San Francisco RSA Security Assembly March 2, 2010, the leader of the Global Information Infrastructure Solution EMC Corporation has unveiled a common vision with Intel and VMware to build a more secure, transparent, and accountable infrastructure for cloud services in the core business. This vision comes from the technical and professional experience of the EMC Information Security division RSA, Intel, and VMware, outlined in the latest RSA Information Security Overview Infrastructure Security: Understanding the nature of cloud compliance, and demonstrated through innovative proof-of-concept This week's first appearance at the RSA Information Security conference in San Francisco.
"Cloud computing is maturing into an enterprise platform, running High-value business processes and data, and we must be able to trust the physical infrastructure and virtual infrastructure," said Pat Gelsinger, president and chief operating officer of the EMC Information Infrastructure Product Division, Patte Kissing. Today, most organizations do not see much of what is happening at the cloud infrastructure level and therefore cannot verify their security. Our three companies together demonstrate that internal and external clouds are visible, measurable, and can be reported, providing secure management of the company's most important business processes. ”
To create a trusted cloud infrastructure
The GRC (monitoring, risk, and compliance) experts of RSA, Intel, VMware, and Archer Technologies (recently acquired by EMC) have demonstrated a vision of a trusted cloud infrastructure that delivers tremendous operational benefits to organizations and service providers running the private cloud.
This concept includes hardware trust roots, secure virtual environments, security information and event management, and GRC (governance, risk and compliance) management software that delivers truly unprecedented visibility into the bottom of the cloud. At the RSA Information Security conference in San Francisco this week, the first public display will include:
1 Greater visibility. You can see the activity and actual state within the physical and virtual machines, enabling the organization to have the ability to verify security conditions, into the old cloud "black box".
2 Finer control. Enhance differentiated policies in private clouds, such as which types of physical hardware can run virtual machines, and which tenants or business units can coexist and share resources.
3 Simplify compliance. Gather, analyze, and report on the activities and events of the infrastructure layer through automated processes.
"As one of the federal government's leading cloud computing providers, Terremark has been focused on the application of Secure cloud computing," said Chris Day, Terremark global chief Security architect. For Terremark, proving compliance on a shared, virtualized platform is a manual, complex, labor-intensive activity. As a vcloud partner, it will be very attractive to our customers and our own business if we can easily validate compliance, security, and control on a multi-tenant, virtual infrastructure. The technology convergence demonstrated here by VMware, Intel and EMC once again proves that our technology partner choices are right and that the customer chooses Terremark to provide the cloud infrastructure. ”
This new trusted computing architecture is based on Intel's Trusted execution technology (Trusted Execution Marvell, TXT). It identifies each step of the startup sequence, from verifying the hardware configuration, to initializing the BIOS, to starting the management program. Once started, the VMware Virtual environment collects data from hardware and virtual layers, bringing the flow of meta data into the Rsaenvision security information and event management platform. The Rsaenvision solution analyzes events that flow through the virtual layer, identifying events and situations that affect security and consistency. This information then forms in the Archer SmartSuite Framework solution, presenting a unified, policy-based organizational security and compliance assessment through a central console.
Burton Group senior analyst Chris Wolf said, "18 months ago, Burton Group has pointed out that the concerns about privacy, isolation and audit control are the main problems of the enterprise cloud infrastructure as a service." Now, however, cloud services based on hardware-trusted roots are emerging, and these concerns are beginning to wane. To our great encouragement, several excellent suppliers have shown early leadership and taken a very positive first step in fully meeting the requirements of PCI compliance and providing clear security boundaries. Coupled with a clearly defined layered security model, the necessary audit, policy enforcement control, you can really encourage enterprises to adopt cloud architecture as a service. ”
Bryan Doerr, chief technology officer at Savvis, said, "For a long time, Savvis has a good reputation for its excellent operations and one of the early adopters of the new Vcloud program." We have long-term cooperation with industry leaders such as VMware, Intel, EMC and Cisco. At the same time, we support the VCE Alliance approach. We share the security requirements of a multi-user shared cloud architecture with VMware, RSA and Intel, and the technology we are looking for this week in RSA is the innovation we seek. The simple, proven, auditable compliance control and security measures that have traditionally been achieved only through physical isolation and strict, secure, compliance controls and security measures will be a major improvement. This reflects the benefits customers gain through collaboration and innovation with Savvis, VMware, Intel, and EMC. ”
A new information security overview reveals the nature of cloud compliance
Also today, RSA publishes a new security profile titled "Understanding the Nature of cloud compliance." It outlines the current challenges of cloud infrastructure security services and provides guidance on how to improve the visibility and controllability of private clouds and meet compliance requirements.
The authors of the security essentials include many of the industry's most important security and virtualization experts. Among them are founder Jon Darbyshire of Global GRC leader Archer Technology, vice president and general manager of Intel Corporation system software, Douglas Fisher, EMC chief Technology Officer for Information Security division Bret Hartman, And senior vice president and chief technology officer of VMware Research and Development, Dr. Stephen Herrod.
In the new summary, the authors collectively believe that the next goal of cloud computing compliance will be to develop simpler and more reliable ways to verify the security of physical and virtual machines in the cloud. The authors describe the business, security, and compliance advantages of building a secure private cloud based on a hardware-trusted root, and introduce a vision that leverages existing IT solutions and services to create a cloud services infrastructure that will be easily inspected, evaluated, and reported in the future.
"With Intel Trusted Execution Marvell's Hardware trusted root support, cloud vendors can provide an infrastructure that allows IT departments to comply with business needs," said Kirk Skaugen, vice president and general manager of Intel Data center business. Implement and manage their security policies. Partnering with Intel, VMware, and EMC helps build safer, more efficient IT solutions. ”
"VMware vsphere Solutions can provide a foundation for customers to achieve ' more secure than physical architecture ' on their journey to cloud computing," said Dr. Stephen Herrod, chief technology officer and senior Vice president of VMware Research and development. By working with EMC and Intel's technical experts, we are now reasonably taking the next step in enhancing cloud security, and with better insight into these environments, customers can ensure that their data and applications are secure and compliant. ”
The RSA Information Security Essentials aims to provide the information security leaders with the necessary guidance for the most urgent information security risks and opportunities. Each security profile is compiled by a select group of expert responders who mobilize organizations to share expertise on a major new subject. The RSA Information Security Overview provides a panoramic insight, as well as practical technical advice, and is an important reading material for today's leading security practitioners. The latest RSA Security Essentials "Understanding the nature of cloud compliance" is now available for download from the RSA Web site www.RSA.com/innovation.