March 02, 2010, 8:36 AM — EMC, Intel and VMware are joining forces to improve security and regulatory compliance in cloud computing with a proof of concept to be demonstrated at this week's RSA Conference in San Francisco.
The goal is to establish a "hardware root of trust for a cloud environment," creating resource pools within private clouds that share common physical characteristics and the same security policies, says Sam Curry, CTO for global marketing in EMC's RSA security division. Cloud computing platforms typically place multiple applications on the same pool of hardware, but Curry notes that certain types of data cannot be mingled with other types because of government and industry regulations.
The partnership won't result in a product but is instead a demonstration of how the companies' technologies can be combined to boost security in cloud networks. The proof of concept will be used by service providers to help customers build private clouds within their firewalls, or cloud-like services that are hosted by a third-party data center provider but dedicated to a single customer.
"We believe organizations using cloud services will, in the very near future, push cloud providers to better secure the hardware layer and provide greater transparency into system activities within and below the hypervisor," RSA says in a security brief released simultaneously with this week's announcement.
RSA adds that cloud vendors should provide greater visibility into the security of hardware platforms; produce automated, standardized reports on configuration of physical and virtual infrastructure; and provide evidence that infrastructure complies with security policies and data standards.
The proof of concept combines authentication technology inside Intel processors with VMware technology that collects data from physical and virtual infrastructure and then feeds that data to RSA's security platform, which identifies potential threats to security and compliance. The information is then handed off to governance, risk and compliance software created by Archer Technologies, a company recently acquired by EMC.
One benefit of this will be fine-tuned controls that "enforce differentiated policies in private clouds, such as what types of physical hardware virtual machines may run on and which tenants or business units may co-reside and share resources," the vendors said. The proof of concept also demonstrates "streamlined compliance by providing automated processes for collecting, analyzing and reporting infrastructure-level activities and events."