Best Practices for Cloud Security


Published on

How do you secure your most sensitive data in the cloud? How can you provide the right level of authentication controls or encryption services? These are some of the key challenges of virtualization in the cloud. Intel IT responded by creating an architecture called a High Trust Zone (HTZ). This architecture greatly increases flexibility and focuses on rapid detection of compromise and survivability. In particular, it uses zones of trust that provide more flexible, dynamic, and granular controls than do traditional enterprise security models.

Published in: Technology, Business
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide
  • Virtualization and Cloud Aside from the technology, the main challenge with Virtualization is the flipside of benefits. With greater Efficiency comes greater asset density. And with greater asset density comes a larger attack surface. So the goal for us is figuring out the right level of controls that we need to expand and adopt.
  • The key guidance for implementing controls steams from how we decide to handle Trust and Consequence.Before we build out our environments we consider the amount of trust that we want to build into them.And as we move servers and applications into these environment we consider how much risk they can assume.
  • We came up with 3 kinds of virtualization environments. Low Trust Zones, High Trust Zones and something in between.In the case of the DMZ we started with a virtualization environment that at its core had a lot of risk from exposure to the internet. So we created multiple zones of consequence within that environment.In the case of the HTZ (High Trust Zone) we sough to create an environment that can be considered trustworthy. I’ll go into a little more detail on each of these next.
  • The High Trust Zone came about from the need for virtualizing Internal Enterprise applications and servers that hosted Mission Critical data or business functions or systems and servers that hosted highly classified data. In our road down virtualization we hit a security limiter and needed to create a solution.
  • Best Practices for Cloud Security

    1. 1. Virtualization Securityto Enable the Private Cloud
    2. 2. Virtualization and Cloud:Business Drivers • Scalable • Multi-Tenancy • Efficiency • Elastic • Self-Service Landscape of cloud security may change based on the cloud implementation2 Copyright © 2012, Intel Corporation. All rights reserved.
    3. 3. Virtualization Challenge Server Virtualization Increases efficiency Concentrates our assets OPTIMIZATION CHALLENGE Efficiency Controls Asset Density3 Copyright © 2012, Intel Corporation. All rights reserved.
    4. 4. Virtualization Security Challenges: Key Risks Technology: Hypervisor integrity, multi-tenancy Infrastructure: Shared resources, management interfaces, automation and support code Operational: Separation of duties, administrative access, path to production, image protection and life-cycle Application: Code quality, development practices, application characterization, pre-existing vulnerabilities4 Copyright © 2012, Intel Corporation. All rights reserved.
    5. 5. Security Challenges:ControlsSecurity is a balancing act between business needs and risk • Key controls • Careful trust segmentation • Application risk reviews • Identity and access controls • Proper classified data handling • Security event and incident logging Intel IT’s “Protect to Enable” Security Strategy5 Copyright © 2012, Intel Corporation. All rights reserved.
    6. 6. Security Challenges:ImplementationBased on risks and controls how do we virtualize? Trust: Resistance to Compromise • How much do we Trust an application or server? • How much do we Trust the virtual environment? Consequence: Impact of Compromise • How much Risk can a server or application accept? • How much Risk does a virtual environment assume?6 Copyright © 2012, Intel Corporation. All rights reserved.
    7. 7. Security Challenges:Implementation Granular Trust Environments High Trust Zone (HTZ): Secured virtual environment, highest controls, managed risk Medium Trust Zone (e.g. DMZ): Secured virtual environment, high controls, managed risk Low Trust Zone (LTZ): General virtual environment, low controls, varying risk Granular Trust Environments allow for balance of risk versus controls7 Copyright © 2012, Intel Corporation. All rights reserved.
    8. 8. High Trust Zone:Need and Concept • Controls relative to Risk Posture – Limited logical access, extra physical separation, more extensive monitoring, better vetting of applications • Solution – Create a trust zone for virtual servers and apps that require greater protection • Delivers – Granular Trust Enablement – Levels of controls are proportionate to value of assets – Strengthen application implementation security8 Copyright © 2012, Intel Corporation. All rights reserved.
    9. 9. Lessons Learned • Holistic view of risk and vulnerability is required • Virtualization technology is still maturing • Virtualization administrators must be treated as a “super admin” • Applications and systems landing in the environment must be hardened There are still functions that cannot be virtualized9 Copyright © 2012, Intel Corporation. All rights reserved.
    10. 10. To Learn More… Virtualizing High Security Servers radio show Looking into the Cloud radio show Virtualizing High-Security Servers paper10 Copyright © 2012, Intel Corporation. All rights reserved.
    11. 11. More Resources Enterprise Private Cloud Architecture Rethinking Information Security Information Security Protect to Enable Strategy video Learn more about Intel IT’s Initiatives at Copyright © 2012, Intel Corporation. All rights reserved.
    12. 12. Legal NoticesThis presentation is for informational purposes only. INTEL MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS SUMMARY.Intel, and the Intel logo are trademarks of Intel Corporation in the U.S. and/or other countries.* Other names and brands may be claimed as the property of others.Copyright © 2012, Intel Corporation. All rights reserved.12 Copyright © 2012, Intel Corporation. All rights reserved.