|By Michael Donovan, Erik Visnyak||
|March 1, 2011 03:30 PM EST||
In the fall of 2010, Trusted Computing Group announced the Trusted Multi-tenant Infrastructure (TMI) Work Group to address cloud computing security and the role of trust in that security. Last week, the work group released the first in a series of use cases (http://www.trustedcomputinggroup.org/developers/trusted_multitenant_infr...) and plans to deliver a reference framework later in 2011. With so much hype and confusion around the topic of cloud computing, we thought it might be useful to ask the co-chairs - Michael Donovan, HP, and Erik Visnyak, BAE Systems - of the TMI Work Group a few questions about their group's efforts.
Q. What role does Trusted Computing Group have in helping secure cloud services?
Michael Donovan & Erik Visnyak: Securing the cloud is a multidisciplinary challenge, as cloud computing can be thought of as a different way to deliver and use all of the same types of information technology we use today. The TCG was established to define standards and practices for building trusted infrastructure that will consistently behave in specific ways, and those behaviors will be enforced by hardware and software when the owner of those systems enables these technologies. The ability of trusted infrastructures to provide integrity measurements and attest to their state provides a key foundation for enabling trust in infrastructure platforms in the cloud, where the consumer does not have direct physical access to those resources. The ability to design, build and consume services delivered from a trustworthy infrastructure where providers and consumers of services can measure and attest to the configuration, state and behavior of platforms is the value of the TCG standards within the cloud ecosystem.
Q. Your work group has a long name. What does it mean?
Donovan & Visnyak: TMI stands for Trusted Multi-Tenant Infrastructure. We wanted to select a name that properly represents delivering trusted operations and configuration/state validation to a multi-tenant infrastructure such as Cloud Computing.
Trust is the degree to which one party will rely on the assertions or information provided by another. Without the ability for an infrastructure consumer to rely on the information and services from a provider, there is likely to be little market for outsourcing of IT platforms and services. Establishing a trusted context for the providers and consumers of shared infrastructure is a key component of the reference framework under development by TMI.
Multi-tenancy is the ability for multiple unrelated consumers to share infrastructure from a common provider. If consumers were not able to share infrastructure within reasonable constraints, the cost of outsourced services would not be competitive with traditional models. This ability to provision as much or as little of a resource as a consumer needs at a fair price is at the heart of cloud computing.
Infrastructure defines the scope of work for the TMI work group. While the principles and reference model may have applicability to other parts of the cloud ecosystem, the TMI focus is clearly focused on developing reference models and best practices for design, build and consume trusted multi-tenant infrastructure platforms.
Q. How is what you are doing different from what CSA and other orgs have done or are doing?
Donovan & Visnyak: Many traditional IT standards bodies are working to apply their existent standards efforts to the cloud computing ecosystem. Some, such as DMTF, are focused on systems management and definition of physical and virtual resources, such as the Open Virtual Machine (OVF) definition for virtual machines. Newly formed organizations, such as CSA, focus on mitigating threats and risks within cloud computing by proposing best practices and link to specific security requirements for public and private sectors. As cloud potentially encompasses much of the existing IT landscape, each of these organizations has a valid role to play.
The TCG TMI work group is focused on standards-based approaches to trusted infrastructure. We intend to iteratively publish a library of use cases, deployment patterns, best practices and compliance testing to support the ability of infrastructure providers and consumers to make effective use of shared multitenant infrastructures.
TMI is identifying how standards can be used to implement trusted infrastructures as well as identifying any potential gaps. TMI will provide implementation guidance to both consumers and providers as to how standards address concerns within cloud computing and how they may be leveraged to create a trusted shared infrastructure environment.
Q. Your use cases mention "trust" a number of times. What exactly does "trust" mean for multi-tenant infrastructure?
Donovan & Visnyak: Trust is the degree to which one party will rely on the assertions or information provided by another. Without the ability for an infrastructure consumer to rely on the information and services from a provider, there is likely to be little market for outsourcing of IT platforms and services. Establishing a trusted context for the providers and consumers of shared infrastructure is a key component of the reference framework under development by TMI.
Trust enables the ability to apply policy and to guarantee that access controls within policies are adhered to in order to supply reliable logical isolation, guaranteed compliance, and continuous policy compliance monitoring within a multi-tenant environment. This allows the various consumers to trust that providers are meeting their concerns and housing their resources in a trusted fashion.
Q. Do you see other TCG specifications such as the TPM or TNC playing a role in a "trusted" cloud? If we have a bunch of PCs with TPMs, for example, can they be used in a multi-tenant infrastructure?
Donovan & Visnyak: The existing TCG standards provide a critical set of foundational services for establishing trust, exchanging information in a trusted context, enforcing policy, binding together and verifying the trusted state of infrastructure components. Without these core standards, it is unlikely we would be able to achieve the level of trust and compliance we see as critical to the ability of consumers to trust and effectively use cloud computing for core business functions.
TPM provides the ability to attest to a secure state that moves beyond software into the hardware of the infrastructure providing another level of security to assure that integrity and confidentiality of resources within the TMI are maintained. TNC delivers monitoring of the secure state of TMI resources and utilizes policy enforcement to monitor data exchanges between resources within the TMI to ensure policy compliance.
The TMI working group intends to work with these key TCG standards working groups as well as those from other standards bodies to ensure that the business and mission goals of cloud consumers can be met in a secure trusted context.
Q. Why are you publishing use cases and what are they for?
Donovan & Visnyak: We are utilizing these use cases to describe the context and relationships between components in a trusted infrastructure. The first set of use cases are very narrow in scope and cover some of the key relationships necessary to establish and manage a trusted multi-tenant, multi-provider environment. Later use cases and scenarios will expand on this work and include scenarios putting these lower level use cases into business context.
The use cases are utilized to derive the elements of the reference framework and other downstream specifications. They define the parties, interface interactions and relationships between them to assist in scoping and validating the usage patterns and requirements included in the reference framework. The use cases allow the TMI to begin identifying various security requirements necessary for a TMI and begin the process of identifying standards within industry that map directly to use cases and implementation patterns.
Q. What else will you be doing?
Donovan & Visnyak: The next things you should see from TMI are aligned to the following path (in addition to presentations and white papers):
- Use cases (initial set delivered)
- Reference framework (high-level requirements and usage pattern library derived from initial use cases)
- Patterns describe re-usable approaches to meeting the requirements derived from the use cases
- Patterns are aligned to implementation standards for evaluation of tools and services
- Implementation guidance (core guidance on how to use the patterns to build a trusted multi-tenant infrastructure)
- Includes variants based upon general levels of trust, separation and security
- Framework compliance test suite (guidance and (possibly) test harnesses for verification of compliance to TMI implementation patterns and standards)
- Specification development strategy (if gaps are identified in the standards ecosystem necessary to achieve TMI compliance, a plan to address with the relevant bodies)
- Industry profiles (implementation guidance, test suites and standards alignment targeted at specific industry solutions i.e. defense, PCI-DSS, HIPAA and others)
We plan to continue iterative development of our reference implementation patterns that are repeatable interactions and behaviors that can be implemented by utilizing industry standards that allow for TMI. As patterns are developed we will engage appropriate standards bodies to see how the technology can apply to the implementation standards as well as its corresponding use cases.
• • •
Updates to the TMI Work Group will be available online at TCG's website, www.trustedcomputinggroup.org.
As more applications and services move "to the cloud" (public or on-premise) cloud environments are increasingly adopting and building out traditional enterprise features. This in turn is enabling and encouraging cloud adoption from enterprise users. In many ways the definition is blurring as features like continuous operation, geo-distribution or on-demand capacity become the norm. NuoDB is involved in both building enterprise software and using enterprise cloud capabilities. In his session at 15th Cloud Expo, Seth Proctor, CTO at NuoDB, Inc., will discuss the experiences from building, deploying and using enterprise services and suggest some ways to approach moving enterprise applications into a cloud model.
Aug. 20, 2014 06:45 PM EDT Reads: 2,047
Until recently, many organizations required specialized departments to perform mapping and geospatial analysis, and they used Esri on-premise solutions for that work. In his session at 15th Cloud Expo, Dave Peters, author of the Esri Press book Building a GIS, System Architecture Design Strategies for Managers, will discuss how Esri has successfully included the cloud as a fully integrated SaaS expansion of the ArcGIS mapping platform. Organizations that have incorporated Esri cloud-based applications and content within their business models are reaping huge benefits by directly leveraging cloud-based mapping and analysis capabilities within their existing enterprise investments. The ArcGIS mapping platform includes cloud-based content management and information resources to more widely, efficiently, and affordably deliver real-time actionable information and analysis capabilities to your organization.
Aug. 20, 2014 10:00 AM EDT Reads: 1,117
In his session at 15th Cloud Expo, Mark Hinkle, Senior Director, Open Source Solutions at Citrix Systems Inc., will provide overview of the open source software that can be used to deploy and manage a cloud computing environment. He will include information on storage, networking(e.g., OpenDaylight) and compute virtualization (Xen, KVM, LXC) and the orchestration(Apache CloudStack, OpenStack) of the three to build their own cloud services. Speaker Bio: Mark Hinkle is the Senior Director, Open Source Solutions, at Citrix Systems Inc. He joined Citrix as a result of their July 2011 acquisition of Cloud.com where he was their Vice President of Community. He is currently responsible for Citrix open source efforts around the open source cloud computing platform, Apache CloudStack and the Xen Hypervisor. Previously he was the VP of Community at Zenoss Inc., a producer of the open source application, server, and network management software, where he grew the Zenoss Core project to over 10...
Aug. 17, 2014 06:00 PM EDT Reads: 1,925
Almost everyone sees the potential of Internet of Things but how can businesses truly unlock that potential. The key will be in the ability to discover business insight in the midst of an ocean of Big Data generated from billions of embedded devices via Systems of Discover. Businesses will also need to ensure that they can sustain that insight by leveraging the cloud for global reach, scale and elasticity. In his session at Internet of @ThingsExpo, Mac Devine, Distinguished Engineer at IBM, will discuss bringing these three elements together via Systems of Discover.
Aug. 17, 2014 02:30 PM EDT Reads: 3,038
Cloud and Big Data present unique dilemmas: embracing the benefits of these new technologies while maintaining the security of your organization’s assets. When an outside party owns, controls and manages your infrastructure and computational resources, how can you be assured that sensitive data remains private and secure? How do you best protect data in mixed use cloud and big data infrastructure sets? Can you still satisfy the full range of reporting, compliance and regulatory requirements? In his session at 15th Cloud Expo, Derek Tumulak, Vice President of Product Management at Vormetric, will discuss how to address data security in cloud and Big Data environments so that your organization isn’t next week’s data breach headline.
Aug. 16, 2014 07:00 PM EDT Reads: 1,598
The cloud is everywhere and growing, and with it SaaS has become an accepted means for software delivery. SaaS is more than just a technology, it is a thriving business model estimated to be worth around $53 billion dollars by 2015, according to IDC. The question is – how do you build and scale a profitable SaaS business model? In his session at 15th Cloud Expo, Jason Cumberland, Vice President, SaaS Solutions at Dimension Data, will give the audience an understanding of common mistakes businesses make when transitioning to SaaS; how to avoid them; and how to build a profitable and scalable SaaS business.
Aug. 16, 2014 01:00 PM EDT Reads: 2,253
SYS-CON Events announced today that Gridstore™, the leader in software-defined storage (SDS) purpose-built for Windows Servers and Hyper-V, will exhibit at SYS-CON's 15th International Cloud Expo®, which will take place on November 4–6, 2014, at the Santa Clara Convention Center in Santa Clara, CA. Gridstore™ is the leader in software-defined storage purpose built for virtualization that is designed to accelerate applications in virtualized environments. Using its patented Server-Side Virtual Controller™ Technology (SVCT) to eliminate the I/O blender effect and accelerate applications Gridstore delivers vmOptimized™ Storage that self-optimizes to each application or VM across both virtual and physical environments. Leveraging a grid architecture, Gridstore delivers the first end-to-end storage QoS to ensure the most important App or VM performance is never compromised. The storage grid, that uses Gridstore’s performance optimized nodes or capacity optimized nodes, starts with as few a...
Aug. 15, 2014 06:30 PM EDT Reads: 1,504
SYS-CON Events announced today that Solgenia, the global market leader in Cloud Collaboration and Cloud Infrastructure software solutions, will exhibit at SYS-CON's 15th International Cloud Expo®, which will take place on November 4–6, 2014, at the Santa Clara Convention Center in Santa Clara, CA. Solgenia is the global market leader in Cloud Collaboration and Cloud Infrastructure software solutions. Designed to “Bridge the Gap” between personal and professional social, mobile and cloud user experiences, our solutions help large and medium-sized organizations dramatically improve productivity, reduce collaboration costs, and increase the overall enterprise value by bringing collaboration and infrastructure solutions to the cloud.
Aug. 15, 2014 02:00 PM EDT Reads: 1,514
Cloud computing started a technology revolution; now DevOps is driving that revolution forward. By enabling new approaches to service delivery, cloud and DevOps together are delivering even greater speed, agility, and efficiency. No wonder leading innovators are adopting DevOps and cloud together! In his session at DevOps Summit, Andi Mann, Vice President of Strategic Solutions at CA Technologies, will explore the synergies in these two approaches, with practical tips, techniques, research data, war stories, case studies, and recommendations.
Aug. 13, 2014 09:45 PM EDT Reads: 2,426
Enterprises require the performance, agility and on-demand access of the public cloud, and the management, security and compatibility of the private cloud. The solution? In his session at 15th Cloud Expo, Simone Brunozzi, VP and Chief Technologist(global role) for VMware, will explore how to unlock the power of the hybrid cloud and the steps to get there. He'll discuss the challenges that conventional approaches to both public and private cloud computing, and outline the tough decisions that must be made to accelerate the journey to the hybrid cloud. As part of the transition, an Infrastructure-as-a-Service model will enable enterprise IT to build services beyond their data center while owning what gets moved, when to move it, and for how long. IT can then move forward on what matters most to the organization that it supports – availability, agility and efficiency.
Aug. 12, 2014 10:30 PM EDT Reads: 1,643
Every healthy ecosystem is diverse. This is especially true in cloud ecosystems, where portability and interoperability are more important than old enterprise models of proprietary ownership. In his session at 15th Cloud Expo, Mark Baker, Server Product Manager at Canonical/Ubuntu, will discuss how single vendors used to take the lead in creating and delivering technology, but in a cloud economy, where users want tools of their preference, when and where they need them, it makes no sense.
Aug. 11, 2014 02:45 PM EDT Reads: 1,529
The 15th International Cloud Expo has just expanded its conference program, to bring together Cloud Computing, APM, APIs, Security, Big Data, Internet of Things, DevOps and WebRTC at one location. Cloud Expo is the single show where delegates and technology vendors can meet to experience and discuss the entire world of the cloud. With cloud computing driving a higher percentage of enterprise IT budgets every year, it becomes increasingly important to learn about the latest technology developments and solutions.
Aug. 11, 2014 07:00 AM EDT Reads: 2,301
SYS-CON Events announced today that Bsquare Corporation, a leading enabler of smart connected systems, has been named “Bronze Sponsor” of SYS-CON's Internet of @ThingsExpo, which will take place on November 4–6, 2014, at the Santa Clara Convention Center in Santa Clara, CA. Bsquare is a global leader of embedded software solutions. We enable smart connected systems at the device level and beyond that millions use every day and provide actionable data solutions for the growing Internet of Things (IoT) market. We empower our world-class customers with our products, services and solutions to achieve innovation and success.
Aug. 11, 2014 06:30 AM EDT Reads: 1,916
SYS-CON Events announced today that NuoDB, Inc., the leader in webscale distributed database technology, has been named “Bronze Sponsor” of SYS-CON's 15th International Cloud Expo®, which will take place on November 4–6, 2014, at the Santa Clara Convention Center in Santa Clara, CA. NuoDB was launched in 2010 by industry-renowned database architect Jim Starkey and accomplished software CEO Barry Morris to deliver a webscale distributed database management system that is specifically designed for the cloud and the modern datacenter.
Aug. 10, 2014 05:30 PM EDT Reads: 4,373
SYS-CON Events announced today that Cloudian, Inc., the leading provider of hybrid cloud storage solutions, has been named “Bronze Sponsor” of SYS-CON's 15th International Cloud Expo®, which will take place on November 4–6, 2014, at the Santa Clara Convention Center in Santa Clara, CA. Cloudian is a Foster City, Calif.-based software company specializing in cloud storage. Cloudian HyperStore® is an S3-compatible cloud object storage platform that enables service providers and enterprises to build reliable, affordable and scalable hybrid cloud storage solutions. Cloudian actively partners with leading cloud computing environments including Amazon Web Services, Citrix Cloud Platform, Apache CloudStack, OpenStack and the vast ecosystem of S3 compatible tools and applications. Cloudian's customers include Vodafone, Nextel, NTT, Nifty, and LunaCloud. The company has additional offices in China and Japan.
Aug. 10, 2014 04:45 PM EDT Reads: 2,109
- @ThingsExpo | ARM Server to Transform #Cloud and #BigData to #IoT
- DevOps Summit Silicon Valley Call for Papers Now Open
- WSTA Named “Association Sponsor” of Cloud Expo Silicon Valley
- Docker + Stackato: The Perfect Workload Portability Solution
- What DevOps Can Do About Cloud's Predictable Provisioning Problem
- SaaS Represents the Commoditization of Business Function
- Rise of the Thing - Internet of Things
- My Journey to #DevOps Enlightenment
- Network Security: Is It Time to Think Like a Thief?
- Cloud Encryption Best Practices for Financial Services
- WebRTC Summit Names Peter Dunkley "Summit Chair" At @ThingsExpo
- Real-Time Fraud Detection in the Cloud
- Direction for Software Developers in the Cloud
- @ThingsExpo | ARM Server to Transform #Cloud and #BigData to #IoT
- CiRBA Executives Speaking at Key Upcoming Industry Events
- Global Financial Firms Can Effectively Address Technology Risk Guidelines
- Eight Ways Cloud-Empowered HCM Solutions Are Driving Business Success
- WebRTC Summit Silicon Valley Call for Papers Now Open
- DevOps Summit Silicon Valley Call for Papers Now Open
- Top Five Best Practices for Your Application PaaS Audience
- WSTA Named “Association Sponsor” of Cloud Expo Silicon Valley
- PEER 1 Hosting to Exhibit at Cloud Expo New York
- WSO2 Guest Speakers at WSO2Con Europe 2014 Will Examine Technology Developments and Best Practices Enabling the Connected Business
- Call for Papers for Cloud Expo 2014 Silicon Valley Opens
- The Top 150 Players in Cloud Computing
- What is Cloud Computing?
- Six Benefits of Cloud Computing
- The Top 250 Players in the Cloud Computing Ecosystem
- Twenty-One Experts Define Cloud Computing
- What's the Difference Between Cloud Computing and SaaS?
- A Brief History of Cloud Computing: Is the Cloud There Yet?
- The Future of Cloud Computing
- Cloud Computing Expo 2009 West: Call for Papers Now Closed
- Cloud People: A Who's Who of Cloud Computing
- Virtualization Conference Keynote Webcast Live on SYS-CON.TV
- Ulitzer Names the World's 30 Most Influential Cloud Computing Bloggers