Virtualization Technology News and Information
The Role of Hardware Security as Cloud Adoption Rates Climb

By Rebecca Weekly, Vice President, General Manager & Senior Principle Engineer, Hyperscale Strategy and Execution, Cloud Enterprise Solutions Group, Intel

Over the last year, the global pandemic put a spotlight on the value of cloud services. The dawn of the remote work era has forced organizations worldwide to rely more heavily on video conferencing products like Zoom, collaboration apps such as Slack and Google Workspace, and public cloud providers including AWS and Azure. Cloud services adoption rates rose abruptly, and according to analysts, will continue on that trend in the coming years. Gartner estimates that public cloud services spending will grow nearly 20% in 2021 to total $304.9 billion, and that cloud initiatives will make up 14.2% of the total global enterprise IT spending market by 2024 (up from just 9.1% in 2020).

The pandemic produced half a decade's worth of business transformation in just months. While this type of technology adoption is exciting and can have many benefits, many fail to fully appreciate the different set of workstreams and security considerations involved in such accelerated cloud-enabled digital transformation. If you're just starting a cloud journey in 2021 or already in the middle of it, understanding the risks and challenges, and how to overcome them is critical to ensuring you maximize your investment.

COVID-era Cloud Adoption Challenges

Under normal circumstances, you'd begin exploring the move to a cloud service provider by developing an in-depth risk analysis. This type of assessment factors in your assets, potential weaknesses, exploitation probabilities and more, and evaluates the cloud ability to deliver an effective hybrid solution (with authentication services, authorization, access controls, encryption capabilities, logging, incident response, the required reliability and uptime levels, etc.) providers. Many organizations jumped into cloud services looking for a quick way to improve uptime and ensure business continuity amid the COVID-19 lockdowns. Unfortunately, rushed implementations often come at the expense of due diligence on vendor capabilities and building an understanding of the full spectrum of deployment challenges and risks involved.  

For instance, you must carefully assess what controls a cloud service provider offers to understand the security risks and challenges. If data is stored unencrypted, there's additional risk in multi-tenant environments. And can the cloud security models mimic dynamic behavior effectively? Many anomaly detection and predictive security algorithms monitor for unusual behavior to help identify threats, but most models need significant adjustments to factor in the overnight shift to remote work last year. These are the types of considerations that companies easily overlook when in a hurry to roll out new cloud initiatives.

Cloud services are shared resources, so when migrating, you need to think about how you can achieve isolation at scale, application-level security, and identity management, all while ensuring reliable performance. The cost savings and dynamic capacity you can get with the public cloud are major draws, but the economics don't add up if your deployment results in a data breach. Taking the necessary time to plan your deployment and implement security best practices along the way will help to minimize the risks.

Establishing a Trusted Foundation for Cloud Computing

Additionally, as organizations continue to move to the cloud, the industry must work together to build a trusted foundation for computing. Security is only as strong as the layer below it, which is why it's important to have trusted security technologies rooted in hardware for cloud. For example, technologies such as disk and network traffic encryption protect data in storage and during transmission, but data can be vulnerable to interception and tampering while in memory. "Confidential computing" is a rapidly emerging usage category that protects cloud data while it's in use in a Trusted Execution Environment (TEE). TEEs enable application isolation in private memory regions called enclaves to better protect code and data while in use on a CPU. For instance, healthcare organizations can more securely protect data with TEEs - including electronic health records - and create trusted computing environments that are designed to preserve patient privacy across the cloud.

Full memory encryption is another technology that helps to protect hardware platforms (in the cloud) so that memory accessed in CPUs is encrypted, including customer credentials, encryption keys, and other IP or personal information on the external memory bus. This encryption can help protect system memory against hardware attacks, such as removing and reading the DIMM after spraying it with liquid nitrogen or installing purpose-built attack hardware. To be effective, the technology requires the NIST storage encryption standard (AES XTS) and cryptographic libraries and hardware with FIPS certification, and an encryption key generated using a hardened random number generator in the processor without exposure to software.

Some public cloud service providers provide FIPS-140-L1 certificates for cryptographic libraries (such as AWS and Google), and some offer FIPS-140-L2/L3 for their essential management services. Using this approach allows existing software to run unmodified while helping to protect memory, which can reduce the chances the library or hardware might have a backdoor to store or send out keys (it's worth noting the number of keys might not be scalable with this approach, and that can be a limitation). It's also worth noting there are advances around platform resilience and cryptographic acceleration as well. These exciting developments can help organizations protect against firmware attacks and avoid the performance vs. security tradeoff customers often endure when looking to deploy new cloud technologies and services.

Cloud solutions have helped businesses streamline operations and expand the network edge for years. With growing pressure to make the shift quickly over the past year, many may have been too hasty and pushed ahead with new cloud solutions without fully understanding the potential challenges and risks. As cloud reliance continues to grow in the coming years, it's critical to take a step back to understand the importance of establishing a thorough adoption plan and prioritizing security along the way. This will involve taking a measured approach, proactively considering the challenges and downstream security issues you're likely to encounter, fully vetting providers, and understanding the importance of trusted security technologies rooted in cloud hardware.



Rebecca Weekly, Vice President, General Manager & Senior Principle Engineer, Hyperscale Strategy and Execution, Cloud Enterprise Solutions Group, Intel

Rebecca Weekly

Published Thursday, April 29, 2021 7:34 AM by David Marshall
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
<April 2021>