The Virtustream* xStream* Cloud Solution was custom-built from the ground up with security as a primary consideration. Most notably, our solution architecture is comprised of air-gapped internal and demilitarized zone (DMZ) environments with multiple layers of security checkpoints. Virtustream implements an air gap of all compute and storage resources between the enterprise and DMZ platforms. This enforces inbound access from the Internet only on the DMZ platform, keeping the enterprise platform free of external DDoS-type attacks from the public Internet. The first security layer consists of network firewall appliances, providing a layer of protection between security zones (for example, where enterprise applications reside) in a customer’s cloud infrastructure. The second security layer consists of hypervisor-based firewalls that perform additional packet filtering and intrusion detection. This is where intrazone communication can be monitored and controlled. The last layer of security is hardening of the operating system and enterprise applications. Virtustream uses best practices to harden applications at the source. Also, our platform offering performs antivirus, anti-rootkit, and compliance checks from the hypervisor. We are currently evaluating the capabilities of Intel TXT, which promises to increase the security of xStream by enabling hardware-driven software integrity and data authenticity assurance.
14 Intel IT Center Vendor Round Table | Cloud Security