Building a Secure Cloud Environment

Practical Planning Guide from Intel

2 INTEL IT CENTER | Peer Research

Seven Steps for Planning Cloud Security

Start planning early. Identify vulnerabilities.

Mitigate vulnerabilities.

Protect data.

Secure infrastructure.

Enable compliance monitoring.

Choose the right cloud service provider.

1234567

3 INTEL IT CENTER | Peer Research

Think about the FundamentalsStep 1: Start Security Planning Early

1 What are the business priorities?

2 Which workloads do you want to move to the cloud?

3 How sensitive is the data?

4 What cloud delivery model works best?

5 What about compliance?

6 How will the data flow?

7 How will users access data and applications?

4 INTEL IT CENTER | Peer Research

Seven Areas of Security RiskStep 2: Identify Vulnerabilities

1 Abuse and nefarious use of cloud services

2 Insecure interfaces and APIs

3 Multitenancy and shared technology issues

4 Data loss or leakage

5 Account or service hijacking

6 Malicious insiders

7 “Unknown” risks

5 INTEL IT CENTER | Peer Research

Physical Layers at Risk

Growing attack targetDesktops, laptops, and other mobile devices.

Step 2: Identify Vulnerabilities

Growing attack targetWeb servers, portal servers, e-mail servers, bridges, and routers.

Emerging attack targetVirtualization, database management, and storage infrastructure.

6 INTEL IT CENTER | Peer Research

Four Things an IT Manager Can Do

Control access by managing identities and manage API control points at the network edge.

Encrypt data that rests or moves in and out of both private and public clouds.

1

2

Establish trusted compute pools to secure data center infrastructure and protect clients.

3

Build higher assurance into compliance to streamline auditing and increase visibility into your cloud.

4

Step 3: Mitigate Vulnerabilities

7 INTEL IT CENTER | Peer Research

Safeguard Data Throughout the Cloud

Accelerate and strengthen encryption so that the performance penalty is virtually eliminated, paving the way for pervasive encryption.

Accelerate secure connections for transferring encrypted data.

Reduce data loss through data loss prevention (DLP) policies that proactively detect threats, identify potential fraud, and avoid unauthorized data transfer.

Step 4: Protect Data

Data loss

8 INTEL IT CENTER | Peer Research

Protect Client, Edge, and Data Center Systems

Create secure clients to ensure that only authorized users can access the cloud and to guard endpoint devices against rootkit and other low-level malware attacks.

Protect edge systems at the API level where external software interacts with the cloud environment.

Create a secure data center infrastructure with hardware-based technologies that build trust between servers and between servers and clients.

Step 5: Secure Your Infrastructure

44%1%

70%

Foundational Role

Small Role

Strong Role

57% 37% 6%

62% 32% 6%

59% 34% 8%

44% 54% 2%

Total (n=200)

Already deployed (n=79)

In process of deployment (n=80)

Planning/evaluation (n=41)

Agree completely

Agree somewhat

Disagree

10%No Plan

47%Currently Utilizing

42%

Plan to in Next 12 Months

IT

User

9 INTEL IT CENTER | Peer Research

Build Higher Assurance into Compliance

Build trusted compute pools of servers, which form the foundation for compliance in both public and private clouds.

Ensure the continued trustworthy status of compute pools with routine integrity checks.

Support audit and security management by making trusted pool integrity checks available to policy management, security information and event manager, and governance, risk management, and compliance solutions.

Step 6: Enable Compliance Monitoring

10 INTEL IT CENTER | Peer Research

Build Security into Your Evaluation

Make sure data and platform security are built into any offering.

Establish measurable, enforceable service level agreements (SLAs) for verification.

Search for cloud providers with Intel Cloud Finder based on key security and other criteria.

Step 7: Choose the Right Cloud Service Provider

Review the Security Considerations Checklist.

®

11 INTEL IT CENTER | Peer Research

We Have a Lot More to Say about Cloud Security

Intel.com/ITCenter

• Read the planning guide, Cloud Security: Seven Steps for Building Security in the Cloud from the Ground Up.

• Review proven cloud security reference architectures at Intel Cloud Builders.

• Streamline the cloud service provider selection process at Intel Cloud Finder.

• Learn more about cloud security at intel.com/cloudsecurity.

12 INTEL IT CENTER | Peer Research

Legal

The information in this document is provided only for educational purposes and for the convenience of Intel customers. The information contained herein

is subject to change without notice, and is provided “AS IS” without guarantee or warranty as to the accuracy or applicability of the information to any

specificsituationorcircumstance. 

This presentation is for informational purposes only. THIS DOCUMENT IS PROVIDED “AS IS” WITH NO WARRANTIES WHATSOEVER, INCLUDING ANY

WARRANTY OF MERCHANTABILITY, NONINFRINGEMENT, FITNESS FOR ANY PARTICULAR PURPOSE, OR ANY WARRANTY OTHERWISE ARISING OUT OF

ANY PROPOSAL, SPECIFICATION, OR SAMPLE. Intel disclaims all liability, including liability for infringement of any property rights, relating to use of this

information. No license, express or implied, by estoppel or otherwise, to any intellectual property rights is granted herein.

Copyright © 2012 Intel Corporation. Intel, the Intel logo, Intel Sponsors of Tomorrow., and the Intel Sponsors of Tomorrow. logo are trademarks of Intel

Corporation in the U.S. and other countries.