Cloud computing security is a broad topic with hundreds of considerations—from protecting hardware and platform technologies in the data center to enabling regulatory compliance and defending cloud access through different end-point devices. The focus of this planning guide is to provide suggestions and recommendations for strengthening protections throughout the cloud stack, including endpoints, data, and platform protections in your cloud implementations. . The planning guide outlines seven steps for planning cloud computing security from the ground up, including data encryption, establishing trusted server pools to secure the platform and infrastructure, building higher assurance into auditing to strengthen compliance, and establishing and verifying identities to extend trust across federated clouds by controlling access to trusted clients from trusted systems.
This guide presents practical information about software- and hardware-based solutions that take advantage of Intel technologies and McAfee solutions, such as Intel® Trusted Execution Technology (Intel TXT)1 for establishing trusted server pools and Intel Advanced Encryption Standard New Instructions (Intel AES-NI)2 for enhancing the performance of data encryption solutions. It covers McAfee* Management for Optimized Virtual Environments Antivirus (McAfee* MOVE AntiVirus) for efficient virtual machine scanning and McAfee Application Control and McAfee Change Control, which work together to protect servers. It also discusses how Intel Expressway Cloud Access 360 (Intel ECA 360) and Intel’s strategic partnership with McAfee can extend trust across federated clouds.
* No computer system can provide absolute security under all conditions. Intel TXT requires a computer with Intel Virtualization Technology, an Intel TXT-enabled processor, a chipset, a BIOS, Authenticated Code Modules, and an Intel TXT-compatible measured launched environment (MLE). Intel TXT also requires the system to contain a TPM v1.s. For more information, visit http://www.intel.com/technology/security.
** Intel AES-NI requires a computer system with an AES-NI–enabled processor, as well as non-Intel software to execute the instructions in the correct sequence. AES-NI is available on select Intel processors. For availability, consult your reseller or system manufacturer. For more information, see http://software.intel.com/en-us/articles/intel-advanced-encryption-standard-instructions-aes-ni/.