Intel Service Assurance Administrator. Product Overview Intel Service Assurance Administrator Product Overview Running Enterprise Workloads in the Cloud Enterprise IT wants to Start a private cloud initiative to service internal enterprise customers Find an

More information

Start building a trusted environment now... (before it s too late) IT Decision Makers

Start building a trusted environment now... (before it s too late) IT Decision Makers YOU CAN T got HAP Start building a trusted environment now... IT Decision Makers (before it s too late) HAP reference implementations and commercial solutions are available now in the HAP Developer Kit.

More information

How Does Virtualization Change Your Approach to Enterprise Security and Compliance?

How Does Virtualization Change Your Approach to Enterprise Security and Compliance? HowDoesVirtualizationChangeYour ApproachtoEnterpriseSecurityand Compliance? SevenStepstoaVirtual awaresecuritystrategy. MichaelBaum Co founder ChiefCorporate&Business DevelopmentOfficer ScottShepard CISSP,CISM

More information

Mitigating Information Security Risks of Virtualization Technologies

Mitigating Information Security Risks of Virtualization Technologies Mitigating Information Security Risks of Virtualization Technologies Toon-Chwee, Wee VMWare (Hong Kong) 2009 VMware Inc. All rights reserved Agenda Virtualization Overview Key Components of Secure Virtualization

More information

Compliance for the Road Ahead

Compliance for the Road Ahead THE DATA PROTECTION COMPANY CENTRAL CONTROL A NTROL RBAC UNIVERSAL DATA PROTECTION POLICY ENTERPRISE KEY DIAGRAM MANAGEMENT SECURE KEY STORAGE ENCRYPTION SERVICES LOGGING AUDITING Compliance for the Road

More information

Before we can talk about virtualization security, we need to delineate the differences between the

Before we can talk about virtualization security, we need to delineate the differences between the 1 Before we can talk about virtualization security, we need to delineate the differences between the terms virtualization and cloud. Virtualization, at its core, is the ability to emulate hardware via

More information

Technical Brief Distributed Trusted Computing

Technical Brief Distributed Trusted Computing Technical Brief Distributed Trusted Computing Josh Wood Look inside to learn about Distributed Trusted Computing in Tectonic Enterprise, an industry-first set of technologies that cryptographically verify,

More information

The Trusted Cloud: Addressing Security and Compliance

The Trusted Cloud: Addressing Security and Compliance The Trusted Cloud: Addressing Security and Compliance by Enrique Castro-Leon, Enterprise and Data Center Architect & Technology Strategist, Intel Corporation, and Raghu Yeluri, Principal Engineer, Intel

More information

HyTrust Logging Solution Brief: Gain Virtualization Compliance by Filling Log Data Gaps

HyTrust Logging Solution Brief: Gain Virtualization Compliance by Filling Log Data Gaps WHITE PAPER HyTrust Logging Solution Brief: Gain Virtualization Compliance by Filling Log Data Gaps Summary Summary Compliance with PCI, HIPAA, FISMA, EU, and other regulations is as critical in virtualized

More information

PCI COMPLIANCE ON AWS: HOW TREND MICRO CAN HELP

PCI COMPLIANCE ON AWS: HOW TREND MICRO CAN HELP solution brief PCI COMPLIANCE ON AWS: HOW TREND MICRO CAN HELP AWS AND PCI DSS COMPLIANCE To ensure an end-to-end secure computing environment, Amazon Web Services (AWS) employs a shared security responsibility

More information

Security Issues in Cloud Computing

Security Issues in Cloud Computing Security Issues in Computing CSCI 454/554 Computing w Definition based on NIST: A model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources

More information

Integration and Automation with Lenovo XClarity Administrator

Integration and Automation with Lenovo XClarity Administrator Integration and Automation with Lenovo XClarity Administrator Extend Management Processes to Existing Ecosystems Lenovo Enterprise Business Group April 2015 2015 Lenovo. All rights reserved. Introduction

More information

Closing the cloud and virtualization gap

Closing the cloud and virtualization gap Closing the cloud and virtualization gap Use cases for workload security White Paper Table of Contents 3 Introduction Encouraging cross-functional collaboration Prepare for the worst 4 Operational risk

More information

Integrated OpenStack Cloud Solution with Service Assurance

Integrated OpenStack Cloud Solution with Service Assurance White Paper Redapt Intel SAA Integrated OpenStack Cloud Solution with Service Assurance Open Reference Cloud Architecture White Paper Redapt, Inc. and Intel Corporation Executive Summary Enterprise IT

More information

VM-Series for VMware. PALO ALTO NETWORKS: VM-Series for VMware

VM-Series for VMware. PALO ALTO NETWORKS: VM-Series for VMware VM-Series for VMware The VM-Series for VMware supports VMware NSX, ESXI stand-alone and vcloud Air, allowing you to deploy next-generation firewall security and advanced threat prevention within your VMware-based

More information

5 Best Practices to Protect Your Virtual Environment

5 Best Practices to Protect Your Virtual Environment CONTENTS OF THIS WHITE PAPER Security Virtualization s Big Hurdle..1 Why Old-STyle Protections Fall short..2 Best Practices...3 Create A VM Service Good List... 3 Monitor and Protect the Hypervisor...

More information

HyTrust Addendum to the VMware Product Applicability Guide. For. Federal Risk and Authorization Management Program (FedRAMP) version 1.

HyTrust Addendum to the VMware Product Applicability Guide. For. Federal Risk and Authorization Management Program (FedRAMP) version 1. HyTrust Product Applicability Guide For Federal Risk and Authorization Management Program (FedRAMP) VMware Compliance Reference Architecture Framework to the VMware Product Applicability Guide For Federal

More information

Total Cloud Protection

Total Cloud Protection Total Cloud Protection Data Center and Cloud Security Security for Your Unique Cloud Infrastructure A Trend Micro White Paper August 2011 I. INTRODUCTION Many businesses are looking to the cloud for increased

More information

Gain Complete Data Protection with SanDisk Self-Encrypting SSDs and Wave Systems

Gain Complete Data Protection with SanDisk Self-Encrypting SSDs and Wave Systems Gain Complete Data Protection with SanDisk Self-Encrypting SSDs and Wave Systems Built-in Security to Protect Sensitive Data without Sacrificing Performance What is an SED? A self-encrypting drive performs

More information

Dell Client. Take Control of Your Environment. Powered by Intel Core 2 processor with vpro technology

Dell Client. Take Control of Your Environment. Powered by Intel Core 2 processor with vpro technology Dell Client Systems Take Control of Your Environment Powered by Intel Core 2 processor with vpro technology Simplifying IT As IT infrastructures grow, heterogeneous environments expand. Growing infrastructures

More information

Learn the essentials of virtualization security

Learn the essentials of virtualization security Learn the essentials of virtualization security White Paper Table of Contents 3 Introduction 4 Hypervisor connectivity and risks 4 Multi-tenancy risks 5 Management and operational network risks 5 Storage

More information

Keith Luck, CISSP, CCSK Security & Compliance Specialist, VMware, Inc. kluck@vmware.com

Keith Luck, CISSP, CCSK Security & Compliance Specialist, VMware, Inc. kluck@vmware.com 1 Keith Luck, CISSP, CCSK Security & Compliance Specialist, VMware, Inc. kluck@vmware.com Agenda Cloud Computing VMware and Security Network Security Use Case Securing View Deployments Questions 2 IT consumption

More information

CA ControlMinder for Virtual Environments May 2012

CA ControlMinder for Virtual Environments May 2012 FREQUENTLY ASKED QUESTIONS May 2012 Top Ten Questions 1. What is?... 2 2. What are the key benefits of?... 2 3. What are the key capabilities of?... 2 4. Does this release include anything from the recently

More information

Catbird 6.0: Private Cloud Security

Catbird 6.0: Private Cloud Security WHITE PAPER Catbird 6.0: Private Cloud Security and agile infrastructure that is exposing weaknesses in legacy perimeter-based network controls and leaving applications vulnerable to advanced threats.

More information

Can PCI DSS Compliance Be Achieved in a Cloud Environment?

Can PCI DSS Compliance Be Achieved in a Cloud Environment? royal holloway Can Compliance Be Achieved in a Cloud Environment? Organisations are considering whether to run -based systems in a cloud environment. The security controls in the cloud may be sufficient

More information

Cloud Security Case Study Amazon Web Services. Ugo Piazzalunga Technical Manager, IT Security ugo.piazzalunga@safenet-inc.com

Cloud Security Case Study Amazon Web Services. Ugo Piazzalunga Technical Manager, IT Security ugo.piazzalunga@safenet-inc.com Cloud Security Case Study Amazon Web Services Ugo Piazzalunga Technical Manager, IT Security ugo.piazzalunga@safenet-inc.com Agenda 1. Amazon Web Services challenge 2. Virtual Instances and Virtual Storage

More information

Top virtualization security risks and how to prevent them

Top virtualization security risks and how to prevent them E-Guide Top virtualization security risks and how to prevent them There are multiple attack avenues in virtual environments, but this tip highlights the most common threats that are likely to be experienced

More information

CloudControl Support for PCI DSS 3.0

CloudControl Support for PCI DSS 3.0 HyTrust CloudControl Support for PCI DSS 3.0 Summary In PCI DSS 3.0, hypervisors and virtual networking components are always in-scope for audit; Native auditing capabilities from the core virtualization

More information

Cloud Security Trust Cisco to Protect Your Data

Cloud Security Trust Cisco to Protect Your Data Trust Cisco to Protect Your Data As cloud adoption accelerates, organizations are increasingly placing their trust in third-party cloud service providers (CSPs). But can you fully trust your most sensitive

More information

Windows Server Virtualization & The Windows Hypervisor

Windows Server Virtualization & The Windows Hypervisor Windows Server Virtualization & The Windows Hypervisor Brandon Baker Lead Security Engineer Windows Kernel Team Microsoft Corporation Agenda - Windows Server Virtualization (WSV) Why a hypervisor? Quick

More information

Cloud Security is a First Principle:

Cloud Security is a First Principle: Cloud Security is a First Principle: Elements of Private Cloud Security Table of Contents Why the Security Minded are Drawn to Private Cloud Deployments....2 Security is the Driver Behind Private Clouds...3

More information

how can I virtualize my mission-critical servers while maintaining or improving security?

how can I virtualize my mission-critical servers while maintaining or improving security? SOLUTION BRIEF Securing Virtual Environments how can I virtualize my mission-critical servers while maintaining or improving security? agility made possible CA ControlMinder for Virtual Environments provides

More information

Whitepaper. What You Need to Know About Infrastructure as a Service (IaaS) Encryption

Whitepaper. What You Need to Know About Infrastructure as a Service (IaaS) Encryption Whitepaper What You Need to Know About Infrastructure as a Service (IaaS) Encryption What You Need to Know about IaaS Encryption What You Need to Know About IaaS Encryption Executive Summary In this paper,

More information

WHITE PAPER Mainstreaming Server Virtualization: The Intel Approach

WHITE PAPER Mainstreaming Server Virtualization: The Intel Approach WHITE PAPER Mainstreaming Server Virtualization: The Intel Approach Sponsored by: Intel John Humphreys June 2006 Tim Grieser IDC OPINION Global Headquarters: 5 Speen Street Framingham, MA 01701 USA P.508.872.8200

More information

Virtualization Essentials

Virtualization Essentials Virtualization Essentials Table of Contents Introduction What is Virtualization?.... 3 How Does Virtualization Work?... 4 Chapter 1 Delivering Real Business Benefits.... 5 Reduced Complexity....5 Dramatically

More information

NIST Interagency Report 7904 (Draft) Trusted Geolocation in the Cloud: Proof of Concept Implementation (Draft)

NIST Interagency Report 7904 (Draft) Trusted Geolocation in the Cloud: Proof of Concept Implementation (Draft) NIST Interagency Report 7904 (Draft) Trusted Geolocation in the Cloud: Proof of Concept Implementation (Draft) Erin K. Banks Michael Bartock Kevin Fiftal David Lemon Karen Scarfone Uttam Shetty Murugiah

More information

content-aware identity & access management in a virtual environment

content-aware identity & access management in a virtual environment WHITE PAPER Content-Aware Identity & Access Management in a Virtual Environment June 2010 content-aware identity & access management in a virtual environment Chris Wraight CA Security Management we can

More information

Protecting Virtual Endpoints with McAfee Server Security Suite Essentials

Protecting Virtual Endpoints with McAfee Server Security Suite Essentials Sponsored by McAfee Protecting Virtual Endpoints with McAfee Server Security Suite Essentials December 2013 A SANS Analyst Whitepaper Written by Dave Shackleford Capability Sets for Virtualization Security

More information

Top 10 encryption myths

Top 10 encryption myths Top 10 encryption myths White Paper Table of Contents 3 Executive overview 3 Myth #1 Encryption will degrade my system performance 4 Myth #2 Encryption terminology is too hard to understand 4 Myth #3 Managing

More information

Cloud: Where are we now? Gerald Gerry Seaman Cloud Marketing Manager Intel - Data Center Group Enterprise High Performance Group

Cloud: Where are we now? Gerald Gerry Seaman Cloud Marketing Manager Intel - Data Center Group Enterprise High Performance Group Cloud: Where are we now? Gerald Gerry Seaman Cloud Marketing Manager Intel - Data Center Group Enterprise High Performance Group Why is Intel Talking Cloud? Service and Policy Management Analytics Cloud

More information

One-Stop Intel TXT Activation Guide

One-Stop Intel TXT Activation Guide One-Stop Intel TXT Activation Guide HP Gen8 Family Based Server Systems Intel Trusted Execution Technology (Intel TXT) for Intel Xeon processor-based servers is commonly used to enhance platform security

More information

Getting More Performance and Efficiency in the Application Delivery Network

Getting More Performance and Efficiency in the Application Delivery Network SOLUTION BRIEF Intel Xeon Processor E5-2600 v2 Product Family Intel Solid-State Drives (Intel SSD) F5* Networks Delivery Controllers (ADCs) Networking and Communications Getting More Performance and Efficiency

More information

Cloud Under Control: How to Virtualize More by Virtualizing More Securely

Cloud Under Control: How to Virtualize More by Virtualizing More Securely H Y T RUST: WHITE PAPER Cloud Under Control: How to Virtualize More by Virtualizing More Securely Executive Overview Enterprises have reached an inflection point. The value of datacenter virtualization

More information

Cloud Computing: A Question of Trust Maintaining Control and Compliance with Data-centric Information Security

Cloud Computing: A Question of Trust Maintaining Control and Compliance with Data-centric Information Security Russ Dietz Vice President & Chief Technology Officer Cloud Computing: A Question of Trust Maintaining Control and Compliance with Data-centric Information Security By Russ Dietz Vice President & Chief

More information

Introduction to Cloud Computing. Srinath Beldona srinath_beldona@yahoo.com

Introduction to Cloud Computing. Srinath Beldona srinath_beldona@yahoo.com Introduction to Cloud Computing Srinath Beldona srinath_beldona@yahoo.com Agenda Pre-requisites Course objectives What you will learn in this tutorial? Brief history Is cloud computing new? Why cloud computing?

More information

Issues in Cloud Security

Issues in Cloud Security Issues in Cloud Security Private, Public, Hybrid Abstract This white paper discusses the major computer security issues confronting an organization when moving to the cloud. Even for small companies, migrating

More information

WIND RIVER SECURE ANDROID CAPABILITY

WIND RIVER SECURE ANDROID CAPABILITY WIND RIVER SECURE ANDROID CAPABILITY Cyber warfare has swiftly migrated from hacking into enterprise networks and the Internet to targeting, and being triggered from, mobile devices. With the recent explosion

More information

IaaS Cloud Architectures: Virtualized Data Centers to Federated Cloud Infrastructures

IaaS Cloud Architectures: Virtualized Data Centers to Federated Cloud Infrastructures IaaS Cloud Architectures: Virtualized Data Centers to Federated Cloud Infrastructures Dr. Sanjay P. Ahuja, Ph.D. 2010-14 FIS Distinguished Professor of Computer Science School of Computing, UNF Introduction

More information

Security Model for VM in Cloud

Security Model for VM in Cloud Security Model for VM in Cloud 1 Venkataramana.Kanaparti, 2 Naveen Kumar R, 3 Rajani.S, 4 Padmavathamma M, 5 Anitha.C 1,2,3,5 Research Scholars, 4Research Supervisor 1,2,3,4,5 Dept. of Computer Science,

More information

Preparing an RFI for. This RFI has been updated to reflect the new requirements in Version 3.0 of the PCI DSS, which took effect January 2015.

Preparing an RFI for. This RFI has been updated to reflect the new requirements in Version 3.0 of the PCI DSS, which took effect January 2015. Preparing an RFI for Protecting cardholder data is a critical and mandatory requirement for all organizations that process, store or transmit information on credit or debit cards. Requirements and guidelines

More information

CSE543 Computer and Network Security Module: Cloud Computing

CSE543 Computer and Network Security Module: Cloud Computing CSE543 Computer and Network Security Module: Computing Professor Trent Jaeger 1 Computing Is Here Systems and Internet Infrastructure Security (SIIS) Laboratory 2 Computing Is Here Systems and Internet

More information

Overview of Windows 10 Requirements for TPM, HVCI and SecureBoot

Overview of Windows 10 Requirements for TPM, HVCI and SecureBoot presented by Overview of Windows 10 Requirements for TPM, HVCI and SecureBoot UEFI Spring Plugfest May 18-22, 2015 Gabe Stocco, Scott Anderson, Suhas Manangi Updated 2011-06-01 UEFI Plugfest May 2015 www.uefi.org

More information

Learn the Essentials of Virtualization Security

Learn the Essentials of Virtualization Security Learn the Essentials of Virtualization Security by Dave Shackleford by Dave Shackleford This paper is the first in a series about the essential security issues arising from virtualization and the adoption

More information

RSA Security Brief March, 2010

RSA Security Brief March, 2010 RSA Security Brief March, 2010 Infrastructure Security: Getting to the Bottom of Compliance in the Cloud Authors Sam Curry CTO, Marketing RSA, the Security Division of EMC Jon Darbyshire President & CEO,

More information

Computer Science. About PaaS Security. Donghoon Kim Henry E. Schaffer Mladen A. Vouk

Computer Science. About PaaS Security. Donghoon Kim Henry E. Schaffer Mladen A. Vouk About PaaS Security Donghoon Kim Henry E. Schaffer Mladen A. Vouk North Carolina State University, USA May 21, 2015 @ ICACON 2015 Outline Introduction Background Contribution PaaS Vulnerabilities and Countermeasures

More information

Secure Clouds - Secure Services Trend Micro best-in-class solutions enable data center to deliver trusted and secure infrastructures and services

Secure Clouds - Secure Services Trend Micro best-in-class solutions enable data center to deliver trusted and secure infrastructures and services Secure Clouds - Secure Services Trend Micro best-in-class solutions enable data center to deliver trusted and secure infrastructures and services Udo Schneider Trend Micro Udo_Schneider@trendmicro.de 26.03.2013

More information