It is the best of times and it is the worst of times for IT. The wealth of technologies, like cloud and big data, has been a boon for IT professionals, but the EMC Global IT Trust Curve Survey found that 61% of organizations suffered unplanned downtime, a security breach, or a loss of data at least once in 2013. Complexity has increased exposure to failures and threats, creating a lack of trust in the technologies. A different kind of solution is needed in response to this environment – a solution built on a strong foundation of trusted infrastructure.
Defining Trusted Infrastructure
I am part of a group at EMC assigned with defining and developing our point-of-view on trusted infrastructure. We started by checking out what the industry was already saying. The most credible definition we came across is from the Trusted Computing Group (TCG), a well-respected nonprofit organization that defines security specifications.
This definition emphasizes broad predictable behavior as the root of trust, rather than narrowly focusing on the security elements of infrastructure. Using it as a basic construct, we developed our own detailed taxonomy, comprised of Trust Dimensions – six broad categories, each containing properties like identity and data availability. Many of these properties are adapted from the work of the Cloud Security Alliance.
This representation provides a complete visual definition of trust. The novelty of this taxonomy is that it provides a comprehensive framework that can be used to build and assess trusted infrastructure. Consumers can use the standardized framework to map trust requirements for their own systems, and deploy solutions that deliver on what they need. They can also query trust metrics to get an assessment of the overall ‘trustworthiness’ of their infrastructure.
Envisioning a Trusted Infrastructure
Having defined the taxonomy, we started tackling implementation. The IT Industry has always had spot solutions on different dimensions of trust, so how is Trusted Infrastructure going to be different from any other infrastructure? Trusted Infrastructure has trust elements built in rather than added on as an afterthought and it is broadly usable rather than available only on a locked platform.
Trusted Infrastructure will have three things in common:
- It needs a taxonomy which goes clearly beyond security and covers all relevant aspects of a predictable system.
- The services delivered to end users need to be highly integrated with the infrastructure.
- Trusted Infrastructure will need an open abstraction layer, Trust APIs, for use in higher level stacks like Hypervisor or Cloud OS.
We now have a working taxonomy and vision, but there is still much work to be done. Our Trusted Infrastructure team is now identifying detailed use cases and socializing them with customers and industry thought leaders. Industry acceptance of the taxonomy is critical and your opinion is important. I am blogging on this topic regularly and would like to hear from you.