An Introduction to Cloud Security

An Overview of Cloud Security:

  • Cloud security capabilities encompass technologies in the hardware and software layers that help enable confidential computing—computing that helps keep information secret.

  • Intel® zero-trust security solutions accelerate cryptography, help ensure applications run as expected, establish a root of trust in the firmware layer, and deliver tamper-resistant storage.

  • Intel® Software Guard Extensions (Intel® SGX) helps enable confidential computing, and Intel works closely with cloud service providers (CSPs) to integrate solutions like these into public cloud offerings.

BUILT IN - ARTICLE INTRO SECOND COMPONENT

The holistic practice of confidential computing, which encompasses data protection, encryption, and network security features, allows businesses to discover the transformative value of the cloud.

What Is Cloud Security?

Secure cloud computing encompasses three core capabilities: confidentiality, integrity, and availability. Confidentiality is the ability to keep information secret from people who shouldn’t have access. Integrity means that systems operate as they are intended to function and produce outputs that are not unexpected or misleading. Availability speaks to maintaining service uptime for cloud infrastructure and cloud-based services, which includes preventing denial-of-service (DoS) attacks.

Security is only as strong as the layer below it. Businesses that are crafting their cloud security policies need to consider a “defense in depth” strategy. This means building from the ground up with a trusted foundation in the hardware layer. Applications and software in the cloud will run more securely when they are deployed on a secure foundation.

There are numerous Intel® hardware-enabled tools that address these core capabilities in cloud platforms, and with security features built into every piece of Intel® silicon—all you have to do is enable them. Tools such as encryption, firmware, and platform protections serve as a good starting point to help address the IT security concerns of businesses and government agencies. With improved data security features available in the cloud, you can finally realize the cost and agility benefits that come with public cloud, private cloud, or hybrid cloud deployments through technologies that help enable confidential computing.

Why Is Cloud Security Important?

The cloud offers on-demand compute and storage resources that can help transform businesses and accelerate services development and deployment. However, businesses can’t enjoy all these potential benefits without a strong backbone to help protect them from digital threats, malware, and hackers. The goal is to reduce total attack surface, manage risks to accessing cloud resources, and ultimately make it profitable and beneficial to use the cloud.

Every industry is working diligently to keep up with the ever-changing threat landscape, whether it’s protecting intellectual property, keeping systems patched, or ensuring compliance with privacy regulations. IT security teams are often short-staffed or struggling to meet the constantly changing needs of the business. Cloud computing offers a solution to these challenges because many public clouds have cybersecurity, encryption, and data protection baked into their service offerings.

The cloud is emerging as a premier platform for the security conscious, where the latest technologies are implemented, cybersecurity experts are available around the clock, and advancements in digital threats are addressed in real time. Not only can businesses benefit from on-demand compute and storage resources in the cloud, but they can also benefit from world-class data security features as well.

How Is Cloud Security Different from Network Security?

Network security refers to securing the perimeter of a data center, and the movement of data inside or outside the data center. This entails using network infrastructure and access controls to manage data flow and prevent digital threats from entering the network. A key example of network security is the use of firewalls to restrict access to specific network ports. But networking is just one piece of the equation and cloud computing encompasses the full gamut of devices, data, and software. Businesses and cloud architects need a robust and secure network perimeter, but there will always be insider threats and data breaches that bypass perimeter protections. For this reason, it’s important to have a multilayered security strategy, like confidential computing, that touches hardware, software, and applications.

Cloud for Regulated Industries

While it’s important to protect cloud resources, it’s an even higher priority in regulated industries such as healthcare, finance, and government. For example, healthcare organizations in the United States must abide by the Health Insurance Portability and Accountability Act (HIPAA) to protect sensitive patient data from unauthorized access. Financial services providers need to comply with the Sarbanes-Oxley Act for public accountability while employing their own cybersecurity methods to help detect and prevent fraud.

Government offices must meet a strict set of compliance standards for government cloud computing. These include the Federal Risk and Authorization Management Program (FedRAMP) and the National Institute of Standards and Technology (NIST) framework. Intel participated in the development of the NIST framework and continues to help organizations align with its requirements.

Having a hardware-enabled root of trust can help provide assurance to both businesses in these regulated industries and regulators themselves that due diligence is being followed to help protect sensitive data in the cloud.

Data Sovereignty

Data sovereignty is another highly regulated area of consideration for organizations using public cloud or hybrid cloud resources. The concept of data sovereignty speaks to how national governments impose different requirements, restrictions, or means of access to data based on where it is physically stored. Regulations might stipulate that workloads or data about a nation’s citizens cannot leave the country or rest on a server that isn’t within that nation’s borders. Hardware-enabled features like trusted boot can help support data sovereignty. On application start-up, trusted boot can help verify that data is exactly where it is supposed to be, or else prevent an application from running with migrated data.

Securing Public, Hybrid, and Private Clouds

Businesses that invest in private cloud infrastructure or public clouds can benefit from Intel® hardware-based security, which creates a trusted foundation for data at rest, in flight, and in use. Key Intel innovations help deliver accelerated cryptography, trusted execution for applications, a root of trust in the firmware layer, and tamper-resistant storage.

  • Intel® Xeon® Scalable processors provide hardware-enhanced features including Intel® Total Memory Encryption (Intel® TME). Intel® TME helps ensure that all memory accessed from the Intel® CPU is encrypted, including customer credentials, encryption keys, and other personally identifiable information.
  • Intel® Software Guard Extensions (Intel® SGX) on select systems helps protect application integrity and data confidentiality. This technology establishes “data enclaves” within memory to help isolate data in use. Intel® SGX is a key technology that helps enable confidential computing for cloud and multiparty compute models and is especially relevant for sensitive data workloads in regulated segments such as financial services, healthcare, and government.
  • Intel® Platform Firmware Resilience (Intel® PFR), exclusively available on Intel® Xeon® Scalable processors, helps increase protection against firmware interception, helps detect firmware corruption, and can restore compromised systems to a known good state.

Enabling Multiparty Computing

The confidential computing initiative helps enable an emerging use case in cross-organizational collaboration known as multiparty computing. For example, the University of California San Francisco (UCSF) created a platform enabled by Intel® SGX to ensure patient confidentiality while using algorithms to engage curated data sets. This allows different hospitals to combine their data and accelerate research, which could lead to early disease detection or fast-tracking drug trials. The Confidential Computing Consortium is a community initiative that continues to explore possibilities like multiparty computing, made possible by innovations like Intel® SGX.

Security Through Collaboration

Intel works closely with cloud service providers (CSPs) to deliver the latest Intel® hardware and technologies to help defend against threats. This includes the implementation of new hardware generations with innovations like Intel® SGX and updates to firmware or threat databases to help ensure that platforms are operating with the most-up-to-date security patches. Using a public cloud allows businesses to benefit from cutting-edge technology while offloading the management burden to research and implement the newest technologies onto the CSPs. Regardless, businesses that are looking to design and deploy their own private cloud infrastructure, or work with CSPs to access public cloud resources, can start by seeking guidance from Intel.