Cloud computing offers what every business wants: the ability to respond instantly to business needs. It also offers what every business fears: loss of control and, potentially, loss of the data and processes that enable the business to work. Our announcement at the OpenStack Summit of Intel® Cloud Integrity Technology 3.0 puts much of that control and assurance back in the hands of enterprises and government agencies that rely on the cloud.
Through server virtualization and cloud management software like OpenStack, cloud computing lets you instantly, even automatically, spin up virtual machines and application instances as needed. In hybrid clouds, you can supplement capacity in your own data centers by “bursting” capacity from public cloud service providers to meet unanticipated demand. But this flexibility also brings risk and uncertainly. Where are the application instances actually running? Are they running on trusted servers whose BIOS, operating systems, hypervisors, and configurations have not been tampered with? To assure security, control, and compliance, you must be sure applications run in a trusted environment. That’s what Intel Cloud Integrity Technology lets you do.
Intel Cloud Integrity Technology 3.0 is software that enhances security features of Intel® Xeon® processors to let you assure applications running in the cloud run on trusted servers and virtual machines whose configurations have not been altered. Working with OpenStack, it ensures when VMs are booted or migrated to new hardware, the integrity of virtualized and non-virtualized Intel x86 servers and workloads is verified remotely using Intel® Trusted Execution Technology (TXT) and Trusted Platform Module (TPM) technology on Intel Xeon processors. If this “remote attestation” finds discrepancies with the server, BIOS, or VM —suggesting the system may have been compromised by cyber-attack—the boot process can be halted. Otherwise, the application instance is launched in a verified, trusted environment spanning the hardware and the workload.
In addition to assuring the integrity of the workload, Cloud Integrity Technology 3.0 also enables confidentially by encrypting the workload prior to instantiation and storing it securely using OpenStack Glance. An included key management system that you deploy on premise gives the tenant complete ownership and control of the keys used to encrypt and decrypt the workload.
Cloud Integrity Technology 3.0 builds on earlier releases to assure a full chain of trust from bare metal up through VMs. It also provides location controls to ensure workloads can only be instantiated in specific data centers or clouds. This helps address the regulatory compliance requirements of some industries (like PCI and HIPAA) and geographical restrictions imposed by some countries.
What we announced at OpenStack Summit is a beta availability version of Intel Cloud Integrity Technology 3.0. We’ll be working to integrate with an initial set of cloud service providers and security vendor partners before we make the software generally available. And we’ll submit extensions to OpenStack for Cloud Integrity Technology 3.0 later this year.
Cloud computing is letting businesses slash time to market for new products and services and respond quickly to competitors and market shifts. But to deliver the benefits promised, cloud service providers must assure tenants their workloads are running on trusted platforms and provide the visibility and control they need for business continuity and compliance.
Intel Xeon processors and Cloud Integrity Technology are enabling that. And with version 3.0, we’re enabling it across the stack from the hardware through the workload. We’re continuing to extend Cloud Integrity Technology to storage and networking workloads as well: storage controllers, SDN controllers, and virtual network functions like switches, evolved packet core elements, and security appliances. It’s all about giving enterprises the tools they need to capture the full potential of cloud computing.