Security concerns have long been a detriment to cloud deployment plans. In certain regulated industries not being able to guarantee that certain workloads and data are on a specific machine have been straightforward showstoppers, e.g. in Healthcare and Financial Services.
IBM’s approach to run bare metal servers in its SoftLayer cloud has always been a step to get the security concerns of enterprises better addressed. But at the end of the day, there was never the ultimate guarantee that e.g. a specific process could only run on a specific machine or data could not be accessed if not on a specific machine. Today’s announcement of IBM and Intel partnering changes that – and with that is quite relevant to increase cloud adoption in the enterprise.
The press release can be found here –so let’s analyze it in usual style:
IBM (NYSE: IBM) today announced that SoftLayer it will be the first cloud platform to offer its customers bare metal servers powered by Intel® Cloud Technology that provides monitoring and security down to the microchip level.
Intel® Trusted Execution Technology (Intel® TXT) provides hardware monitoring and security controls that help assure businesses that a workload from a known location on SoftLayer infrastructure is running on trusted hardware. This assurance provides an essential level of confidence—and even compliance certification—for organizations moving sensitive and mission-critical operations to the cloud.
MyPOV – A hardware based technology like Intel TXT will beat out security provided in other layers of the ISO stack. Compliance certification is going to be a huge benefit for regulated industries.
These new security capabilities put IBM at the forefront of security innovation helping organizations develop solutions around areas such as governance, compliance, audit, application security, privacy, identity and access management and incident response. IBM will also be offering services to help customers implement this new capability into their applications and platforms.
MyPOV – I am usually critical of IBM making the areas between product and service gray, but that’s not the case here and the new customers will need help to setup the new security infrastructure.
“Security perception remains the biggest hurdle for wide-spread enterprise cloud adoption,” said Marc Jones, CTO for SoftLayer. “SoftLayer is the only bare-metal cloud platform offering Intel TXT, leading the industry in enabling customers to build hybrid and cloud environments that can be trusted from end-to-end.”
MyPOV – Others will follow quickly – but IBM certainly has first mover advantage. Coupled with the announced expansion to 40 data centers (we covered the news here) the combination of location and physical machine addresses security and governance concerns very well.
Intel TXT is especially advantageous for large enterprises subject to compliance and audit regulations, such as healthcare, financial services and government organizations. It helps ensure that trusted resources can be integrated, managed and reported on with the relevant compliance frameworks (HIPAA, PCI, FedRAMP, ISO, FISMA, SSAE16). With IBM Cloud and SoftLayer infrastructure, these organizations will be able to certify a cloud computing pool is appropriately secured for workloads with exposures such as governance and enterprise risk, information and life-cycle management, compliance and audit, application security, identity and access management and incident response.
MyPOV – It will be key to address not only compute load but equally data access and residency. With the related operations to secure the machine. What happens if a rogue employee manages to walk out of a data center with a server under the arm or syphon data off via USB stick? The load would not run – but what about the data that maybe on the machine. Encrypted certainly. Today physical security is the only effective protection.
“It is becoming increasingly important to provide cloud environments with the same, if not greater levels of security as your on premise technology environments,” said Rick Echevarria, Vice President of Intel Security Group, General Manager, Intel Security Platform and Solutions Divisions. “By building on IBM’s history of security innovation, with this solution based on Intel TXT, SoftLayer is demonstrating that such levels of cloud security are now possible and available.”
Intel TXT verifies the components of a computing system from its operating system or hypervisor all the way to its boot firmware and hardware. Combined with attestation (root of trust software) this verification is then used to permit or deny a workload from running on that select server system. Hybrid cloud solutions can leverage partner software and Intel TXT, to limit data decryption to specific geo-located servers, in support of local data privacy laws. And because Intel TXT is activated during boot up, this added security does not add any performance overhead to applications.
MyPOV – The advantage of hardware centric security are very small performance de-gradation as exemplified here.
To use Intel TXT, SoftLayer customers need only order bare metal servers available with a Trusted Platform module (TPM) installed. Once activated and deployed with attestation software Intel TXT allows clients to build trusted computing pools of IT resources in the cloud with an added level of visibility and control. Designed to measure the execution environment and protect sensitive information from software-based attacks Intel TXT operates with TPM, an industry-standard device that can securely store the measurement artifacts, to verify the integrity of the hardware, firmware and software. This assurance provides an essential level of confidence—and even certification—for organizations moving sensitive and mission-critical operations to the SoftLayer Infrastructure.
Softlayer is a member of the Intel Cloud Technology program which identifies CSPs using Intel processors for reliable industry-leading performance and quality. Intel TXT is available today on SoftLayer bare metal servers with the following Intel processors:
· Intel® Xeon® E5-2600 v2
· Intel ® Xeon® E3-1200 v3
· Intel ® Xeon® E5-4600
MyPOV – We need to dig a little deeper to understand what load and utilization this covers for existing IBM Cloud customers and if other, potentially more prominent processors can be retrofitted or if these clients need to migrate servers in order to take advantage of TXT.
[…]
Today’s announcement builds on IBM’s security offerings including software and services to help customers strategically and holistically manage information technology and operational risk end-to end across all including:
· information security
· threat and vulnerability management
- identity and access management
· application security
· physical security
MyPOV – Good move by IBM to keep working on the security angle for the IBM Cloud positioning – certainly security has helped IBM’s success and it’s good to see the vendor keeping the focus and investment on this critical area for many customers.