Collaborative efforts from IBM and researchers from North Carolina State University may have provided a long-awaited answer to cloud security questions with their recent joint announcement of a technique that may isolate and safeguard sensitive data.
According to IT News, the innovative method has reportedly allowed researchers to isolate specific workloads from separate functions being performed by a hypervisor. The technique has also shown no negative impacts on system speed and performance.
"Our approach relies on a software foundation called the Trusted Computing Base, or TCB, that has approximately 300 lines of code, meaning that only those 300 lines of code need to be trusted in order to ensure the isolation offered by our approach," university researcher Peng Ning told the news outlet. "Previous techniques have exposed thousands of lines of code to potential attacks. We have a smaller attack surface to protect."
The innovative technique, known as Strongly Isolated Computing Environment, also allows programmers to allocate specific portions of multi-core processors to a workload that has been highlighted as particular sensitive. According to the IT News, confining the workload improves data security while efficiently sharing cloud resources and maintaining consistently strong network performance.
The current technique demands just three percent of a multi-core processor's power to manage the sensitive workload, which is a "fairly modest price to pay for enhanced security," according to Ning. However, the researcher conceded that the method will need additional refinements to increase transfer rates and speed network performance.
If the SICE framework continues to stand up to pressure in test trials, the technology could have significant implications across all sectors.
According to the Armed Forces Communications and Electronics Association's Cyber Committee, security concerns continue to be the No. 1 barrier to cloud adoption for public and private sector organizations. However, the NC State and IBM research team has already demonstrated the data protection potential afforded by the cloud's enhanced visibility.
"Constant monitoring of applications and platforms offers additional data collection points for discovering vulnerabilities in applications that can be used to infiltrate the infrastructure," according to AFCEA analyst Jill Singer. "Moreover, merging measures and metrics from co-located environments or other cloud locations in your global enterprise can add yet another layer of data to the collection."
SICE's early promise has, if nothing else, shown that cloud security may not be as elusive as some critics have suggested. As the technology community continues to accrue and share their collective insights, a new wave of security solutions – and cloud adoption – may be just around the corner.
Cloud Security News from SimplySecurity.com by Trend Micro