EMC Targets FISMA Compliance in Cloud Networks
EMC is developing technology to track and verify the location of virtual machines in cloud networks, potentially solving one of the key sticking points preventing customers from using the cloud.
Mon, August 30, 2010
Network World — EMC is developing technology to track and verify the location of virtual machines in cloud networks, potentially solving one of the key sticking points preventing customers from using the cloud.
Because of FISMA, the Federal Information Security Management Act, customers who put sensitive data in cloud services need guarantees that VMs stay within the country, says Chad Sakac, vice president of the VMware (VMW) technology alliance at EMC (EMC). This is a problem for a cloud provider like Terremark, an EMC partner, which operates data centers in multiple continents and uses live migration technology to move virtual machines, potentially from one country to another, he says.
"Right now, there's nothing that provides any verifiability of where a virtual machine lives," Sakac says. "There's nothing stopping you from moving a VM from one place in the world to somewhere else, and more importantly, there's no way to audit that at any sort of scale."
At VMworld in San Francisco this week, EMC will preview technology that combines its own RSA security tools with VMware virtualization software and Intel's (INTC) hardware-based security features "to ensure isolation of regulated workloads and hardware root of trust."
The technology -- which he describes as "geolocation" because it will ensure that virtual machines stay within specific geographic boundaries -- should hit the market sometime early next year.
In theory, the combination of technologies could be used to automatically prevent the movement of VMs from one location to another in cases where it would violate FISMA rules. But Sakac says EMC customers have provided "mixed feedback" on whether they want that process to happen automatically, or if they want more manual control.
"On the security stuff, the most important thing is to be able to audit," and let humans make decisions because of the complexity involved, he says.
This particular announcement builds on a demonstration at the RSA Conference earlier this year, which combined RSA with Intel and VMware technology to create a hardware root of trust in virtualized servers.
The hardware backbone is provided by Intel's TXT, or Trusted Execution Technology, which creates a system in which applications can run in a protected space that is isolated from all other software.
The EMC/VMware/Intel triumvirate is not the only set of vendors working on the problem of FISMA compliance in cloud computing and virtualized infrastructures. Google (GOOG) has announced FISMA certification for its Google Apps cloud applications, but only for government customers.