Q5:
How does your solution work with other providers’ solutions to help build a chain of trust from the application user’s interfaces to the underlying hardware?
We work closely with our hardware and software partners to show a chain of trust from procurement to production. We integrate and take full advantage of capabilities provided by the underlying hardware and software infrastructure and work closely with our partners around roadmap items.
Organizations looking to migrate sensitive data and applications to the cloud need to trust that the cloud security infrastructure can address the complexities brought about by virtualization, massive scale, and application mobility. Cisco addresses these problems by securing the virtualization layer of the network with unique security solutions built into the virtual switch and the hypervisor layer. These virtual security nodes allow for the creation of security policies that are aligned with attributes of the VM, not the network topology, so that the policies are enforced independently of the application location, even when coresident on a server with an untrusted application. Read a Cisco case study about providing trust for cloud-based virtual desktop applications all the way from a thin client, to the virtual desktop in the data center, through to the back-office application in the cloud.
Security partners provide solutions and security extensions through the Citrix Ready* program to ensure tested and trusted integration.
Today the use of Intel TXT and TPM allows for the chain of trust from the hypervisor to the hardware. Expedient feels that solutions that provide that same level of security to the application user interfaces for infrastructure as a service (IaaS) are not yet production ready. However, Expedient continues to monitor technology, and once that technology is stable and available, it will be incorporated into the overall platform.
The integrity of the entire infrastructure stack rests on the premise that the hypervisor is trusted and fully hardened. HyTrust Appliance provides this verification with the ability to assess the hypervisor configuration against industry-standard configuration templates, such as PCI-DSS, the Center for Internet Security (CIS), and VMware Best Practices. Unique to HyTrust is the additional ability to verify the trust of the hardware layer via Intel TXT.
The modular design and open APIs of the McAfee Cloud Security Platform enable McAfee and partners to build additional security services and solutions to integrate into the platform, including solutions that allow companies to extend more policies and greater control into the cloud.
21 Intel IT Center Vendor Round Table | Cloud Security