An Executive Brief Sponsored by IBM

Michael Suby

Vice President of Research

September 2015

Cloud Computing without Security Compromises

© 2015 Stratecast. All Rights Reserved.

Cloud computing is a new page in how information technology (IT) is accomplished. But cloud computing is more

than just a page when security is the focus; it is a chapter. General-purpose

clouds, page one, are designed to secure workloads up to a point. That point

is: you, the user, are reliant on the cloud provider to secure the underlying

cloud environment—the servers, its operating system, and the virtualization

layer. This is the shared security model of the cloud; a portion of security

responsibility resides with the cloud provider, and the rest resides with the

users.

In response to this shared security model, IBM has taken innovative

measures to secure its SoftLayer cloud platform. The inclusion of Intel

TXT-based servers in its SoftLayer Infrastructure as a Service (IaaS)

service options, and the development of IBM Cloud Data Encryption

Services (ICDES) based on Security First Corp.’s SPx® data-centric

cyber defense technology is a one-two punch in widening the gates to

cloud computing for sensitive workloads. Furthermore, IBM’s cloud

advanced data security approach is flexible, transparent to end users,

affordable, and administratively lightweight—attributes that should not go

unnoticed for enterprises as they evaluate their cloud options.

For many workloads, having a shared security model is sufficient, as cloud providers have designed their

environments to be secure. It is like your home: in compliance with building codes, doors and windows have

locks, a smoke detector on each floor, and there is a streetlight and a fire hydrant nearby—standard security,

suitable for most homeowners. But what about in business, when your workloads are more sensitive in nature

and have less risk tolerance and higher security standards? What can be done to support them in the cloud?

What extra security components do you need to be confident that your cloud-hosted workloads have top-shelf,

affordable security, when that level of security is a necessity?

Cloud computing also shines a spotlight on data protection. While this may seem slightly odd, as securing and

protecting data resides predominately on the user side of the shared security model, the distributed, fluid, and

ephemeral attributes of cloud computing raises the stakes on data protection. Essentially, how can cloud users

ensure that their sensitive data is adequately protected while in the cloud and outside of their enterprise

environment?

Just as cloud computing is a new page in IT, security can also turn to a new page or two. This new security page

in a world of clouds, gratefully, can be one of administrative ease and end user transparency, even while a higher

tier of security is delivered. Better security without additional burden or restrictions—is this really possible? In

this article we describe how it is possible; how IBM has merged Intel® Trusted Execution Technology (Intel®

TXT) into its SoftLayer IaaS offerings and its IBM Cloud Data Encryption Services to deliver on the promise of

cloud computing without compromises in security.

Cloud Layers IaaS

Data

Interfaces (APIs, GUIs)

Applications

Solution Stack

Guest OS

Virtual Machines

Virtual Network Interfaces

Hypervisor

Process and Memory (including BIOS and host OS)

Data Storage

Network

Data Centers

Cloud Users’ Responsibility

Cloud Provider’s Responsibility

Stratecast | Frost & Sullivan

© 2015 Stratecast. All Rights Reserved.

There are many constituents involved in an organization’s adoption and use of cloud services. Some are deeply

engaged; such as, business leaders, IT, and finance; while others are “concerned citizens” and, at times, very vocal:

such as end users. The information security (InfoSec) team is also part of the deeply engaged segment. Their

interest and role, as expected, is in managing a wide range of security risks, such as cyber threats aimed at

compromising systems; as well as preventing and mitigating unauthorized and fraudulent access to sensitive

data—all in a timely and reliably effective manner.

Like the other constituents, InfoSec professionals are tuned into the wave of cloud adoption. Data from surveys1

of InfoSec professionals by (ISC)2 highlight InfoSec professionals’ dramatically changed perspectives on cloud

adoption—from a generalized “we’ll see” perspective to one of “it is real and will grow significantly.” The chart

below illustrates this perspective change over the last two biannual surveys.

Even though cloud usage is expected to increase, InfoSec professionals are concerned about security threats.

Asked about their greatest cloud security threats, the threats of a data breach or data loss were rated as either a

top or high concern by approximately three-quarters of the survey respondents. As further demonstration of the

intensity of this concern, these two cloud security threats ranked a minimum of 10 percentage points higher in

concern than any other cloud security threat. The next two highest rated threats were: Account Hijacking (61%

rating this threat as a top or high concern), followed by Malicious Insiders (59%).

Very pertinent to InfoSec professionals is whether they can advise their organizations on using cloud services to a

fuller extent, such as for workloads containing sensitive data, with the confidence that security risks are

appropriately addressed. This is a challenge, as the InfoSec workforce is chronically understaffed. To place a finer

point on the understaffing challenge is the high level of concern InfoSec professionals voiced regarding security

technology sprawl; that is, the growing number of security technology products, vendors, and management

consoles that weigh heavily on their security operations. This operational challenge further intensifies as

enterprises add cloud environments to their IT footprints. As shown in the following chart, two-thirds of InfoSec

professionals are either somewhat or very concerned about security technology sprawl.

1 Frost & Sullivan analysis on the survey data is contained in The 2015 (ISC)2 Global Information Security Workforce Study.

Cloud Computing without Security Compromises

© 2015 Stratecast. All Rights Reserved.

Considering these perspectives of InfoSec professionals, what is an organization to do? The cloud will have a

growing IT presence. Yet, security concerns could have a restraining impact; and expanding into cloud

environments could materially add to an existing overload in security operations, resulting in less than optimal

security oversight. In other words, how can an organization leverage the cloud to a fuller extent while balancing

risk and operational effort? Furthermore, how can an organization maintain control over its data at all times

when that data is stored outside of its premises? The answer is to choose cloud environments at a workload

level, based on each workload’s risk tolerance. And, as part of this evaluation, check under the hood—the actual

infrastructure—of the “highly secure” cloud environments, to learn how risk is mitigated without increasing the

operational effort of the organization’s InfoSec staff.

IBM SoftLayer, a provider of IaaS offerings, recognizes that a “one size fits all” approach is inconsistent with

organizations’ varying security and performance requirements. To that end, the company offers choice: IaaS

provisioned on bare metal servers and virtual servers. Additionally, for organizations that require the highest

standards of security without compromising performance, IBM SoftLayer offers IaaS provisioned on bare metal

servers equipped with Intel TXT.

With Intel TXT, IBM SoftLayer customers gain an extra level of assurance on the integrity of the

servers in their IaaS environments. What this means is that these customers can reach through

the cloud provider-user demarcation in the shared security model, and pick up validating

attestation that the servers in IBM’s data centers that host their workloads are in a “known good”

state—and, of equal importance, whether not in a “known good” state.

The practical aspects of this attestation are straightforward. At each server launch, Intel TXT

conducts a processor-based (i.e., baked into silicon) evaluation of the platform software: firmware,

BIOS, operating system, and hypervisor. Compared to a version of a known-good system

Stratecast | Frost & Sullivan

© 2015 Stratecast. All Rights Reserved.

configuration, Intel TXT determines if compromises or abnormalities are present in any layer of the platform’s

software at launch time. If there are none, a root of trust has been established; that is, trusted integrity of the

software is built and carried forward from a high integrity foundation—the server hardware (i.e., the root).

With this software integrity attestation, IBM SoftLayer customers can create and apply policies for their workload

applications involving sensitive workloads and data. Again simplistically, if attestation is positive, they can spin up

the workload’s application. If negative, they suspend launch; or launch, but note that positive attestation is not

present. As this attestation information can be automatically fed into standard VM management tools and Security

Information & Event Management (SIEM) and Governance, Risk, and Compliance (GRC) systems, the incremental

operational overhead to the InfoSec staff is inconsequential; that is, no need to learn and use an additional

security console. What is not inconsequential is that IBM SoftLayer customers now have an auditable means to

demonstrate integrity of the infrastructure hosting their sensitive workloads in a cloud environment; something

they did not have before.

Another noteworthy example of the benefits of attestation of the platform’s software integrity pertains to

vMotion. As workloads move among servers, policies can be established to only permit movement to servers

that have received a positive attestation. vMotion is a beneficial performance and reliability feature. With Intel

TXT in IBM SoftLayer bare metal servers, high security standards are not undermined in the use of vMotion.

Similar Intel TXT-based policies can be applied in corralling workloads to specific physical locations (i.e., data

centers) running Intel TXT-equipped servers. This is a clear benefit for organizations that operate in regions that

have strict data locality or sovereignty regulations. Geo-defined policies, the records on servers that contain

regulated data, and the security integrity of those servers can also be automatically fed into a SIEM or GRC

system. This systematized control and recordkeeping eases the burden of proof for the organization’s compliance

personnel.

IBM Cloud Data Encryption Services (ICDES) is another new page in the cloud security chapter. This page is

dedicated to advanced data-centric protection to help safeguard data, even when network protection fails. This

highly efficient, kernel-level software combines data protection, data fault tolerance and simplified key

management. These combined capabilities yield the economics and flexibility of virtualization expected from cloud

environments.

Of high significance, ICDES goes beyond conventional file encryption, and is not reliant on an administrative-

heavy key management system. Here’s how ICDES accomplishes this:

▪ The ICDES software is installed on a server or a secure data-store for a virtual environment. Specific

directories and/or files can then be designated for protection.

▪ Files containing sensitive data are then stored in these designated directories, and protected using a

patented cryptographic splitting process. The first step in the data protection process encrypts the file

using AES-256 encryption (i.e., conventional file encryption). Each file uses a unique encryption key, and

those keys are handled internally within ICDES.

Cloud Computing without Security Compromises

© 2015 Stratecast. All Rights Reserved.

▪ Going beyond traditional encryption, the encrypted files are then randomly split into multiple “shares”

using a unique splitting key. This unique splitting key is also handled internally by ICDES.

▪ The file’s crypto keys are then cryptographically wrapped and split into data shares. A master key and a

set of workgroup keys are used to put the keys back together, collect the encrypted file shares, and then

reassemble the shares, in order for the file to be unlocked (decrypted). Because each share contains

only a subset of electronic bits that constitute the file’s sensitive content, a stolen share cannot be

subjected to a brute force attack, and cannot be decrypted. Even if a data breach were to occur,

sensitive data is not exposed. This is similar to a physically shredded hard drive; a fragment by itself is

worthless.

▪ The data shares are then potentially dispersed to as many unique storage locations as there are shares.

Locations can be multiple physical or virtual servers in a single data center, servers in geographically

separated data centers, multiple cloud storage environments, or any combination of these. By dispersing

the shares over multiple locations, the difficulty for would-be data thieves is compounded, as multiple

locations would need to be found, compromised, and their stored share or shares exfiltrated—

analogous to a scavenger hunt without any clues. Then, of course, each share would need the unique

splitting key to be reassembled; and the encrypted data would have to be subjected to a brute force

attack before the sensitive content could be accessed (i.e., the fragments of the shredded hard drive

correctly arranged and glued together). Also, since the storage locations are not bound by data

protection standards (advanced data-centric protection is accomplished as a software overlay through

bit-level encryption, a keyed information dispersal algorithm, share dispersion and share keyed

authentication, along with an easy to use key management system—of which is FIPS140-2 certified), the

organization can choose low-cost public cloud storage.

Additionally, high availability of data and disaster recovery architectures can be implemented on the fly using

ICDES with a built-in “M of N” data resiliency feature. When the data is separated into “N” shares, data

resiliency can be implemented in real-time, and only “M” (M<N) shares are needed to restore the data. This

allows for the loss of any one share without losing access to data. If at least “M” pieces of the “N” data shares are

sent to storage in remote data centers, a disaster recovery architecture can be achieved. In the event of a data

center outage, “M” shares of data can still be retrieved from the other remote storage sites, and that data

remains secure at all times.

Lastly, with ICDES, customers can retain ultimate key control. The main server key can be exported to a central

key manager, on premises, by the customer. This Key Management Interoperability Protocol (KMIP)-compliant

transfer puts the customer in direct control of the security key; and thus ensures singular control over who can

access encrypted data to the customer. This removes any possible access control from the cloud infrastructure

provider.

On its own, ICDES is a powerful, easy to administer, and low cost cloud-leveraging

approach to data-centric protection, which goes beyond encryption with its

unbreakable data protection and data resiliency capabilities. ICDES is rising in

importance, given the frequency of corporate data breaches. The reality of today’s

cyber threats is that even the most well-managed network perimeter defenses and

regulatory-compliant environments are exploitable. Therefore, data-at-rest must be

protected from the looming prospects of a data breach. The brute force-intolerant and

Stratecast | Frost & Sullivan

© 2015 Stratecast. All Rights Reserved.

Michael P. Suby

VP of Research

Stratecast | Frost & Sullivan

msuby@stratecast.com

inclusive key management design of ICDES represents a winning proposition for data-at-rest protection in a cloud

environment.

One last point is the incremental data protection that is possible with Intel TXT. Combined with SoftLayer Intel

TXT-based bare metal servers, data protection advances in multiples steps. Through policy, the workload

location where the bit-level shares are decrypted and the file reassembled can be restricted to servers that have

attained a positive assertion—that is, the platform’s software configuration is of a known-good state. Similarly,

the storage of ICDES key material, master and workgroup keys can also be constrained to servers with positive

assertions. In this fashion, sensitive data, and the means to secure this data, are protected at rest, in transit, and

in use, transparently to end users, and with low levels of administrative oversight.

The adoption of cloud computing is galloping forward. Even so, this gallop is uneven, as organizations question

whether cloud computing is up to the task of meeting the most stringent security standards for their data-

sensitive workloads. But “can” is only part of the story; the “how” matters too.

Organizations have protected their sensitive applications and data in their own data centers by applying layers of

security technologies and procedures. They know how to accomplish their perimeter security and data

protection objectives. While seemingly adequate, as data breaches remain a looming risk, there are, nevertheless,

material direct and indirect costs in this heavy-handed fortressing approach. Furthermore, porting this same

approach into the cloud would undermine the very flexibility and scalability that organizations seek to gain in

moving to the cloud. Therefore, a new approach is required; one that honors the benefits of the cloud, leverages

its technological advantages, and does so while establishing and maintaining stringent security standards.

IBM is leading the way in cloud security. The inclusion of Intel TXT-based servers in its SoftLayer IaaS service

options, and the development of ICDES are providing an advanced level of cloud security. IBM SoftLayer is

doing its part in offering a secure cloud computing environment for sensitive workloads. Combined with the

flexibility, end-user transparency, and lightweight administrative attributes of IBM’s cloud security offering, IBM

should definitely be on your short list of cloud solution providers to evaluate.

877.GoFrost • myfrost@frost.com

http://www.frost.com

ABOUT FROST & SULLIVAN

Frost & Sullivan, the Growth Partnership Company, works in collaboration with clients to leverage visionary

innovation that addresses the global challenges and related growth opportunities that will make or break today’s

market participants. For more than 50 years, we have been developing growth strategies for the Global 1000,

emerging businesses, the public sector and the investment community. Is your organization prepared for the next

profound wave of industry convergence, disruptive technologies, increasing competitive intensity, Mega Trends,

breakthrough best practices, changing customer dynamics and emerging economies? Contact Us: Start the

Discussion

For information regarding permission, write:

Frost & Sullivan

331 E. Evelyn Ave. Suite 100

Mountain View, CA 94041

ABOUT STRATECAST

Stratecast collaborates with our clients to reach smart business decisions in the rapidly evolving and hyper -

competitive Information and Communications Technology markets. Leveraging a mix of action -oriented subscription

research and customized consulting engagements, Stratecast delivers knowledge and perspective that is only

attainable through years of real-world experience in an industry where customers are collaborators; today’s

partners are tomorrow’s competitors; and agility and innovation are essential elements for success. Contact your

Stratecast Account Executive to engage our experience to assist you in attaining your growth objectives.

Silicon Valley

331 E. Evelyn Ave., Suite 100

Mountain View, CA 94041

Tel 650.475.4500

Fax 650.475.1570

London

4, Grosvenor Gardens,

London SWIW ODH,UK

Tel 44(0)20 7730 3438

Fax 44(0)20 7730 3343

San Antonio

7550 West Interstate 10, Suite 400

San Antonio, Texas 78229-5616

Tel 210.348.1000

Fax 210.348.1003

Auckland

Bahrain

Bangkok

Beijing

Bengaluru

Buenos Aires

Cape Town

Chennai

Colombo

Delhi / NCR

Detroit

Dubai

Frankfurt

Iskander Malaysia/Johor Bahru

Istanbul

Jakarta

Kolkata

Kuala Lumpur

London

Manhattan

Miami

Milan

Moscow

Mumbai

Oxford

Paris

Rockville Centre

San Antonio

São Paulo

Sarasota

Seoul

Shanghai

Shenzhen

Silicon Valley

Singapore

Sophia Antipolis

Sydney

Taipei

Tel Aviv

Tokyo

Toronto

Warsaw

Washington, DC