Data Center Security: The Bad Guys are Getting in and The Secret is Getting Out

Version 2

    When I took the role of SPG security technology marketing lead last fall, some folks asked me if I was mad.  Their reasoning was usually founded on the premise that “datacenters are locked down and secure” and that servers don’t need security features that more portable or more “personal” platforms such as client systems may need. The unfortunate truth is that this premise is far from accurate.  IT infrastructure is under attack as never before. 

    The traditional concept of building a fortress around the datacenter is just no longer practical. Companies increasingly need to distribute their data, compute and storage resources.  They need to enable remote employees, business partners and other kinds of 3rd parties with access to growing parts of their business.  At a minimum, this means companies are increasingly adding more virtual “doors and windows” to their “fortresses”. But in fact, when you consider the macro-scale architectural changes such as Software as a Service (SAAS), Service Oriented Architectures (SOA) and public cloud services such as Amazon Elastic Compute Cloud (EC2), it is increasingly hard to draw real boundaries of what is ‘inside” the traditional protection boundaries and what is “outside”. 

    To make matters even more concerning, while the needs of business is driving major change and opening new access points for data, there is an ever-growing body of attackers developing techniques to penetrate or otherwise gain access to data or corporate infrastructure.  So there is a bad confluence or opportunity and exploitation.  And it is starting to bear fruit.  A growing number of high profile data breaches in leading businesses, utility, air traffic and political and governmental organizations over the past year has made it painfully obvious that the risks, threats and vulnerabilities are on the rise.

    This is really game-changing. For IT shops, it means an increased awareness of the need to evolve their architectures, systems and processes to minimize vulnerabilities. What does this mean for Intel? How can we help?  We can make our products more robust, but also make sure we’re using our technologies and position in the IT ecosystem to make our products more powerful parts of the solution.  For servers, this means establishing servers as a strong line of defense in “defense in depth” layered security architectures.  

    Intel has not been sitting idle in this sphere.  SPG platforms feature security enhancements such as:

    ·         Execute Disable (XD) bit designed to help mitigate the long-running threat of buffer overflow attacks;

    ·         STTNI string and text instructions found in SSE4.2 enhanced performance of pattern matching applications such as content filtering software designed to stop malware; and

    ·         SMRR range registers that help prevent classes of cache poisoning attacks.  

    These are pretty cool capabilities, but the Intel contribution that has perhaps the biggest impact to the most people is the almost-taken-for-granted dramatic leaps in performance, price/performance and efficiency of Intel platforms.  These huge leaps driven by advances in multi-core, multithreading and power management allow customers to easily and cost effectively run otherwise performance-crushing security workloads such as encryption (such as HTTPS services) and content inspection/scanning (such as antivirus) on top of their “regular” data processing workloads to protect this critical infrastructure.

    Few companies in the world can address fundamental security issues in the scope, scale and economies that Intel can. Being an advocate for customer needs in a company with the intellectual resources and ability to execute is rather exciting.  I look forward to helping create a powerful and positive position for Intel server platforms as enterprise security enforcement points.  As noted, Intel has been working to mitigate security threats with new technologies for some time—often with little fanfare or attribution.  But we’re about to enter a new phase of energy and focus. At IDF this September, we will begin to tell the story in earnest.  Meanwhile, we’d very much like your thoughts and challenges as we deliver on our near-term technologies and define next-generation solutions.  And we welcome you to come by IDF and see what's new in server security technology.