Vendor Round Table Cloud Security Vendors Answer IT’s Questions about Cloud Security Why you should read this document This guide is designed to help you better evaluate different cloud technology vendors and service providers based on a series of questions posed to three cloud infrastructure providers, three managed or hosted infrastructure providers, and three cloud technology providers. Their answers include: • Descriptions of the security components of the current offerings, including solution architecture and user benefits • How the current offerings protect data and infrastructure and simplify compliance • The way their solutions establish or enforce trust in the cloud • How return on investment is demonstrated Vendor Round Table Cloud Security Vendors Answer IT’s Questions about Cloud Security Content 3 Introduction 4 Participating Vendors 5 Intel Guidance on Vendor Selection 6 Vendor Responses to IT Questions 42 Intel Resources for Learning More 2 Intel IT Center Vendor Round Table | Cloud Security Introduction Compare answers from nine vendors to common IT questions to help you evaluate security products and services for the cloud. IT departments are paying close attention to developments in cloud computing technology. The cloud offers the promise of large potential savings in infrastructure costs and improved business agility, but concerns about security are a major barrier to implementing cloud initiatives for many organizations. Security challenges in the cloud are familiar to any IT manager— loss of data, threats to the infrastructure, and compliance risk. Cloud security is a complex topic with considerations ranging from protection of hardware and platform technologies in the data center to enabling regulatory compliance and defending cloud access through different end-point devices. The vendor landscape is equally complex. We created this guide to help you better evaluate different cloud technology vendors and service providers. We asked nine companies to respond to a standard set of questions developed based on our own experience implementing cloud security at Intel. We posed these questions to three cloud infrastructure providers (Cisco, Citrix, and Virtustream), three managed or hosted infrastructure service providers (Carpathia, Expedient, and OpSource), and three cloud security technology providers (HyTrust, McAfee, and Trapezoid Information Security Services). This document compiles their responses. Cloud Security Resources from Intel The Cloud Security Vendor Round Table is part of a series of documents produced by Intel to help IT professionals plan security into cloud implementations in their organizations. This series includes the following: • Cloud Security Planning Guide. Seven steps to build security in the cloud from the ground up • Cloud Security Insights for IT Strategic Planning. Survey of IT professionals that discusses the business and technology drivers behind security in their cloud implementations, investment levels, return on investment, and outsourcing 3 Intel IT Center Vendor Round Table | Cloud Security Participating Vendors Throughout this guide, vendors are listed in alphabetical order. Vendor Product Carpathia* InstantOn* For More Information www.carpathia.com Cloud Security Solutions www.cisco.com/en/US/netsol/ns1066 Cloud infrastructure solutions www.citrix.com/cloud Expedient* cloud computing solutions www.expedient.com/products/cloud-computing.php HyTrust* Appliance www.hytrust.com/products 1 McAfee* Cloud Security Platform www.mcafee.com/cloudsecurity OpSource* Cloud Hosting www.opsoutrce.net/services/cloud-hosting SecRAMP cloud security Read the full OCTOBER 2011.