That thought turns out to be the perfect "prequel" for today's announcement from VMware, Intel and EMC/RSA.
They've demonstrated a proof-of-concept for securing the cloud that's arguably far better than anything you'd find in most of today's data centers.
The Chain Of Trust
I found myself violently agreeing with many of the things said in the accompanying white paper. Although I didn't have anything to do with its creation, it looks like something I'd really like to write. Many of the themes that I've covered here can be found in this document.
And, in this model, it all starts with a "hardware root of trust".
Getting Down To The Roots
If you can't trust your underlying hardware, it's hard to build a trusted and secure framework. Take this thought to its logical conclusion, and we're talking CPU-level support.
That's where Intel comes in. From the press release:
".. The foundation for this new trusted computing infrastructure is a hardware root of trust derived from Intel® Trusted Execution Technology (TXT), which authenticates each and every step of the boot sequence, from verifying hardware configurations and initializing the BIOS to launching the hypervisor."
Simply put -- in this environment, you can trust what you're booting -- not only the server hardware, but the low-level BIOS as well.Why is this becoming important? From the white paper:
"While security of IaaS-level components have been relatively safe in the past, data centers are increasingly finding their servers under attack – not just by the more common viruses and Trojans, but by more sophisticated, coordinated security threats.
New types of malicious software, or “malware," have emerged that specifically target the foundations of the cloud: virtual machines and physical servers. Two of the better-publicized examples are the Blue Pill, which was first presented at the Black Hat Conference in 2006, and SubVirt, a lab project developed by University of Michigan researchers with funding from Microsoft.
Blue Pill and SubVirt are both examples of a class of malware called “virtual rootkits,” which shim themselves between operating systems and the system hardware. Virtual rootkits effectively masquerade as a virtual machine manager or hypervisor, shielding themselves from antivirus scans and other forms of detection, practically all of which are software based and rely on the hijacked OS. Once in place, virtual rootkits can intercept any function of the operating system – such as someone entering a password – while performing almost any illicit activity imaginable."
More good stuff in the white paper -- go read!
Building On The Hardware Root Of Trust
Once the computing environment is deemed secure, the rest of the stack described plays important roles, all built on top of this foundation.
First, VMware uses this trusted foundation to create secure perimeters around individual virtual machines, in addition to protecting its own resources. VMware's hardening guidelines are robust; they are made even more robust by being able to leverage a trusted hardware platform.
Second, EMC/RSA's enVision performs security information and event management, or SIEM. It's continually monitoring the environment: looking at configurations, changes, events -- anything at all that might compromise the secure and trusted nature of the environment.
Third, Archer (recently acquired by EMC/RSA) provides the "compliance management" framework to measure risk, identify gaps, and provide streamlined compliance reporting that frankly goes far beyond most traditional IT environments.
Most importantly, the SIEM and compliance management tools are under the complete control of the tenant, and not the service provider. We believe "secure mutlitenancy" must address the relationship between service provider and tenant, and not simply be a set of paper promises.
So, What Does All This Look Like?
Glad you asked.
Of course, we're just showing a subset of the RSA capabilities here, and not everything that can potentially be done in this domain. For example, this diagram doesn't show things like per-VM encryption and key management, adaptive authentication, and other differentiated capabilities of interest to both service providers and their tenants.
Not every enterprise application workload needs bulletproof security and compliance -- but some do. And it's pretty obvious to me that a service provider that provided these sorts of choices in a dynamic and convenient fashion would have a competitive advantage over one that didn't.
Needless to say, I'd assume that "gold" is a more expensive service than "bronze" :-)
Finally, the combination of enVision working with Archer's GRC framework leads to a useful dashboard that gives a high-level view of compliance, as well as potential areas for improvement.
This example shows a PCI-compliant retailer who is using an external service provider.
Note the use of the term "campaign" to refer to ongoing continual improvement efforts for security and compliance.
Once again, I want to make it clear -- this isn't intended as a man-behind-the-curtain interface for the SP; it's what a tenant would see to continually assure security and compliance from their service provider.
If you'd like to see this as a video, please check out this link. Note: the version that I saw had very low volume levels, and some long gaps in the action -- most definitely not produced by marketing people :-)
Other Angles
Well, since this is only a proof-of-concept at present, we really can't position it as a deliverable as a deliverable with VCE and Vblocks. But you can use your imagination ...
There's also an interesting storage angle: imagine that you were a IT vendor using Intel's latest to build your storage platform. What interesting things could be done to provide a level of "hardware trust root" security for the storage domain?
Interesting thought, that ...
What Does All This Mean?Quite a lot, when you put it all together.
First, service providers of all stripes will likely find willing customers who will pay for this end-to-end "trusted" approach, built on a hardware root.
Second, our notions of "secure multitenancy" need to move far beyond the simplistic notion of keeping tenants seperate from each other; the key will be to enable enterprise IT organizations to provide the same sorts of security and compliance assurances they do in traditional environments when using external service provider resources.
Third, the division of responsibilities between service provider and tenant is moving fast. Demanding tenants need more than promises to trust their service provider: they need visibility and transparency into the underlying protection mechanisms and how well they're performing.Fourth, it's all about the virtual machine, isn't it? So much of these newer and advanced approaches simply assume that most everything will run in a virtual machine, presumably VMware.
And, finally, back to my original premise: private clouds will become compelling when they provide a better level of IT services not easily found in traditional IT environments.
And that is exactly what I think we're seeing here ...
Hey Chuck,
I produced the video. Sorry for the volume issues and I trimmed as much as I could to speed it up!
And yes, I'm not in marketing! :)
mike
Posted by: Mike Foley | March 02, 2010 at 12:13 PM
Hi Chuck
Given that we have had success with this joint proof of concept and its outcome hopefully comes closer to demonstrating a valid approach to securing the cloud in the way that the security, standards and compliance bodies such as the PCI DSS and ISO standards organisations are likely to mandate for cloud going forward, is there scope for inviting representatives from those various bodies to participate in a round table / conference to thrash out the components they will need to have in place to validate a VMware based cloud platform as being suitable for the various compliance and security standards most of our customers wish to be able to comply with in the Cloud?
Customers are calling out for someone to start the ball rolling with regard to the various standards, compliance and security bodies validating and certifying a particular 'cloud configuration' and this announcement and the POC itself would seem to offer a good opportunity for us to do that
If this is not kicked off as a joint EMC / VMware / Intel project in the near future we are liable to see the pace of cloud deployments in some industries hamstrung not by technology but by the pace of the standards, security and compliance organisations slowness to respond to the opportunity.
If we could leverage the important work that EMC / VMware and Intel have done to demonstrate an end to end secure hardware / virtual stack to invite informed comment perhpas we can accelerate this process to the benefit of customers and vendors alike
Posted by: Alex Tanner | March 02, 2010 at 12:50 PM
Hi Alex
I tend to have a more pragmatic view of this.
1) Industry has a problem
2) Vendors respond with proprietary solutions
3) Critical mass is achieved, standards become interesting
4) Standards committees form to create an open marketplace of interoperable components and associated use cases.
5) Vendors sell more stuff as the market is now larger.
6) Go to #1 above.
Put differently, I see the standards efforts being most productive when there's something tangible to go standardize. Usually, this takes the form of vendor-specific solutions that are gaining traction in the market.
Ethernet wasn't always a standard. Same for UNIX, etc. Your opinions may vary :-)
-- Chuck
Posted by: Chuck Hollis | March 02, 2010 at 01:35 PM
Hi Mike Foley -- thanks for doing the video! I don't know if any video that I produced would turn out any better, and I work with marketing people all the time!
-- Chuck
Posted by: Chuck Hollis | March 02, 2010 at 01:39 PM
No worries Chuck. Glad to do it. I wish I had had more time to polish it up but it all came together quite quickly.
Customers are diggin' the demo here at the RSA Conference!
Posted by: Mike Foley | March 03, 2010 at 08:13 PM