A Solutions View

For cloud users and providers alike, security is an everyday concern, yet there are very few books covering cloud security as a main subject. This book will help address this information gap from an Information Technology solution and usage-centric view of cloud infrastructure security. The book highlights the fundamental technology components necessary to build and enable trusted clouds. Here also is an explanation of the security and compliance challenges organizations face as they migrate mission-critical applications to the cloud, and how trusted clouds, that have their integrity rooted in hardware, can address these challenges.

This book provides:

  • Use cases and solution reference architectures to enable infrastructure integrity and the creation of trusted pools leveraging Intel Trusted Execution Technology (TXT).
  • Trusted geo-location management in the cloud, enabling workload and data location compliance and boundary control usages in the cloud.
  • OpenStack-based reference architecture of tenant-controlled virtual machine and workload protection in the cloud.
  • A reference design to enable secure hybrid clouds for a cloud bursting use case, providing infrastructure visibility and control to organizations.

"A valuable guide to the next generation of cloud security and hardware based root of trust. More than an explanation of the what and how, is the explanation of why. And why you can’t afford to ignore it!" —Vince Lubsey, Vice President, Product Development, Virtustream Inc.

" Raghu provides a valuable reference for the new 'inside out' approach, where trust in hardware, software, and privileged users is never assumed—but instead measured, attested, and limited according to least privilege principles." —John Skinner, Vice President, HyTrust Inc.

"Traditional parameter based defenses are in sufficient in the cloud. Raghu's book addresses this problem head-on by highlighting unique usage models to enable trusted infrastructure in this open environment. A must read if you are exposed in cloud." —Nikhil Sharma, Sr. Director of Cloud Solutions, Office of CTO, EMC Corporation

What you’ll learn

  • Usage models, hardware and software technology components to enable trusted clouds.
  • Through solution architecture and descriptions, you will see how to build and enable trusted cloud infrastructure.

Who this book is for

This book will influence Infrastructure, Application and solution architects along with CTOs and CIOs and make them aware of Cloud Security and how to approach it with real-world examples and case studies.

Raghuram Yeluri

Raghu Yeluri is a Principal Engineer and lead Security Solutions Architect in the Data Center & Cloud Products Group at Intel Corporation with focus on virtualization and cloud security usages, solution architectures and technology initiatives. In this role, he drives security solution Pathfinding and development to deliver hardware-assisted security solutions that enable deep visibility, orchestration and control in multi-tenant Clouds. Prior to this role, he has worked in various engineering and architecture positions in systems development and deployment, focusing on service-oriented architectures and large data analytics, in Information Technology and Manufacturing Technology groups during the last 15+ years at Intel. Raghu has multiple patents filed in security, attestation and control in virtualization and cloud computing, and he is a co-author of a book, Creating the Infrastructure for Cloud Computing: An Essential Handbook for IT Professionals. He holds a MS degree in Computer Science, and a B.S in Electrical Engineering, and was involved in multiple Artificial Intelligence/Knowledge-Engineering startup ventures, prior to joining Intel.

Enrique Castro-Leon

Enrique Castro-Leon is an Enterprise Architect and Technology Strategist with the Intel Architecture Group at Intel Corporation working in enterprise IT solution integration, cloud computing and service engineering. As a technology strategist Enrique has been investigating the disruptive effects of emerging technologies in the marketplace. He is the lead author of a book on the convergence of virtualization, service oriented methodologies and distributed computing titled The Business Value of Virtual Service Grids: Strategic Insights for Enterprise Decision Makers. He is also the lead author of a second book, Creating the Infrastructure for Cloud Computing: An Essential Handbook for IT Professionals. Enrique holds Ph.D. degree in Electrical Engineering and M.S. degrees in Electrical Engineering and Computer Science from Purdue University, and a BSEE degree from the University of Costa Rica. Enrique is also a co-founder and President of Neighborhood Learning Center, a tax exempt organization providing computer education and tutoring services to K-12 in Oregon, U.S.A. The NLC has served over 300 children since its inception in 2000 at risk of falling behind in the school system. It has received recent grant awards by the Meyer Memorial Trust, the Templeton Foundation and the Rose E. Tucker Charitable Trust to carry its mission and currently serves over 60 families.

Chapter 1: Cloud Computing Basics

Chapter 2: The Trusted Cloud: Addressing Security and Compliance

Chapter 3: Platform Boot Integrity: Foundation for Trusted Compute Pools

Chapter 4: Attestation: Proving Trustability

Chapter 5: Boundary Control in the Cloud: Geo-Tagging and Asset Tagging

Chapter 6: Network Security in the Cloud

Chapter 7: Identity Management and Control for Clouds

Chapter 8: Trusted Virtual Machines: Ensuring the Integrity of Virtual Machines in the Cloud

Chapter 9: A Reference Design for Secure Cloud Bursting