Trusted Computing Group eyes cloud security framework

The Trusted Computing Group Monday announced a working group aimed at publishing an open standards framework for cloud computing security that could serve as a blueprint for service providers, their customers and vendors building security products.

The Trusted Computing Group Monday announced a working group aimed at publishing an open standards framework for cloud computing security that could serve as a blueprint for service providers, their customers and vendors building security products.

Cloud security: The basics

Known as the Trusted Multi-Tenant Infrastructure Work Group, there are about 50 TCG members participating, including HP, IBM, AMD and Microsoft. The group also will receive input from U.S. Defense Department representatives and the U.K. government, according to sources. TCG has in all about 110 members that have worked over the years on standards-based initiatives in the area of trusted computing, including "Trusted Network Connect" and the "Trusted Platform Module."

The latest plan is intended to put forward a security framework for cloud computing, including private, public and hybrid cloud environments as well as virtualized and non-virtualized ones. "Multi-tenant security is really an end-to-end security requirement," says Eric Visnyak, information assurance architect at BAE Systems, which is participating in the new group. "We need to validate policy requirements in dedicated and shared infrastructure."

The Trusted Multi-Tenant Infrastructure Work Group will make use of existing open standards to define end-to-end security, both virtual and physical, in a cloud-computing environment, including capabilities such as encryption and integrity monitoring, Visnyak says. TCG wants to publish its framework document later this year in draft form to receive public input, so that a final revision can be in place early next year.

The goal is to create a framework document for cloud-computing security that will not only serve as a baseline for security compliance and auditing, but also might also encourage the introduction of new products.

Visnyak acknowledges that other organizations, including the Cloud Security Alliance and the National Institute of Standards and Technology (NIST), are also weighing in on the important topic of cloud-computing security, and there's the potential for division on the issues. But he says TCG is in touch with both the Cloud Security Alliance and NIST to try to avoid creating schisms.

In other news, TCG Monday said it's releasing the second version of its IF-MAP (Metadata Access Protocol) specification. According to TCG, IF-MAP describes database services with information (metadata) about systems and users currently connected to the network.

Rick Kagan, executive vice president and general manager at Infoblox, says IF-MAP 2.0 adds a so-called "notify" operation to enable an IF-MAP server to support message-bus functionality in addition to publish/subscribe database functionality. The new standard also includes details on location and device characteristics. IF-MAP is intended to replace the "point-to-point brittle custom agents and collectors" the industry often relies on today to collect information, Kagan says. Turning instead to IF-MAP's application-based server approach can also help in integrating physical and network security, he adds.

Products supporting IF-MAP include Great Bay's Beacon endpoint profiler, Juniper Networks’ Unified Access Control and SSL VPN appliances, Infoblox Core Network Services Appliances and Orchestration (IF-MAP) Server, plus others.

Read more about data center in Network World's Data Center section.

Join the Good Gear Guide newsletter!

Error: Please check your email address.

Tags Configuration / maintenancesecurityMicrosoftIBMhardware systemsTrusted Computing GroupBAE Systemsinternetcloud computingData Centervirtualization

Struggling for Christmas presents this year? Check out our Christmas Gift Guide for some top tech suggestions and more.

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Ellen Messmer

Network World

Most Popular Reviews

Follow Us

Best Deals on GoodGearGuide

Shopping.com

Latest News Articles

Resources

GGG Evaluation Team

Kathy Cassidy

STYLISTIC Q702

First impression on unpacking the Q702 test unit was the solid feel and clean, minimalist styling.

Anthony Grifoni

STYLISTIC Q572

For work use, Microsoft Word and Excel programs pre-installed on the device are adequate for preparing short documents.

Steph Mundell

LIFEBOOK UH574

The Fujitsu LifeBook UH574 allowed for great mobility without being obnoxiously heavy or clunky. Its twelve hours of battery life did not disappoint.

Andrew Mitsi

STYLISTIC Q702

The screen was particularly good. It is bright and visible from most angles, however heat is an issue, particularly around the Windows button on the front, and on the back where the battery housing is located.

Simon Harriott

STYLISTIC Q702

My first impression after unboxing the Q702 is that it is a nice looking unit. Styling is somewhat minimalist but very effective. The tablet part, once detached, has a nice weight, and no buttons or switches are located in awkward or intrusive positions.

Latest Jobs

Shopping.com

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?