informa
/
News

A Platinum Idea from the Open Data Center Alliance

In the absence of widely adopted standard definitions for security requirements, cloud subscribers must do a lot of homework to compare one provider's offerings to another's and to determine exactly what they are getting in terms of security.

Without industry standards for measurements, it would be difficult to compare the fuel efficiency of different models of cars. Different manufacturers would likely use different tests under different conditions. Consumers would be left with a lot of apples-to-oranges comparisons, making it difficult to understand the true fuel efficiency of different models.

Today the same is true-only more so-for people shopping for cloud services. In the absence of widely adopted standard definitions for security requirements, cloud subscribers must do a lot of homework to compare one provider's offerings to another's and to determine exactly what they are getting in terms of security.

The Open Data Center Alliance is working to remove a lot of this uncertainly by promoting the adoption of its new Provider Security Assurance Usage Model. The model represents the collective voice of hundreds of global businesses in the ODCA, a consortium that develops and promotes usage models for cloud and next-generation data centers.

The Provider Security Assurance Usage Model defines standard definitions for security levels in cloud environments. These levels are expressed in terms of Bronze, Silver, Gold, and Platinum standards. This framework spans from basic security to the levels of security that are equivalent to those required by enterprises, financial organizations, and military organizations.

At Intel, we think the arrival of this usage model is an important step forward for both cloud subscribers and cloud providers. With the widespread adoption of standard definitions for security levels, cloud subscribers could more easily compare different service offerings and match the needs of different applications with an appropriate level of security. Cloud providers, in turn, would have a clearly understand mechanism for differentiating their service offerings.

An organization using cloud services might decide that the basic Bronze level of security is appropriate for certain web, file, and print applications, but that its mission-critical business applications and databases require the higher Silver or Gold standard.

In practice, the application of these new standards will be enabled be a wide range of technologies. These include Intel' Trusted Executive Technology (Intel TXT), a hardware security solution that protects IT infrastructures against software-based attacks by validating the behavior of key components within a server or PC at startup. For certain workloads-such as customer, billing, and financial information systems-Intel TXT will be essential.

One important caveat here: There is no panacea for security in the cloud. We're talking about a multi-layered problem that is solved with multi-layered security, beginning at the hardware level and rising up the stack from there. Many different technologies and products must work together in a complementary manner to deliver the appropriate level of security.

The good news is, the ODCA's standard definitions for security levels will make it a lot easier to understand the differences in security levels and to find the right security package for a particular application. While it won't be quite as easy as comparing the fuel efficiency of cars, comparing cloud security offerings will become a much more straightforward process.

For a deeper dive into this topic, download the Provider Security Assurance Usage Model from the Alliance site.

Dylan Larson is the Director of Server Platform Marketing at Intel. Dylan has 10 years of experience with Intel bringing new technologies to market.