The Cloud Security Net—Build It from the Ground Up
Because the model for your cloud services may be very different from other organizations—and indeed may evolve and change over time—Intel recommends that, in addition to security software solutions and application features, you should strengthen your security net by protecting data and platform at the most basic level—the system hardware. This best practice is built into Intel’s own private cloud infrastructure.6
The following illustration shows how protection at the hardware level can enable security deeper in the data center. Compute resources complement your perimeter controls, enable more advanced security and compliance capabilities in existing solutions, and provide needed protection even below the hypervisor—an area of emerging threat.
Physical Layers at Risk in the Enterprise
The dynamic perimeter of cloud computing can expose edge systems to people and applications more than most other elements of the data center architectures—offering more opportunities for compromise. Attacks of server infrastructure at the deepest levels are an emerging area of risk and increasingly target the hypervisor, firmware, and BIOS. The attackers are professionals— more sophisticated, determined, and better resourced. The potential for harm from a single attack in either of these two areas can be devastating.
Edge & Departmental Systems
Traditional attack target Personal computing systems used to run software locally or on a cloud infrastructure (desktops, laptops, and other mobile devices). Growing attack target Departmental and other systems that interact inside and outside the organization (web servers, portal servers, e-mail servers, bridges, and routers). Emerging attack target Isolated back-end servers used for virtualization, database management, and storage.
6 An Enterprise Private Cloud Architecture and Implementation Roadmap. IT@Intel (2010). intel.com/content/www/us/en/cloud-computing/cloud-computing-private-cloudroadmap-paper.html (PDF)
11 Intel IT Center Planning Guide | Cloud Security