In September, TCG hosted a half-day at the TSCP Cyber Collaboration Workshop (more info and presentations at TCG 2016 Events). Among the topics covered: trust in the cloud, and how standards enable the trusted cloud.
Michael Donovan, TCG’s co-chair for the Trusted Multi-tenant Infrastructure Work Group, updated attendees on that group’s efforts to drive standards-based security into cloud computing.
He noted that multi-tenant security “…is an end-to-end configuration” but most products and standards address individual devices or functionality, and currently there is no comprehensive framework that encompasses business requirements. He also said that “…there is a need for solutions that address trust and security across solutions derived from combining dedicated and shared infrastructures.”
Donovan reminded attendees that at the same time, the IT environment is changing – consolidation, reduction in staffing, changes in budgets and growing use of shared infrastructures.
So what role does TCG have in cloud computing? TCG has been developing a standards-based framework for shared infrastructures as well as multi-provider infrastructures. The group also is creating reference models and implementation guidelines and has been working to identify and address gaps with existing standards. At its core, the TCG reference model will establish a level of trust between parties for information exchange and provide enforcement of policies with integrity measurements, assertions and attestations exchanged between parties. This is very similar to how TCG has driven trust into clients and into networks with its TPM and TNC architectures, now deployed widely.
Ultimately, this approach will allow businesses to assess trustworthiness of supplier systems, enable assessment of compliance during provisioning, implement best practices for trustworthy infrastructures and enforce policy, among other benefits.
Learn more by reviewing Donovan’s presentation, available here.
Additional info on TCG’s efforts for trust in the cloud also are available here:
Membership in the Trusted Computing Group is your key to participating with fellow industry stakeholders in the quest to develop and promote trusted computing technologies.
Standards-based Trusted Computing technologies developed by TCG members now are deployed in enterprise systems, storage systems, networks, embedded systems, and mobile devices and can help secure cloud computing and virtualized systems.
Trusted Computing Group announced that its TPM 2.0 (Trusted Platform Module) Library Specification was approved as a formal international standard under ISO/IEC (the International Organization for Standardization and the International Electrotechnical Commission). TCG has 90+ specifications and guidance documents to help build a trusted computing environment.