TCG Extends Trust-Based Security to Cloud Computing
Trusted Computing Group (TCG) Extends Trust-Based Security to Cloud Computing
Announces Updates To IF-MAP (Metadata Access Protocol) for Security Information-Sharing
Portland, Oregon, USA. September 13, 2010
Trusted Computing Group, which develops industry standards for hardware-based security rooted in trust, today announced a significant effort to extend the concept of trust to cloud-based computing. The effort will be led by the organization's new Trusted Multi-Tenant Infrastructure work group.
"TCG already has a number of specifications and efforts to protect clients, networks and systems, and many of those are applicable to multi-tenant infrastructure," noted Scott Rotondo, TCG president. "The formation and widespread member support of the new Trusted Multi-Tenant Infrastructure work group reinforces our focus on extending hardware-based trust to all aspects of computing and to enabling secure computing whether it's local or cloud-based."
TCG also has updated its IF-MAP (Metadata Access Protocol) used to enable standardized data sharing among a wide variety of devices and applications, including cloud security.
Time to Add Trust to Cloud Security
Multi-tenant infrastructure refers to unrelated users of shared computing infrastructure and is a fundamental characteristic of cloud computing. The new work group will develop a framework for enabling trust in the cloud. Targeting vendors, providers, consumers and integrators of multi-tenant infrastructure services, the framework will:
- Help assess the trustworthiness of provider systems
- Enable real-time assessment of compliance as part of the provisioning process
- Provide implementation guidance
- Identify and address gaps in standards to enable trust
"The key to security in a multi-tenant infrastructure is to establish trust — trust with providers, trust with users and trust as data is exchanged," said Michael Donovan, chief technologist, U.S. Public Sector, HP Enterprise Services. "Our plan is to give vendors and users a coordinated way to evaluate and manage the many issues associated with cloud-based computing security."
The actual framework will consist of policies, best practices, standards and conformance criteria that will be used by product vendors and by integrators and IT users to create and evaluate multi-tenant infrastructure. TCG expects to deliver the first parts of the framework in early 2011, and it will be available free of charge on the TCG website.
Trusted Multi-Tenant Infrastructure work group participants include AMD, CESG (UK National Technical Authority for Information Assurance), HP, IBM, Infoblox, Juniper Networks, Microsoft, Wave Systems, and others. Hundreds of millions of enterprise PCs and servers use the ISO-standard Trusted Platform Module, which provides a hardware root of trust and is used for authentication and to protect keys, certificates and passwords. TCG specifications also define a "chain of trust" architecture for attestation of trusted platform properties. Both will be comprehended in the new work group's efforts.
IF-MAP Enables Real-Time Information Sharing for Security, in the Cloud and Elsewhere
TCG's IF-MAP, or Metadata Access Protocol, is based on a powerful publish/subscribe model. IF-MAP is being used today to support network security applications using equipment from different vendors, and is expected to be used in cloud computing to enable real-time communication among devices including network infrastructure devices and servers. It also has been used to integrate physical security devices, supervisory control and data acquisition (SCADA) networks and unified communications platforms.
The updated IF-MAP specification, version 2.0, adds new capabilities to the powerful publish/subscribe client/server protocol, designed to make IF-MAP more directly compatible with existing, vendor-specific approaches. The new specification also makes it easier and faster for different industry groups to use the IF-MAP protocol by separating the base protocol from the metadata definitions that standardize how different types of information are represented.
The first such metadata specification, released along with version 2.0 of the IF-MAP base protocol, addresses network security, and covers a wide range of elements such as user identities, devices, network addresses, threats, events, and others. Other industry groups can use the flexible IF-MAP framework to define and ultimately standardize metadata for other cases, including factory automation, building automation, cloud computing, smart grid, and others.
About Trusted Computing Group
The Trusted Computing Group (TCG) provides open standards that enable a safer computing environment across platforms and geographies. Benefits of Trusted Computing include protection of business-critical data and systems, secure authentication and strong protection of user identities, and the establishment of strong machine identity and network integrity. Organizations using built-in, widely available trusted hardware and applications reduce their total cost of ownership. TCG technologies also provide regulatory compliance that is based upon trustworthy hardware. More information and the organization's specifications and work groups are available at the Trusted Computing Group's website, www.trustedcomputinggroup.org
- Trusted Computing Group
- TCG Cloud Security FAQs
- TCG Trusted Multi-Tenant Infrastructure Work Group
- Trusted Network Connect Working Group (TNC-WG) IF-MAP Binding for SOAP Specification
- Trusted Platform Module
- Announcement source
Prepared by Robin Cover for The XML Cover Pages archive.