Billy Cox is a Director of Cloud Software Strategy with Intel’s Data Center Group. Since joining Intel in 2007, Billy - who has 30+ years of industry experience - has been leading the cloud strategy efforts for the Intel Software and Services Group.
If you’re shopping for a house, what you see might not be what you get. Is the house I’m looking at really the house I’m planning to buy?
To answer this question, you need to hire a licensed surveyor who will compare information in city files with the reality on the ground. Typically, in this process the surveyor locates the official survey markers, metal pins embedded in the ground, to mark the corners of the property. The location of the markers gives you assurance that this is in fact the property in which you are interested and that what you see is what you will get.
You’ll find some parallels to this process in the world of cloud computing. To run applications in a cloud environment, you need to verify that things are as they should be. That’s tough to do if you don’t own and operate your own cloud assets. If you’re using hosted or public services, you need to come up with new ways to locate the survey markers.
New Approaches for Security Monitoring
You’ll find some good ideas in the new Security Monitoring Usage Model from the Open Data Center Alliance. (The alliance is a global consortium of businesses that develops and promotes usage models for cloud and next-generation data centers.)
The alliance’s Security Monitoring Usage Model advocates for the creation of a standard monitoring framework and interfaces that allow cloud subscribers to query the status of security and compliance within the spaces they rent in the cloud. In addition, the model calls for cloud providers to give cloud subscribers a view of the actual status of their assets in the cloud.
From where I sit, this makes a lot of sense. Say you’re in an organization that must comply with PCI (Payment Card Industry) or HIPAA (Heath Insurance Portability and Accountability Act) guidelines. To put applications and data in the cloud, you’re going to need a mechanism for verifying and reporting on the configuration of the services you are using in the cloud environment. This will be a lot easier with standard APIs and standard reporting forms.
Baked-in Security Verification
Under this usage model, cloud providers are going to need to prove security from the ground up. They will need to show their subscribers that the platforms hosting their workloads are booting up in a known, trusted state. And in addition to standard APIs, the alliance’s usage model requests that cloud providers give their subscribers access to a secure, web-based interface that provides reports on the actual status of their cloud services.
This is definitely where we need to go. The capabilities requested by the alliance will give cloud consumers and corporate IT the security views and the reporting mechanisms they need to move applications to cloud environments. In other words, they will be able to move to the cloud with confidence because they have first located the survey markers.
For a closer look at the Security Monitoring Usage Model, you can download the document from the alliance’s website.
Industry Perspectives is a content channel at Data Center Knowledge highlighting thought leadership in the data center arena. See our guidelines and submission process for information on participating. View previously published Industry Perspectives in our Knowledge Library.