The cost of fire-fighting security issues on the fly and the cost of security breaches, such as loss of business functionality, loss of customer confidence, and potential legislative action, outweigh the time it takes to properly secure and manage the network.
With businesses now moving increasingly towards the use of online, cloud-based services, security remains at the top of 99 per cent of IT professionals' list of concerns, according to a recent Intel survey.
Here we shall explain the benefits of Intel's vPro technology for cloud-based businesses, and how it can help IT departments drive business value through security. We provide an overview of what Intel vPro is, how it ties in with Intel’s cloud vision, and the benefits that Intel vPro technology can offer.
Intel Cloud 2015 Vision
Intel launched its Cloud 2015 Vision to help businesses implement cloud computing solutions that are federated, automated, and client-aware. This vision offers the promise of swiftly responding to the demands of users.
With federated clouds, IT departments can rapidly scale computing resources, while client-aware clouds enable the delivery of optimised applications to end-user devices.
You can find out more about Intel's Cloud 2015 Vision here.
Intel believes that cloud computing requires a secure trusted environment, at the core of which is a root of trust resting on a foundation of hardware-based security features. Intel provides this root of trust with its vPro technology, which is a set of security and management capabilities implemented in the Intel Xeon and third-generation Intel Core processor families.
Those considering a move to the cloud should be aware of the following features and benefits of Intel vPro technology
Intel AES New Instructions (Intel AES-NI)
Data at rest and in transit should wherever appropriate be encrypted to make it unreadable should be mislaid or stolen. Where personal or business-critical information leaves the traditional IT environment, for example onto a cloud provider's infrastructure, Advanced Encryption Standard (AES), the most widely used encryption standard, is crucial for protecting network traffic, personal data, and corporate IT infrastructures.
IT managers have been reluctant to enable encryption because of the performance tax it levies. However Intel AES-NI, a new encryption instruction set, results in faster, more affordable data protection and greater security. Composed of seven new instructions, Intel AES-NI technology accelerates encryption and decryption, improves key generation and matrix manipulation, and assists carry-less multiplication makes pervasive encryption possible in areas where it was previously impractical.
Hardware-Assisted Virtualisation Technology (Intel VT) Virtualisation is a key technology in cloud enablement, allowing resources to be provided on demand, quickly and easily. Other features enabled or enhanced by virtualisation technology include disaster recovery, high availability, and business continuity.
Hardware-based Intel VT improves the fundamental flexibility and robustness of software-based virtualisation solutions in the datacentre by accelerating key functions of the virtualised platform, including:
- Speeding up the transfer of platform control between guest operating systems and the virtual machine manager (VMM) or hypervisor;
- Enabling the VMM to uniquely assign I/O devices to guest operating systems;
- Optimising the network for virtualisation with adapter-based acceleration.
Cloud-based clients benefit too, with virtualisation technology offering increased flexibility, improved security, and reduced costs. This is possible thanks to centralised image management and administration, secure network storage, and out-of-band protection – all beyond the firewall.
Intel Identity Protection Technology (Intel IPT)
Identity assurance through strong authentication is key to securing operations in a cloud environment, with two-factor authentication offering robust protection. Intel IPT allows you use two-factor authentication without the management overhead and additional costs that such systems often involve.
Using features built directly into the processor, Intel IPT eliminates costs related to physical tokens by providing a secure place for codes and algorithms to execute: the PC itself. Before Intel IPT, this required separate token hardware. With Intel IPT, when a user goes to your web site, SaaS application, or VPN, the PC effectively becomes the token.
The codes generated by Intel IPT are applicable in a variety of security situations. Not only can Intel IPT help to secure consumer assets, but it can also be used to protect employee VPNs, suppliers, and partners. Banking, financial, social networking, gaming, healthcare, real estate, and SaaS application businesses can all benefit from affordable protection with Intel IPT.
Laptop Security with Intel Anti-Theft Technology (Intel AT)
Laptops are a key element of any cloud strategy, allowing users to access their data from anywhere, at any time. Yet we read daily of laptops being stolen or left in public places, resulting in sensitive data finding its way into the wrong hands.
Research finds that 12,000 laptops disappear every week from US airports alone and, of all lost laptops, 46 per cent were unencrypted and contained confidential data.
Intel AT is built into laptop hardware, helping you lock down lost or stolen laptops, even if thieves attempt to re-image the OS, change the boot order, or install a new hard drive.
If a laptop is lost or stolen, a number of lock-down triggers can be activated. For example, a laptop can be set to check in at regular intervals, and can detect events such as component tampering and excessive login attempts. If the check-in fails or tampering is detected, the laptop is 'bricked'.
Once locked down, the laptop does not boot the OS and is not functional and, when used with Intel encryption, access to the hard drive's data is locked down as well. If the laptop is recovered, a reactivation code can be used to quickly return it to normal operation.
Malware Reduction: Intel Trusted Execution Technology (Intel TXT)
Intel TXT is a hardware security solution that protects IT infrastructure, whether in a private or public cloud environments, against malware attacks by validating the behaviour of key components within a server or PC at start-up.
Using an infrastructure based in the Intel processor known as the “root of trust,” Intel TXT checks the consistency in behaviours and launch-time configurations against a verified benchmark called a “known good” sequence, which uses a cryptographically unique identifier. The system can then assess and detect any attempts to alter or tamper with your system’s launch-time environment, and notify the user as appropriate.
Intel Active Management Technology (Intel AMT) Security in the cloud depends on the ability to manage corporate assets, such as client platforms. Intel AMT lowers the barriers to efficiency and security by allowing IT to better discover, repair, and protect those assets, PCs, workstations and entry servers alike, using cross-platform tools for management consistency. Among the features offered by Intel AMT are:
- Out-of-band system access: discover assets even while platforms are powered off. No software agents are needed;
- Remote troubleshooting and recovery: out-of-band management capabilities, including Keyboard-Video-Mouse (KVM) remote control, providing remote remediation and system recovery following OS failures. Out-of-band alerting and event logging help to reduce downtime;
- Hardware-based agent presence checking: detects software agents are running and, if agents are missing, sends alerts to the management console, so providing better protection for your enterprise;
- Proactive alerting: blocking incoming threats, Intel AMT System Defense contains infected clients before they affect the network and alerts IT should critical software agents be removed;
- Remote hardware and software asset tracking: helping to keep software and virus protection up-to-date across the enterprise, Intel AMT also enables third-party software to store version numbers or policy data in non-volatile memory for out-of-hours retrieval or updates;
- Expanded capabilities: with the Intel vPro Technology Module for Windows PowerShell, IT has direct access to Intel AMT and can use scripts to take advantage of features not available in their existing management console, for example, remotely configuring alarm clock settings;
- Increase efficiency and effectiveness: Windows PowerShell scripts integrate seamlessly into existing tools, enabling IT to quickly and easily execute Intel AMT commands on managed clients, workstations and entry servers.
