Q5) Continued The OpSource RESTful API enables our cloud to integrate easily with third-party authentication, monitoring, configuration management, and security management tools. Additionally, clients can configure VLANS and firewall ACLs to explicitly limit access to specific servers by IP address, port, or protocol. For example, clients can set up web servers in a DMZ accessible via the public Internet on port 80. Application servers, sitting on a separate VLAN, could be accessed only by the web-tier or databasetier servers. The database servers could only be accessed by the application tier. This approach to security provides for application access and server access control. Lastly, OpSource controls permissions of multiple end users of a specific client account and logs activities critical to administering a trusted cloud environment. SecRAMP has developed several use cases around integration with Intel TXT servers and VMware. Intel TXT integration enables customers to benefit from a root of trust that can be extended from the hardware through the hypervisor and up to the application interface. Data is then provided to a security information and event management system to validate, audit, and report on trust status. Implementing strong policies and procedures can also aid in improving the overall level of trust. For example, with server deployments, we typically identify every piece of firmware on the system, such as the BIOS, the RAID, and the video card—anything that can be updated at the hardware level prior to the operating system installation. We then build an internal repository of relevant firmware, validate it with vendor-provided hashes, and flash the firmware predeployment. While this is not a 100 percent solution, it does reduce the risk of compromise at the hardware level. On blade systems like the Cisco Unified Computing System platform, features such as Service Profiles make this type of operation much quicker and easier, especially for private cloud deployments. Because Virtustream dedicates the network, compute, and storage resources for every customer, each application can trust that the infrastructure presented to it is not shared or seen by any other customer. This ensures routing and data segregation through secure swim lanes, even when a customer introduces integration points with other service providers. In order to avoid vendor lock-in, many organizations subscribe to the services of two or more cloud service providers—increasing the importance of secure data management and movement of data between physical locations. Secure data management will be enabled by technologies such as Intel TXT, which provides launch verification and attestation, both of which are tremendously important in cloud implementation scenarios, where machines may reside in different geographic regions. Continued on next page. 22 Intel IT Center Vendor Round Table | Cloud Security
Cloud Security Vendor Round Table - Page 0001.html
Cloud Security Vendor Round Table - Page 0002.html
Cloud Security Vendor Round Table - Page 0003.html
Cloud Security Vendor Round Table - Page 0004.html
Cloud Security Vendor Round Table - Page 0005.html
Cloud Security Vendor Round Table - Page 0006.html
Cloud Security Vendor Round Table - Page 0007.html
Cloud Security Vendor Round Table - Page 0008.html
Cloud Security Vendor Round Table - Page 0009.html
Cloud Security Vendor Round Table - Page 0010.html
Cloud Security Vendor Round Table - Page 0011.html
Cloud Security Vendor Round Table - Page 0012.html
Cloud Security Vendor Round Table - Page 0013.html
Cloud Security Vendor Round Table - Page 0014.html
Cloud Security Vendor Round Table - Page 0015.html
Cloud Security Vendor Round Table - Page 0016.html
Cloud Security Vendor Round Table - Page 0017.html
Cloud Security Vendor Round Table - Page 0018.html
Cloud Security Vendor Round Table - Page 0019.html
Cloud Security Vendor Round Table - Page 0020.html
Cloud Security Vendor Round Table - Page 0021.html
Cloud Security Vendor Round Table - Page 0022.html
Cloud Security Vendor Round Table - Page 0023.html
Cloud Security Vendor Round Table - Page 0024.html
Cloud Security Vendor Round Table - Page 0025.html
Cloud Security Vendor Round Table - Page 0026.html
Cloud Security Vendor Round Table - Page 0027.html
Cloud Security Vendor Round Table - Page 0028.html
Cloud Security Vendor Round Table - Page 0029.html
Cloud Security Vendor Round Table - Page 0030.html
Cloud Security Vendor Round Table - Page 0031.html
Cloud Security Vendor Round Table - Page 0032.html
Cloud Security Vendor Round Table - Page 0033.html
Cloud Security Vendor Round Table - Page 0034.html
Cloud Security Vendor Round Table - Page 0035.html
Cloud Security Vendor Round Table - Page 0036.html
Cloud Security Vendor Round Table - Page 0037.html
Cloud Security Vendor Round Table - Page 0038.html
Cloud Security Vendor Round Table - Page 0039.html
Cloud Security Vendor Round Table - Page 0040.html
Cloud Security Vendor Round Table - Page 0041.html
Cloud Security Vendor Round Table - Page 0042.html
Cloud Security Vendor Round Table - Page 0043.html
Cloud Security Vendor Round Table - Page 0044.html

A javascript error just appeared or you do not have installed a Flash Player plugin in your browser.

Prestimedia, your interactive publications solution provider, invites you to download the latest Adobe Flash plugin by clicking here

This e.print interactive catalogue is made by Prestimedia