Harris Adds Security To Multi-Tenant Clouds

The Cyber Integration Center, a data center that incorporates the latest security measures and offers them in a self-service cloud setting, has opened for business, offering a new form on infrastructure as a service.
Slideshow: Cloud Security Pros And Cons
Slideshow: Cloud Security Pros And Cons
(click image for larger view and for full slideshow)
Harris has opened a cloud facility, the Cyber Integration Center, that the company says has enough protective measures to make a multi-tenant public cloud the equal of the enterprise data center for secure and protected computing.

The firm will offer trusted enterprise cloud services from its new 140,000-square-foot data center in Harrisonburg, Va., which it commissioned May 27. It's a new form of infrastructure as a service.

Harris holds patents on several secure computing techniques that it's applied to the center. Its core idea is not just to keep malware and intruders out, but to offer guarantees on an ongoing basis that the workload you're running is not being made to do something unexpected and has not been altered or tampered with.

With its approach, a customer "may articulate the type of data center they're seeking" and Harris will create a virtual data center that includes the safeguards and levels of protection sought. It will add standard cloud features, such as load balancing, firewalls, self-service commissioning and decommissioning of servers, and high availability. Then it will guarantee on a day-to-day basis that the customer is running the workload--and only the workload--that it expects.

The goal is to enable customers with sensitive data, including nearby government agencies, "to put their primary processing into the cloud," said Rich Plane, director of cyber integration solutions development and delivery, in an interview. The customer still has to ensure the data arrives at the center securely, and can do so via a VLAN or other protected tunnel, Plane said.

One of the chief protective measures for ongoing operations is Harris' use of a global trust repository. When a customer orders a Windows server commissioned in the facility, Harris goes to Microsoft for a verified copy of the operating system, combines it with the customer's application and other components, then captures "a digital fingerprint" of what the correct configuration looks like and stores it in its repository. With each launch of the system, it re-checks the assembly against the repository before initiating it.

The delivery of a secure application to the cloud remains the customer's responsibility. But every other component is checked against verified copies to ensure the workload is using valid parts.

If malware is introduced or the workload is somehow tampered with, it will no longer check-out correctly when the periodic comparison is made with the repository. The customer determines the time intervals of the checks.

The checks can be made quickly with little overhead, in part because the repository doesn't attempt to hold a mirror image of the workload. Rather it has four summary views adding up to the "digital fingerprint" of what it should look like, Plane said. Its service can "instantly certify that the operating state is valid," he added, even if the workload has been running satisfactorily for days, or alternatively, has been asleep and unused for months.

Three types of virtual data centers can be commissioned in the Harris cloud: development, test, and production. Protective measures can be increased as a workload moves from test to production.

Harris has summed up the effectiveness of its combined protective measures into a "trust score," one of its patented approaches to cloud security. The customer may dial the score up or down, depending on the sensitivity of the workload and its data.

Plane said Harris uses monitoring and automated systems operations software from both BMC Software, maker of the Patrol systems management system, and HP, supplier of OpenView. Neither by itself had all the systems management features that Harris wanted, he said.

In the past, Harris, a company with $5 billion a year in revenue from technology services, has been a supplier of secure, managed hosted services. Its Cyber Integration Center is a "next-generation data center" that incorporates the latest security measures and offers them in a self-service cloud setting.

"This is a natural extension," said Plane. "We're moving a multi-tenant scenario into a managed, private cloud," he said.

Harris built the center with help from VCE, a startup founded by VMware, Cisco, and EMC, with investment from Intel. It produces VBlocks or racks of servers and storage units that are operated as virtualized resources, based on Cisco blade servers, EMC storage, and VMware virtualization software.

The data center is designed to Tier 3 reliability, which means it can lose a source of power supply and immediately substitute another, and also has uninterruptible power supply batteries and backup generators. It is a green data center that operates at a 1.34 level of power usage effectiveness. The PUE is a measure of how much of the electricity entering the facility is actually consumed in computing, as opposed to support facility functions, such as lighting and cooling. Brick-and-mortar data centers with raised floors and air conditioning tend to operate with a PUE of 2.3 or 2.4.

Jim Leach, Harris VP of market development, said most data centers focus on perimeter measures, such as firewalls, to enforce security. Such security is needed but is not enough. "Our monitoring is deep and pervasive. You need to be able to prove at any time the system is operating according to a specification. That's trusted cloud computing," he said.

Security concerns give many companies pause as they consider migrating portions of their IT operations to cloud-based services. But you can stay safe in the cloud, as this Tech Center report explains. Download it now. (Free registration required.)