IBM has introduced Intel’s Trusted Execution Technology (TXT), a hardware-based security technology, to enhance the security of SoftLayer, its cloud services platform. This technology will be used on bare metal servers to provide monitoring and security controls to individual companies.
This move targets industries that are required by law to be compliant with several regulations, especially those concerning IT security. TXT is designed to provide reports that can be used as proof of compliance with specific regulations. Government agencies and large enterprises in industries like insurance, healthcare, financial services are required to abide by certain regulations. Intel indicated that TXT would enable corporations to meet compliance standards like Health Insurance Portability and Accountability Act (HIPAA), Federal Information Security Management Act (FISMA), Peripheral Component Interconnect (PCI), Federal Risk and Authorization Program (FedRAMP), International Organization for Standardization (ISO), and Statement on Standards for Attestation Engagements 16 (SSAE16).
During the announcement, Marc Jones, IBM SoftLayer Chief Technology Officer was confident that customers would appreciate this extra layer of security on SoftLayer. He said, “TXT provides a validation that the device hasn’t been tampered with, and that there isn’t any man-in-the-middle spoofing. We can offer a chain-of-trust from the customer’s on-premise environment to the SoftLayer environment.”
Why Intel TXT?
According to Intel, TXT is designed to secure virtualized data centers’ private, public, and hybrid clouds against attacks toward hypervisor and BIOS, firmware, and other pre-launch software components to enhance IT compliance.
This technology is only available on server systems that use Intel’s Xeon processor. Additionally, these servers require a software stack installed to run TXT. Currently, SoftLayer customers can access TXT on their bare metal servers installed with a Trusted Platform module (TPM), using either Intel Xeon E5-2600 V2, Xeon E5-1200-V3 or Xeon E5-4600. They will also be able to use any future processors.
How TXT works
Basically, Intel TXT establishes trust between hardware components and pre-launch software by checking how they behave without any human interference. This process is known as “validating key components behavior at startup”. System administrators then can use this information to set up privacy policies for sensitive data and workloads, and assign these to specific servers called “Trusted Compute Pools”.
During the validation process, Intel TXT authenticates the whole cloud computing system from the hardware, to the operating system or hypervisor to the boot firmware and anything in-between. TXT then uses this verification information together with evidence software (what Intel calls Root of Trust Software, and in SoftLayer’s case is Trusted Platform module) to determine if a workload should run on a select server or not.
Hybrid cloud systems are at an advantage than pure private or cloud systems. They can further use TXT in conjunction with the cloud vendor’s software to restrict decryption of data to servers in specific locations. Intel added this feature to uphold local data privacy laws.
IBM’s decision to work with Intel is not surprising because SoftLayer had earlier collaborated with Virtustream to provide the same security technology for its cloud-based and on-premise SAP solutions. This was before IBM acquired SoftLayer for US$2 billion in mid-2013.
Intel TXT will definitely boost SoftLayer’s customers’ confidence in using its solutions, especially the cloud-based services in the wake of recent cloud security attacks. It will allow SoftLayer customers to run their data and workload with a peace of mind knowing that SoftLayer servers are not only trusted but they are secure, whether they are using a private on-premise server, a cloud server or a hybrid solution. At the industry level, it will enable government agencies and large corporations to meet security and other IT compliance standards comfortably. At individual company level, system administrators will be at peace knowing their company data and workloads are secure regardless of the type of storage solution they use. Moreover, using Intel TXT will not eat into any of the applications’ resources since it is deployed during the booting process.