A Platinum Idea from the Open Data Center Alliance - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
Cloud // Software as a Service

A Platinum Idea from the Open Data Center Alliance

In the absence of widely adopted standard definitions for security requirements, cloud subscribers must do a lot of homework to compare one provider's offerings to another's and to determine exactly what they are getting in terms of security.

Without industry standards for measurements, it would be difficult to compare the fuel efficiency of different models of cars. Different manufacturers would likely use different tests under different conditions. Consumers would be left with a lot of apples-to-oranges comparisons, making it difficult to understand the true fuel efficiency of different models.

Today the same is true-only more so-for people shopping for cloud services. In the absence of widely adopted standard definitions for security requirements, cloud subscribers must do a lot of homework to compare one provider's offerings to another's and to determine exactly what they are getting in terms of security.

The Open Data Center Alliance is working to remove a lot of this uncertainly by promoting the adoption of its new Provider Security Assurance Usage Model. The model represents the collective voice of hundreds of global businesses in the ODCA, a consortium that develops and promotes usage models for cloud and next-generation data centers.

The Provider Security Assurance Usage Model defines standard definitions for security levels in cloud environments. These levels are expressed in terms of Bronze, Silver, Gold, and Platinum standards. This framework spans from basic security to the levels of security that are equivalent to those required by enterprises, financial organizations, and military organizations.

At Intel, we think the arrival of this usage model is an important step forward for both cloud subscribers and cloud providers. With the widespread adoption of standard definitions for security levels, cloud subscribers could more easily compare different service offerings and match the needs of different applications with an appropriate level of security. Cloud providers, in turn, would have a clearly understand mechanism for differentiating their service offerings.

An organization using cloud services might decide that the basic Bronze level of security is appropriate for certain web, file, and print applications, but that its mission-critical business applications and databases require the higher Silver or Gold standard.

In practice, the application of these new standards will be enabled be a wide range of technologies. These include Intel' Trusted Executive Technology (Intel TXT), a hardware security solution that protects IT infrastructures against software-based attacks by validating the behavior of key components within a server or PC at startup. For certain workloads-such as customer, billing, and financial information systems-Intel TXT will be essential.

One important caveat here: There is no panacea for security in the cloud. We're talking about a multi-layered problem that is solved with multi-layered security, beginning at the hardware level and rising up the stack from there. Many different technologies and products must work together in a complementary manner to deliver the appropriate level of security.

The good news is, the ODCA's standard definitions for security levels will make it a lot easier to understand the differences in security levels and to find the right security package for a particular application. While it won't be quite as easy as comparing the fuel efficiency of cars, comparing cloud security offerings will become a much more straightforward process.

For a deeper dive into this topic, download the Provider Security Assurance Usage Model from the Alliance site.

Dylan Larson is the Director of Server Platform Marketing at Intel. Dylan has 10 years of experience with Intel bringing new technologies to market.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
Commentary
2021 Outlook: Tackling Cloud Transformation Choices
Joao-Pierre S. Ruth, Senior Writer,  1/4/2021
News
Enterprise IT Leaders Face Two Paths to AI
Jessica Davis, Senior Editor, Enterprise Apps,  12/23/2020
Slideshows
10 IT Trends to Watch for in 2021
Cynthia Harvey, Freelance Journalist, InformationWeek,  12/22/2020
White Papers
Register for InformationWeek Newsletters
Video
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you.
Slideshows
Flash Poll