AMD Best Practices Series. A Contributed Series by AMD
Securing the Cloud is written by Tim Mueting, Product Marketing Manager at AMD
It seems you can't turn around today without hearing the words, ‘cloud computing.' From organizations looking to simplify datacenter operations, reduce costs and optimize resource utilization, to those looking to completely offload computing resources to a third party service provider, everyone wants to be in the cloud. Want proof? Just look at all the advertisements pushing consumers to leverage the cloud for music, photographs and social networking services.
The cloud appears to be an example of hype translating to sales. According to IDC's Worldwide Enterprise Server Cloud Computing 2010 - 2014 Forecast, spending on cloud computing products and services is expected to grow at a compound annual rate of 25% per year, and will generate $56 billion in annual revenue in 2014.
The federal government has also recently directed all agencies to start planning now to incorporate cloud computing. The directive is part of the ongoing effort to streamline IT operations to meet a mandated goal of $3 billion in cost saving by the end of fiscal 2012.
The federal government diving in headfirst would appear to be a solid endorsement of cloud computing, but in some circles it's also raising questions about cloud security. Depending on who you talk to, securing the cloud can mean just about anything: detractors worry about external threats, internal threats, collocating of data and applications, privacy concerns... the list goes on. One thing we can (I think) all agree on is that security is a real concern, and will have a direct impact on the success of cloud computing.
Whether we are talking about public clouds, private clouds, community clouds, or even hybrid clouds, providing a secure infrastructure to protect our data and guard against unauthorized access and malicious intrusions must be an essential component of any cloud computing implementation. For all of us at AMD, true end-to-end security requires the complete integration of security components within all layers of the IT stack - starting with the hardware platform itself. AMD offers a competitive range of hardware features that helps to ensure security on the hardware platform.
To that end, in 2004 AMD introduced a feature called Enhanced Virus Protection which sets portions of system memory aside as "data only." Any code resident in these areas may not be executed, only read from or written to. AMD's Enhanced Virus Protection, working in concert with OS support, acts as a preventative measure, localizing the virus where it will be short-lived, non-contagious, and eventually flushed entirely from system memory.
Beginning in 2006, AMD started shipping AMD VirtualizationTM technology which included key extensions to enable the establishment of a "root of trust" within an initially untrusted operating mode. This technology enables pre-authentication of a hypervisor or virtual machine image before users are able to decrypt and load them.
In order to create a "root of trust" the processor is first reinitialized, which establishes a known secure execution environment where a software component called the secure loader (SL) is designed to execute in a way that cannot be tampered with. The secure loader executable is then copied to an external device, such as a Trusted Platform Module (TPM) for verification. This process uses unique bus transactions intended to prevent the operation from being emulated by software that could not be detected.
Most recently, AMD introduced AMD VirtualizationTM technology for I/O Virtualization in all of our G34 and C32 platforms. This technology consists of an I/O Memory Management Unit (IOMMU) embedded in the chipset which isolates virtual machine memory and protects against malicious attacks from system peripherals. I've written at length on virtualization technology and how it has transformed the operational aspects of today's datacenters, increased the utilization of existing resources and changed the way we evaluate performance, capacity and value of our hardware resources. I believe that as virtualization continues to play a larger role in enterprise application and cloud computing, protecting systems at the I/O level becomes increasingly important.
Establishing trust and transparency across all the architectural layers in the IT environment, particularly a shared cloud environment, is critical to achieving end-to-end platform integrity. As a founding member of the Trusted Computing Group (TCG), AMD has dedicated itself to the development and promotion of open, vendor-neutral, industry standards for trusted computing across multiple platforms.
Now that everyone's talking about the cloud, let's get everyone focused on innovation in cloud security - an effort from which we'll all benefit.
About the Author
Tim Mueting is a Product Marketing Manager at AMD. His postings are his own opinions and may not represent AMD's positions, strategies or opinions. Links to third party sites, and references to third party trademarks, are provided for convenience and illustrative purposes only. Unless explicitly stated, AMD is not responsible for the contents of such links, and no third party endorsement of AMD or any of its products is implied.
The AMD Cloud Computing Blog can be found here.