In The Boardroom With...
Jason Waxman is General Manager in Intels Data Center and
Connected Systems Group leading the Cloud Infrastructure Group (CIG).
He is responsible for Intels products and technologies for
large datacenters including silicon components, optimized system
design, software, management and data center facility optimization.
Jasons business responsibility focuses on working with systems
and software vendors to address the needs of the high-growth cloud
service provider industry including internet datacenters, telcos,
infrastructure / software-as-a-service and hosting. Jason holds
executive positions in industry design efforts including the board
of the Open Compute Foundation, the Server System Infrastructure
Forum and as technical advisor to the Open Data Center Alliance.
Jason has spent the last 14 years of his Intel career in Enterprise
computing focused on server products and technologies involved in
the introduction of over 12 new platforms. Prior to Intel, Jason
worked in strategic planning for an industrial components company
and as a management consultant. He holds Bachelor and Masters Degrees
in engineering and a Masters of Business Administration from Cornell
University. He can be followed on twitter @jpwaxman.
SecurityStockWatch.com: We read with great interest in Intel's Planning Guide to Cloud Security that, “Cloud Security Is ...The response to a familiar set of security challenges that manifest differently in the cloud. New technologies and fuzzier boundaries surrounding the data center require a different approach.” May we have an overview of the solutions Intel brings to the cloud security challenge?
Jason Waxman: Some of the key concerns raised by customers we talk to about cloud security is lack of visibility & control over infrastructure and data, and challenges over meeting compliance requirements. Intel & McAfee, along with other ecosystem leaders, have partnered together to provide more points of visibility and control -- across hardware, software and services to enable improved security decisions and establish confidence in the cloud infrastructure. This is especially useful in hybrid cloud environments to gain visibility across public and private clouds. Ideally, IT and security managers can have common capabilities that allow them to span their IT infrastructure types and give them the required controls to manage it all with a uniform security policy framework. Some of the new and extended capabilities they need to put into security management capabilities to address new virtualized or cloud-based multi-tenant models include technologies such as Intel Trusted Execution Technology (TXT) and Intel Virtualization Technology (VT) that can provide hypervisor and virtual machine protection and control points. Intel TXT can also be used to expose platform trust status for reporting dashboards and audit tools to increase visibility into the virtual/cloud infrastructure. Similarly, McAfee has optimized Antivirus via the Management of Optimized Virtualized Environments Anti-Virus, or MOVE AV, solution to enhance the efficiency of anti-malware for the unique needs of virtualized environments. We find traditional AV is often in use in these environments because conventional IT policies state anti-malware solutions as a requirement. The problem is that it results in unpredictable spikes in CPU utilization and high memory utilization. MOVE AV provides optimum protection from malware and advanced threats without the overhead of traditional based anti-malware solutions, helping organizations to better maximize server density and cloud efficiency gains. McAfee ePolicy Orchestrator (ePO) provides a control point for evaluating and enforcing security rules and policy in server and client platforms. These solutions come together to highlight the complementary nature of the Intel and McAfee portfolio.
One of the other areas of concern is protecting user identities when
accessing cloud services. According to one study, the average enterprise
employee uses 12 User ID/password pairs. Because of the sheer number,
employees may use weak passwords that are easy to remember or write them
down which can lead to stolen passwords. McAfee & Intel collaborated
to deliver an identity solution, called McAfee Cloud Identity Manager,
which provides single sign on capabilities and can restrict access based
on client context, such as network IP address, mobile device type, or
if a device is enabled with Intel Identity Protection Technology (IPT).
Intel IPT is a hardware-based technology built into select 3rd generation
Intel Core vPro processor-based PCs and notebooks, that provides tamper-resistant
2 factor authentication based on a randomly generated one time password
that users need to enter in addition to say user name and password, thus
significantly enhancing identity protection.
SecurityStockWatch.com: In your recent Cloud Security Blog posting regarding Intel’s cloud security survey on IT perspectives on cloud security you mentioned that, “Seeing that 87% of companies surveyed said that they had substantial concerns regarding public cloud security certainly didn’t surprise me, but the fact that 61% had similar levels of concern around private clouds did.” Care to elaborate?
Jason Waxman: In traditional IT environments, IT infrastructure sits behind the organization’s firewall and equipment that may be virtualized, or partitioned to handle multiple applications on a single servers, are typically dedicated to a specific line of business. IT professionals can choose fro an arsenal of mature security tools that give them a high degree of control over the security environment and the organization’s compliance with regulatory mandates. With cloud infrastructure, servers are typically virtualized and shared across multiple lines of business or even among multiple organizations rather than dedicated to specific lines of business. When IT wants to link multiple cloud data centers together to gain efficiencies—the tools to secure this far-reaching infrastructure are still evolving. This lack of visibility – even in private clouds that are behind a company’s firewall - have people concerned because they no longer have dedicated equipment for their line of business and instead are using shared, multi-tenant resources. This is why 61% of IT that were surveyed are concerned about having less control and visibility over these shared resources, even in a private cloud. Intel and McAfee are working to address these challenges and advance security solutions for cloud services.
SecurityStockWatch.com: As technical advisor to the Open Data Center Alliance, what is your perspective on the goals and mission of ODCA?
Jason Waxman: The Open Data Center Alliance is an independent organization of >350 leading global enterprise and service provider IT managers that represent >$100B in annual IT spend, who came together to amplify their collective voice to set data center requirements on top challenges like security, transparency and automation for cloud. Their mission focuses on delivering next generation data center and cloud requirements to meet the challenges facing IT in an open, industry standard and vendor agnostic fashion. Members of the Open Data Center Alliance have committed to the Alliances vendor agnostic Usage Model Roadmap to help guide their data center purchasing decisions and for planning future data center deployments and the Solution Providers are responding with new services and solutions that address ODCA requirements. Based on Intels history as a catalyst for accelerating computing transitions, defining standards and setting up industry alliances (e.g. client-server, PCIe, Climate Savers Computing) Intel was a natural fit to facilitate the formation of this end user organization. We believe that standards can accelerate technology transitions and give more choice and flexibility to end users, while fueling industry innovation on top of those standards. More information on the Alliance available at www.opendatacenteralliance.org .
SecurityStockWatch.com: The ODCA recently hosted its first major
event, called Forecast
2012, The ODCA recently hosted its first major event, called Forecast
2012, in June in New York City. What were the major subjects discussed?
Jason Waxman: The ODCA Forecast 2012 event was designed to showcase the results and progress that the organization has achieved over the past year and a half. The event was attended by over 400 ODCA members and industry leaders for a full day conversation on how ODCA Usage Models have been deployed by members and the resulting benefits. The agenda for ODCA Forecast 2012 featured keynotes from the CTOs of UBS and Lockheed Martin, an industry perspective from Rackspace's CTO, and panels including several well-known enterprise like AT&T, BMW, Deutsche Bank, Disney, and Verizon, as well as renowned analysts from firms like IDC and GigaOM. And while Forecast had amazing participating companies, the real purpose of this event was sharing sharing what works, sharing what is needed, and sharing a vision where all the worlds data centers can operate with peak efficiencies to handle the future loads that will be brought about by the emergence of big data in the next few years. That day featured in-depth reports on best practices and proof of concept projects and also detailed discussions on cloud standards driving advances in security, service standardization, efficient infrastructure delivery and simplified cloud management.
SecurityStockWatch.com: Thanks again for joining us today, Jason.
Are there any other subjects you would like to discuss?
Jason Waxman: For more information on what Intel is doing in the cloud, please visit Intel.com/Cloud where you will find reference architectures and tools to help enterprise build and deploy cloud services seamlessly within their organizations.