Are there security concerns that your solution doesn’t address that you think the industry still needs to solve?
We would like to see hypervisors take more advantage of trusted extensions appearing in modern CPUs and chipsets. This, paired with a policy engine controlling orchestration, opens up many interesting possibilities for trusted cloud computing. While we have made great strides in furthering cloud networking, this is also an immature area and in need of continued innovation to extend trust throughout the cloud ecosystem. Carpathia is also following with interest the integration of hardware security controls such as Intel TXT to allow a chain of trust from the hardware to the hypervisor to the operating system. Intel TXT has massive potential for trusted cloud computing. Being able to show a chain of trust from hardware to the exposed operating system is very important, especially to our Department of Defense customers.
There are many opportunities for the industry to collaborate on better and more efficient solutions. Automation is a specific example. From a cloud security perspective, automation presents two challenges: (1) how to secure an automated environment and (2) how security service provisioning can be automated in a cloud environment. Cisco is working actively on solutions to address these challenges. The industry also can work together to establish awareness and technologies and standards for better visibility, efficiency, and interoperability.
Some of the biggest security concerns in the cloud are administrative mistakes and lack of approved workflow. Citrix solutions are workflow enabled to reduce the likelihood of administrative-induced errors.
End-to-end chains of trust are still in need of development; we see Intel as continuing to push the envelope, and we’re looking forward to being able to provide that type of security technology to our customer base. Additionally, we continue to do research into better encryption key management to help our customers because that is a weak point both in and out of the cloud.
HyTrust is laser focused on delivering a security solution for virtualization and cloud computing within four critical areas: authenticating and verifying administrator identity, verifying integrity of the cloud infrastructure, validating all administrative change requests, and providing a complete system of record for the state of and changes to the cloud infrastructure. This is only one piece of the greater security puzzle. Many of the original security challenges in the physical data center—patch management, antivirus, vulnerability management, security event and information management, and so forth—still exist in the cloud and still require vigilant attention. While numerous solutions are available to address each of these challenges, the integration between and among these solutions is wanting. Tighter integration would undoubtedly present a more unified view of cloud security and enable a simpler and more straightforward means of managing these complex environments.
33 Intel IT Center Vendor Round Table | Cloud Security