VMware, RSA, Intel Join Forces to Secure Cloud Computing Environment
Security is a major thorn on the rose of virtualization and, especially, cloud computing. It's no surprise, therefore, that it is among the technologies front and center this week at RSA's annual security conference being held in San Francisco, Calif.Virtually Speaking: VMware, Intel and RSA have partnered to make cloud computing more secure, for the private cloud. Will anyone care?
One of the more interesting announcements to come out of the show came from RSA, sister company VMware (NASDAQ: VMW) and Intel (NASDAQ: INTC). The three companies, along with GRC experts from Archer Technologies, which parent company company EMC (NASDAQ: EMC) recently acquired, will work together to build a trusted cloud infrastructure.
The focus at this time is primarily on private cloud, which arguably one in the same as a virtualized data center. Together, the three companies will provide a hardware root of trust, a secure virtualization environment, security information and event management, and GRC management software.
At the show the three companies are providing proof of concept as to how they will provide greater visibility into actual conditions within the bottom-most layers of the cloud.
According to RSA, the foundation of its trusted computing infrastructure is a hardware root of trust derived from Intel's Trusted Execution Technology (TXT). It authenticates each step of the boot sequence, from verifying hardware configurations and initializing the BIOS to launching the hypervisor.
After it launches, VMware steps up to the plate, collecting data from both the hardware and virtual layers. It, in turn, feeds a continuous, raw data stream to RSA's enVision Security Information and Event Management platform. This information is then contextualized within the Archer SmartSuite Framework solution, which presents a unified, policy-based assessment of the organization's security and compliance posture through a central dashboard.
The entire process will enable customers to see exactly what is going on within physical and virtual machines and verify secure conditions in the cloud. In addition, more finely grained policy controls will allow the enforcement of differentiated policies in private clouds (e.g., the type of hardware on which a virtual machine is allowed to run and which tenants or business units may reside on the same virtual machine and share resources). Finally, the trusted infrastructure will provide automated processes for collecting, analyzing and reporting for infrastructure-level activities, making compliance a more streamlined process.
All of this goes a long way toward improving the perception of cloud computing. A seamless and integrated solution that covers everything from the hardware itself to software policies and is transparent, seems an ideal solution for even the most techno-phobic enterprise.
Yet, it's equally arguable that the private cloud is ostensibly the data center itself, particularly if virtualization is involved. In such cases, cloud-specific security is far less noteworthy and perhaps critical than data center security itself.
The hybrid or public cloud, however, is a different story. Here, such a solution would likely make a huge difference and might be the ultimate driver of cloud adoption. If, indeed, they pursue that path.
Amy Newman is the managing editor of ServerWatch and Enterprise IT Planet. She has been covering virtualization since 2001, and is the coauthor of Practical Virtualization Solutions, published by Pearson in October 2009.