An Executive Brief Sponsored by IBM
Michael Suby
Vice President of Research
September 2015
Cloud Computing without Security Compromises
© 2015 Stratecast. All Rights Reserved.
Cloud computing is a new page in how information technology (IT) is accomplished. But cloud computing is more
than just a page when security is the focus; it is a chapter. General-purpose
clouds, page one, are designed to secure workloads up to a point. That point
is: you, the user, are reliant on the cloud provider to secure the underlying
cloud environment—the servers, its operating system, and the virtualization
layer. This is the shared security model of the cloud; a portion of security
responsibility resides with the cloud provider, and the rest resides with the
users.
In response to this shared security model, IBM has taken innovative
measures to secure its SoftLayer cloud platform. The inclusion of Intel
TXT-based servers in its SoftLayer Infrastructure as a Service (IaaS)
service options, and the development of IBM Cloud Data Encryption
Services (ICDES) based on Security First Corp.’s SPx® data-centric
cyber defense technology is a one-two punch in widening the gates to
cloud computing for sensitive workloads. Furthermore, IBM’s cloud
advanced data security approach is flexible, transparent to end users,
affordable, and administratively lightweight—attributes that should not go
unnoticed for enterprises as they evaluate their cloud options.
For many workloads, having a shared security model is sufficient, as cloud providers have designed their
environments to be secure. It is like your home: in compliance with building codes, doors and windows have
locks, a smoke detector on each floor, and there is a streetlight and a fire hydrant nearby—standard security,
suitable for most homeowners. But what about in business, when your workloads are more sensitive in nature
and have less risk tolerance and higher security standards? What can be done to support them in the cloud?
What extra security components do you need to be confident that your cloud-hosted workloads have top-shelf,
affordable security, when that level of security is a necessity?
Cloud computing also shines a spotlight on data protection. While this may seem slightly odd, as securing and
protecting data resides predominately on the user side of the shared security model, the distributed, fluid, and
ephemeral attributes of cloud computing raises the stakes on data protection. Essentially, how can cloud users
ensure that their sensitive data is adequately protected while in the cloud and outside of their enterprise
environment?
Just as cloud computing is a new page in IT, security can also turn to a new page or two. This new security page
in a world of clouds, gratefully, can be one of administrative ease and end user transparency, even while a higher
tier of security is delivered. Better security without additional burden or restrictions—is this really possible? In
this article we describe how it is possible; how IBM has merged Intel® Trusted Execution Technology (Intel®
TXT) into its SoftLayer IaaS offerings and its IBM Cloud Data Encryption Services to deliver on the promise of
cloud computing without compromises in security.
Cloud Layers IaaS
Data
Interfaces (APIs, GUIs)
Applications
Solution Stack
Guest OS
Virtual Machines
Virtual Network Interfaces
Hypervisor
Process and Memory (including BIOS and host OS)
Data Storage
Network
Data Centers
Cloud Users’ Responsibility
Cloud Provider’s Responsibility
Stratecast | Frost & Sullivan
© 2015 Stratecast. All Rights Reserved.
There are many constituents involved in an organization’s adoption and use of cloud services. Some are deeply
engaged; such as, business leaders, IT, and finance; while others are “concerned citizens” and, at times, very vocal:
such as end users. The information security (InfoSec) team is also part of the deeply engaged segment. Their
interest and role, as expected, is in managing a wide range of security risks, such as cyber threats aimed at
compromising systems; as well as preventing and mitigating unauthorized and fraudulent access to sensitive
data—all in a timely and reliably effective manner.
Like the other constituents, InfoSec professionals are tuned into the wave of cloud adoption. Data from surveys1
of InfoSec professionals by (ISC)2 highlight InfoSec professionals’ dramatically changed perspectives on cloud
adoption—from a generalized “we’ll see” perspective to one of “it is real and will grow significantly.” The chart
below illustrates this perspective change over the last two biannual surveys.
Even though cloud usage is expected to increase, InfoSec professionals are concerned about security threats.
Asked about their greatest cloud security threats, the threats of a data breach or data loss were rated as either a
top or high concern by approximately three-quarters of the survey respondents. As further demonstration of the
intensity of this concern, these two cloud security threats ranked a minimum of 10 percentage points higher in
concern than any other cloud security threat. The next two highest rated threats were: Account Hijacking (61%
rating this threat as a top or high concern), followed by Malicious Insiders (59%).
Very pertinent to InfoSec professionals is whether they can advise their organizations on using cloud services to a
fuller extent, such as for workloads containing sensitive data, with the confidence that security risks are
appropriately addressed. This is a challenge, as the InfoSec workforce is chronically understaffed. To place a finer
point on the understaffing challenge is the high level of concern InfoSec professionals voiced regarding security
technology sprawl; that is, the growing number of security technology products, vendors, and management
consoles that weigh heavily on their security operations. This operational challenge further intensifies as
enterprises add cloud environments to their IT footprints. As shown in the following chart, two-thirds of InfoSec
professionals are either somewhat or very concerned about security technology sprawl.
1 Frost & Sullivan analysis on the survey data is contained in The 2015 (ISC)2 Global Information Security Workforce Study.
Cloud Computing without Security Compromises
© 2015 Stratecast. All Rights Reserved.
Considering these perspectives of InfoSec professionals, what is an organization to do? The cloud will have a
growing IT presence. Yet, security concerns could have a restraining impact; and expanding into cloud
environments could materially add to an existing overload in security operations, resulting in less than optimal
security oversight. In other words, how can an organization leverage the cloud to a fuller extent while balancing
risk and operational effort? Furthermore, how can an organization maintain control over its data at all times
when that data is stored outside of its premises? The answer is to choose cloud environments at a workload
level, based on each workload’s risk tolerance. And, as part of this evaluation, check under the hood—the actual
infrastructure—of the “highly secure” cloud environments, to learn how risk is mitigated without increasing the
operational effort of the organization’s InfoSec staff.
IBM SoftLayer, a provider of IaaS offerings, recognizes that a “one size fits all” approach is inconsistent with
organizations’ varying security and performance requirements. To that end, the company offers choice: IaaS
provisioned on bare metal servers and virtual servers. Additionally, for organizations that require the highest
standards of security without compromising performance, IBM SoftLayer offers IaaS provisioned on bare metal
servers equipped with Intel TXT.
With Intel TXT, IBM SoftLayer customers gain an extra level of assurance on the integrity of the
servers in their IaaS environments. What this means is that these customers can reach through
the cloud provider-user demarcation in the shared security model, and pick up validating
attestation that the servers in IBM’s data centers that host their workloads are in a “known good”
state—and, of equal importance, whether not in a “known good” state.
The practical aspects of this attestation are straightforward. At each server launch, Intel TXT
conducts a processor-based (i.e., baked into silicon) evaluation of the platform software: firmware,
BIOS, operating system, and hypervisor. Compared to a version of a known-good system
Stratecast | Frost & Sullivan
© 2015 Stratecast. All Rights Reserved.
configuration, Intel TXT determines if compromises or abnormalities are present in any layer of the platform’s
software at launch time. If there are none, a root of trust has been established; that is, trusted integrity of the
software is built and carried forward from a high integrity foundation—the server hardware (i.e., the root).
With this software integrity attestation, IBM SoftLayer customers can create and apply policies for their workload
applications involving sensitive workloads and data. Again simplistically, if attestation is positive, they can spin up
the workload’s application. If negative, they suspend launch; or launch, but note that positive attestation is not
present. As this attestation information can be automatically fed into standard VM management tools and Security
Information & Event Management (SIEM) and Governance, Risk, and Compliance (GRC) systems, the incremental
operational overhead to the InfoSec staff is inconsequential; that is, no need to learn and use an additional
security console. What is not inconsequential is that IBM SoftLayer customers now have an auditable means to
demonstrate integrity of the infrastructure hosting their sensitive workloads in a cloud environment; something
they did not have before.
Another noteworthy example of the benefits of attestation of the platform’s software integrity pertains to
vMotion. As workloads move among servers, policies can be established to only permit movement to servers
that have received a positive attestation. vMotion is a beneficial performance and reliability feature. With Intel
TXT in IBM SoftLayer bare metal servers, high security standards are not undermined in the use of vMotion.
Similar Intel TXT-based policies can be applied in corralling workloads to specific physical locations (i.e., data
centers) running Intel TXT-equipped servers. This is a clear benefit for organizations that operate in regions that
have strict data locality or sovereignty regulations. Geo-defined policies, the records on servers that contain
regulated data, and the security integrity of those servers can also be automatically fed into a SIEM or GRC
system. This systematized control and recordkeeping eases the burden of proof for the organization’s compliance
personnel.
IBM Cloud Data Encryption Services (ICDES) is another new page in the cloud security chapter. This page is
dedicated to advanced data-centric protection to help safeguard data, even when network protection fails. This
highly efficient, kernel-level software combines data protection, data fault tolerance and simplified key
management. These combined capabilities yield the economics and flexibility of virtualization expected from cloud
environments.
Of high significance, ICDES goes beyond conventional file encryption, and is not reliant on an administrative-
heavy key management system. Here’s how ICDES accomplishes this:
▪ The ICDES software is installed on a server or a secure data-store for a virtual environment. Specific
directories and/or files can then be designated for protection.
▪ Files containing sensitive data are then stored in these designated directories, and protected using a
patented cryptographic splitting process. The first step in the data protection process encrypts the file
using AES-256 encryption (i.e., conventional file encryption). Each file uses a unique encryption key, and
those keys are handled internally within ICDES.
Cloud Computing without Security Compromises
© 2015 Stratecast. All Rights Reserved.
▪ Going beyond traditional encryption, the encrypted files are then randomly split into multiple “shares”
using a unique splitting key. This unique splitting key is also handled internally by ICDES.
▪ The file’s crypto keys are then cryptographically wrapped and split into data shares. A master key and a
set of workgroup keys are used to put the keys back together, collect the encrypted file shares, and then
reassemble the shares, in order for the file to be unlocked (decrypted). Because each share contains
only a subset of electronic bits that constitute the file’s sensitive content, a stolen share cannot be
subjected to a brute force attack, and cannot be decrypted. Even if a data breach were to occur,
sensitive data is not exposed. This is similar to a physically shredded hard drive; a fragment by itself is
worthless.
▪ The data shares are then potentially dispersed to as many unique storage locations as there are shares.
Locations can be multiple physical or virtual servers in a single data center, servers in geographically
separated data centers, multiple cloud storage environments, or any combination of these. By dispersing
the shares over multiple locations, the difficulty for would-be data thieves is compounded, as multiple
locations would need to be found, compromised, and their stored share or shares exfiltrated—
analogous to a scavenger hunt without any clues. Then, of course, each share would need the unique
splitting key to be reassembled; and the encrypted data would have to be subjected to a brute force
attack before the sensitive content could be accessed (i.e., the fragments of the shredded hard drive
correctly arranged and glued together). Also, since the storage locations are not bound by data
protection standards (advanced data-centric protection is accomplished as a software overlay through
bit-level encryption, a keyed information dispersal algorithm, share dispersion and share keyed
authentication, along with an easy to use key management system—of which is FIPS140-2 certified), the
organization can choose low-cost public cloud storage.
Additionally, high availability of data and disaster recovery architectures can be implemented on the fly using
ICDES with a built-in “M of N” data resiliency feature. When the data is separated into “N” shares, data
resiliency can be implemented in real-time, and only “M” (M<N) shares are needed to restore the data. This
allows for the loss of any one share without losing access to data. If at least “M” pieces of the “N” data shares are
sent to storage in remote data centers, a disaster recovery architecture can be achieved. In the event of a data
center outage, “M” shares of data can still be retrieved from the other remote storage sites, and that data
remains secure at all times.
Lastly, with ICDES, customers can retain ultimate key control. The main server key can be exported to a central
key manager, on premises, by the customer. This Key Management Interoperability Protocol (KMIP)-compliant
transfer puts the customer in direct control of the security key; and thus ensures singular control over who can
access encrypted data to the customer. This removes any possible access control from the cloud infrastructure
provider.
On its own, ICDES is a powerful, easy to administer, and low cost cloud-leveraging
approach to data-centric protection, which goes beyond encryption with its
unbreakable data protection and data resiliency capabilities. ICDES is rising in
importance, given the frequency of corporate data breaches. The reality of today’s
cyber threats is that even the most well-managed network perimeter defenses and
regulatory-compliant environments are exploitable. Therefore, data-at-rest must be
protected from the looming prospects of a data breach. The brute force-intolerant and
Stratecast | Frost & Sullivan
© 2015 Stratecast. All Rights Reserved.
Michael P. Suby
VP of Research
Stratecast | Frost & Sullivan
inclusive key management design of ICDES represents a winning proposition for data-at-rest protection in a cloud
environment.
One last point is the incremental data protection that is possible with Intel TXT. Combined with SoftLayer Intel
TXT-based bare metal servers, data protection advances in multiples steps. Through policy, the workload
location where the bit-level shares are decrypted and the file reassembled can be restricted to servers that have
attained a positive assertion—that is, the platform’s software configuration is of a known-good state. Similarly,
the storage of ICDES key material, master and workgroup keys can also be constrained to servers with positive
assertions. In this fashion, sensitive data, and the means to secure this data, are protected at rest, in transit, and
in use, transparently to end users, and with low levels of administrative oversight.
The adoption of cloud computing is galloping forward. Even so, this gallop is uneven, as organizations question
whether cloud computing is up to the task of meeting the most stringent security standards for their data-
sensitive workloads. But “can” is only part of the story; the “how” matters too.
Organizations have protected their sensitive applications and data in their own data centers by applying layers of
security technologies and procedures. They know how to accomplish their perimeter security and data
protection objectives. While seemingly adequate, as data breaches remain a looming risk, there are, nevertheless,
material direct and indirect costs in this heavy-handed fortressing approach. Furthermore, porting this same
approach into the cloud would undermine the very flexibility and scalability that organizations seek to gain in
moving to the cloud. Therefore, a new approach is required; one that honors the benefits of the cloud, leverages
its technological advantages, and does so while establishing and maintaining stringent security standards.
IBM is leading the way in cloud security. The inclusion of Intel TXT-based servers in its SoftLayer IaaS service
options, and the development of ICDES are providing an advanced level of cloud security. IBM SoftLayer is
doing its part in offering a secure cloud computing environment for sensitive workloads. Combined with the
flexibility, end-user transparency, and lightweight administrative attributes of IBM’s cloud security offering, IBM
should definitely be on your short list of cloud solution providers to evaluate.
877.GoFrost • [email protected]
http://www.frost.com
ABOUT FROST & SULLIVAN
Frost & Sullivan, the Growth Partnership Company, works in collaboration with clients to leverage visionary
innovation that addresses the global challenges and related growth opportunities that will make or break today’s
market participants. For more than 50 years, we have been developing growth strategies for the Global 1000,
emerging businesses, the public sector and the investment community. Is your organization prepared for the next
profound wave of industry convergence, disruptive technologies, increasing competitive intensity, Mega Trends,
breakthrough best practices, changing customer dynamics and emerging economies? Contact Us: Start the
Discussion
For information regarding permission, write:
Frost & Sullivan
331 E. Evelyn Ave. Suite 100
Mountain View, CA 94041
ABOUT STRATECAST
Stratecast collaborates with our clients to reach smart business decisions in the rapidly evolving and hyper -
competitive Information and Communications Technology markets. Leveraging a mix of action -oriented subscription
research and customized consulting engagements, Stratecast delivers knowledge and perspective that is only
attainable through years of real-world experience in an industry where customers are collaborators; today’s
partners are tomorrow’s competitors; and agility and innovation are essential elements for success. Contact your
Stratecast Account Executive to engage our experience to assist you in attaining your growth objectives.
Silicon Valley
331 E. Evelyn Ave., Suite 100
Mountain View, CA 94041
Tel 650.475.4500
Fax 650.475.1570
London
4, Grosvenor Gardens,
London SWIW ODH,UK
Tel 44(0)20 7730 3438
Fax 44(0)20 7730 3343
San Antonio
7550 West Interstate 10, Suite 400
San Antonio, Texas 78229-5616
Tel 210.348.1000
Fax 210.348.1003
Auckland
Bahrain
Bangkok
Beijing
Bengaluru
Buenos Aires
Cape Town
Chennai
Colombo
Delhi / NCR
Detroit
Dubai
Frankfurt
Iskander Malaysia/Johor Bahru
Istanbul
Jakarta
Kolkata
Kuala Lumpur
London
Manhattan
Miami
Milan
Moscow
Mumbai
Oxford
Paris
Rockville Centre
San Antonio
São Paulo
Sarasota
Seoul
Shanghai
Shenzhen
Silicon Valley
Singapore
Sophia Antipolis
Sydney
Taipei
Tel Aviv
Tokyo
Toronto
Warsaw
Washington, DC