A ZDNet Multiplexer Blog What's this?

Protecting data in the open cloud

Enterprises of all shapes and sizes report that one major obstacle in moving to the cloud is security.

By nature, cloud computing environments introduce resource sharing among disparate workloads, and again by nature this includes outside parties.

Intel Xeon processors are an excellent basis for supporting such business requirements within open-source cloud management solutions such as OpenStack, leveraging Intel Advanced Encryption Standard New Instructions (AES-NI) and Intel Trusted Execution Technology (TXT).

AES-NI provides pervasive encryption, which passively encrypts and decrypts data transparently and without the performance hit that traditional encryption/decryption requires. This is because AES-NI is implemented by hardware acceleration on the Xeon processor.

TXT verifies the trustworthiness of a given server, establishing a hardware root of trust that allows the measurement and verification of the launch environment. This ensures confidence that a server has not been tampered with, and that the platform is trustworthy.

Intel is a key member of the OpenStack Foundation, and it contributes substantial code and expertise through the OpenStack community. These contributions have played a significant role in advancing the overall efficiency and security of the platform.

Consequently, the benefits of Intel Xeon processor capabilities are supported in OpenStack, and because OpenStack is a freely available open-source community project, it -- along with the ecosystem built on top of it -- provides enterprises and cloud providers the ability to leverage Intel's security offerings in real-world implementations.

Security concerns in the cloud are many, and span challenges across the physical, virtual, and cloud layers alike. These concerns include:

  • Aggregated risk: The underlying physical host can be exposed to risks introduced by the applications and services associated with each of the virtual machines that run on it
  • Multi-tenancy: Shared physical resources like disks, memory, and processor caches are potentially vulnerable if the hypervisor or another virtual machine is compromised
  • Data location: Legislative or contractual requirements for data sovereignty may mandate strict geographical locations where the data can be physically housed
  • Resources outside IT control: Boundaries between datacentres and cloud providers can be blurred in public clouds, creating a dependence on third parties for protection and control
  • Novel attacks: Rootkits, stealthy malware, and hidden infections to hypervisors, virtual machines, and operating systems can spread through a cloud environment, particularly as servers within zones may have no firewall protection from each other.

These challenges are directly tackled by Intel Xeon capabilities, and these benefits are available to any OpenStack customer because of the code contributions Intel has made.

AES-NI prevents unauthorised access to data, even if other layers of security are compromised. This is highly desirable in the cloud, where information continually moves over network connections and servers.

TXT ensures confidence and trust in a server's integrity, and is the foundation of trusted compute pools, which can be used to host privileged or sensitive data and workloads.

OpenStack implementations benefit from Intel hardware technologies and software contributions, permitting trusted computing environments and high-performance encryption.