You are previewing Building the Infrastructure for Cloud Security: A Solutions View.
O'Reilly logo
Building the Infrastructure for Cloud Security: A Solutions View

Book Description

For cloud users and providers alike, security is an everyday concern, yet there are very few books covering cloud security as a main subject. This book will help address this information gap from an Information Technology solution and usage-centric view of cloud infrastructure security. The book highlights the fundamental technology components necessary to build and enable trusted clouds. Here also is an explanation of the security and compliance challenges organizations face as they migrate mission-critical applications to the cloud, and how trusted clouds, that have their integrity rooted in hardware, can address these challenges.

This book provides:

  • Use cases and solution reference architectures to enable infrastructure integrity and the creation of trusted pools leveraging Intel Trusted Execution Technology (TXT).

  • Trusted geo-location management in the cloud, enabling workload and data location compliance and boundary control usages in the cloud.

  • OpenStack-based reference architecture of tenant-controlled virtual machine and workload protection in the cloud.

  • A reference design to enable secure hybrid clouds for a cloud bursting use case, providing infrastructure visibility and control to organizations.

"A valuable guide to the next generation of cloud security and hardware based root of trust. More than an explanation of the what and how, is the explanation of why. And why you can't afford to ignore it!" —Vince Lubsey, Vice President, Product Development, Virtustream Inc.

"Raghu provides a valuable reference for the new 'inside out' approach, where trust in hardware, software, and privileged users is never assumed—but instead measured, attested, and limited according to least privilege principles." —John Skinner, Vice President, HyTrust Inc.

"Traditional parameter based defenses are in sufficient in the cloud. Raghu's book addresses this problem head-on by highlighting unique usage models to enable trusted infrastructure in this open environment. A must read if you are exposed in cloud." —Nikhil Sharma, Sr. Director of Cloud Solutions, Office of CTO, EMC Corporation

What you'll learn

  • Usage models, hardware and software technology components to enable trusted clouds.

  • Through solution architecture and descriptions, you will see how to build and enable trusted cloud infrastructure.

Who this book is for

This book will influence Infrastructure, Application and solution architects along with CTOs and CIOs and make them aware of Cloud Security and how to approach it with real-world examples and case studies.

Table of Contents

  1. Title Page
  2. About ApressOpen
  3. Dedication
  4. Contents at a Glance
  5. Contents
  6. About the Authors
  7. About the Technical Reviewers
  8. Acknowledgments
  9. Foreword
  10. Introduction
  11. CHAPTER 1: Cloud Computing Basics
    1. Defining the Cloud
    2. Historical Context
    3. Security as a Service
    4. Summary
  12. CHAPTER 2: The Trusted Cloud: Addressing Security and Compliance
    1. Security Considerations for the Cloud
    2. Trusted Computing Infrastructure
    3. Trusted Cloud Usage Models
    4. Trusted Cloud Value Proposition for Cloud Tenants
    5. Summary
  13. CHAPTER 3: Platform Boot Integrity: Foundation for Trusted Compute Pools
    1. The Building blocks for Trusted Clouds
    2. Platform Boot Integrity
    3. Trusted Compute Pools
    4. Solution Reference Architecture for the TCP
    5. Reference Implementation: The Taiwan Stock Exchange Case Study
    6. Summary
  14. CHAPTER 4: Attestation: Proving Trustability
    1. Attestation
    2. The Attestation Process
    3. A First Commercial Attestation Implementation: The Intel Trust Attestation Platform
    4. Mt. Wilson Platform
    5. Security of Mt. Wilson
    6. Mt. Wilson Trust, Whitelisting, and Management APIs
    7. Summary
  15. CHAPTER 5: Boundary Control in the Cloud: Geo-Tagging and Asset Tagging
    1. Geolocation
    2. Geo-fencing
    3. Asset Tagging
    4. Trusted Compute Pools Usage with Geo-Tagging
    5. Adding Geo-Tagging to the Trusted Compute Pools Solution
    6. Geo-Tag Workflow and Lifecycle
    7. Architecture for Geo-Tag Provisioning
    8. Geo-Tag Provisioning Process
    9. Reference Implementation
    10. Summary
  16. CHAPTER 6: Network Security in the Cloud
    1. The Cloud Network
    2. End-to-End Security in a Cloud
    3. Software-Defined Security in the Cloud
    4. Summary
  17. CHAPTER 7: Identity Management and Control for Clouds
    1. Identity Challenges
    2. Identity Management System Requirements
    3. Key Requirements for an Identity Management Solution
    4. Identity Representations and Case Studies
    5. Intel Identity Technologies
    6. Summary
  18. CHAPTER 8: Trusted Virtual Machines: Ensuring the Integrity of Virtual Machines in the Cloud
    1. Requirements for Trusted Virtual Machines
    2. Virtual Machine Images
    3. A Conceptual Architecture for Trusted Virtual Machines
    4. Workflows for Trusted Virtual Machines
    5. Deploying Trusted Virtual Machines with OpenStack
    6. Summary
  19. CHAPTER 9: A Reference Design for Secure Cloud Bursting
    1. Cloud Bursting Usage Models
    2. Data Center Deployment Models
    3. Cloud Bursting Reference Architecture
    4. Network Topology and Considerations
    5. Security Design Considerations
    6. Practical Considerations for Virtual Machine Migration
    7. Summary
  20. Index