Man sitting at desk and typing on a keyboard while looking at dual monitors displaying data graphs and tables

Zero Trust Cloud Security Framework

Zero trust is a strategic security framework that addresses the unique challenges of safeguarding cloud computing operations.

Why Zero Trust?

  • Zero trust is a security strategy that supports continuous protection against intrusions and malicious code.

  • Cloud-based operations demand a zero trust approach because a defensive perimeter cannot be established.

  • A zero trust strategy should provide multifaceted, layered protections to support defense in depth.

  • Intel® platforms offer hardware-based security capabilities that can strengthen zero trust policies and protections.

author-image

โดย

Security is one of the most urgent concerns for organizations engaged in cloud computing. Cloud resources typically operate outside the organization’s network and cannot be contained or secured within a firewall or other traditional, perimeter-style defense. Further, a firewall is not sufficient protection against attackers who penetrate the network.

To address these concerns, consider a zero trust cloud security strategy that helps to safeguard an organization’s assets with a comprehensive, multilayered approach based on constant validation, identity and access management, and role-based authorization of individual users and devices.

Why Choose Zero Trust Cloud Security?

Organizations have come to rely on the cloud for many of their computing workloads. This trend has been accelerated by the urgent prioritization of security, the redefined needs of the hybrid and distributed workforce, and a surge in data analytics, machine learning (ML), and artificial intelligence (AI) that benefit from the cloud’s uninterrupted access to software, data, and other resources, anywhere, at any time. The cloud also connects organizations, networks, and users to edge computing devices and systems.

These trends yield a vastly expanded, diverse range of users, devices, and applications that are interconnected loosely through the cloud. Unfortunately, all those elements are potentially vulnerable to attacks by bad actors and malicious code.

Cybersecurity is a critical concern for organizations in the cloud, as they must protect data assets, applications, devices, and users. Data governance is also regulated in many industries and countries, and compliance can depend on security measures.

To be highly effective, a cybersecurity strategy must control access to all assets in the cloud and on the network, identify and respond to threats proactively, and respond quickly to limit damage and recover from any attacks.

Implementing a zero trust security framework is a best practice and a responsible approach to establishing a cybersecurity culture, especially in the cloud. The goal of zero trust is continuous protection across all attack surfaces. Those surfaces include all physical assets in the network, data center, cloud, and at the endpoints, as well as networked software, data, and the users themselves.

What Is Zero Trust Security?

Zero trust is a comprehensive security strategy that is designed to protect all hardware, software, data, and users on an organization’s network and in the cloud.

A zero trust approach to security differs from the more traditional perimeter defense strategy. In a perimeter defense, the organization protects the boundaries of its private network with firewalls and multilayered software security solutions to regulate and filter traffic to and from the public network. Once a user or device has been verified and admitted to the private network, it is typically treated as a trusted resource.

By contrast, a zero trust security framework is designed around the assumption that a cyberattack can happen at any moment, and there is no such thing as a trusted resource. The framework is designed to apply security technologies that protect hardware, software, data, and users across an organization’s infrastructures, and each user or device must be authenticated repeatedly before every interaction.

Zero trust has gained popularity with the growth of cloud computing, as cloud-based operations cannot easily be contained within a defensive perimeter shield.

The COVID-19 pandemic accelerated the move to zero trust security. With the sudden shift to remote work, an unexpected number of users and devices were no longer contained within their organizations’ firewalls or other perimeter defenses. Zero trust was adopted more broadly, as it requires all users and devices to be validated and authorized repeatedly before each network session. In a study conducted by Okta in 2021,78 percent of the global companies surveyed said that zero trust had become a higher priority because of the pandemic and nearly 90 percent had begun work on a zero trust initiative, compared to 41 percent before the pandemic.1

Benefits of Zero Trust Security in the Cloud

Zero trust cloud security requires a dynamic approach to identity and access management (IAM). The right users or devices must be given access to the right resources. Conversely, unauthorized users and devices must be blocked. Some individuals might have their access restricted to specific resources, while they are blocked from others. For example, it is common for large organizations to restrict system administrators’ rights and permissions so that only the IT staff have access to those applications and files.

Implementing zero trust cloud security measures can help organizations to protect cloud-based data, applications, and business models from cyberattacks. Zero trust also helps to secure customers’ private data to comply with regulatory requirements and good business practices.

Implementing Zero Trust Cloud Security

A zero trust security framework should be incorporated into new or upgraded cloud infrastructure plans early in the design phase.

When implementing a zero trust architecture and security policy, organizations should begin with a defense in depth strategy. This layered approach leverages multiple security measures to protect an organization’s assets.

Defense in depth should first be grounded on a trusted hardware foundation to better protect the firmware, BIOS, and operating system (OS) that support the rest of the technology stack.

Tools such as encryption and platform protections then comprise the next layer to help address the organization’s IT security concerns.

Finally, software-based security solutions can be accelerated and strengthened by hardware- and firmware-enabled capabilities. When all the underlying layers are protected, cloud-based applications and other software can be deployed with confidence on the secure foundation.

With improved data security features available in the cloud, organizations can realize the cost and agility benefits that come with public cloud, private cloud, or hybrid cloud deployments through technologies that help enable confidential computing.

Intel and Zero Trust Security

Intel offers hardware-enabled tools and features that can help to support zero trust cloud security frameworks. Security capabilities are built into Intel® silicon and ready to be enabled in software.

These and other Intel® security technologies help improve the identity and access management needed to enforce role-based control and zero trust security processes.

Note that cloud architects can access some of these built-in capabilities independently, even in the public cloud. Other features must be enabled by individual cloud service providers.

  • Intel® Xeon® Scalable processor-based cloud instances offer a balanced architecture that delivers built-in AI acceleration and advanced security capabilities. Intel® Xeon® Scalable processors are optimized for many workload types and performance levels.
  • Intel® Software Guard Extensions (Intel® SGX) provide a hardware-based trusted execution environment that isolates specific application code and data in memory. Intel® SGX enables authorized software to allocate and protect memory enclaves with a high level of specificity and control.
  • Intel® Trusted Execution Technology (Intel® TXT) helps ensure platforms launch into a known-good configuration before loading sensitive data.
  • Intel® Crypto Acceleration capabilities in the 4th Generation Intel® Xeon® Scalable processor help to optimize workload performance in encryption-intensive cybersecurity processes.

In addition to these technologies, Intel is developing a new authentication service, codenamed “Project Amber,” which is expected for general availability in 2023.2 Project Amber will provide third-party attestation services that verify trustworthiness of cloud, edge, and on-premises environments. The remote service will validate confidential computing environments to ensure they are correctly configured, up-to-date, and loaded with the expected software before allowing them to handle confidential data.

Because these technologies and tools are rooted in the hardware itself, they help to reduce the potential attack surfaces and related threats to create secure enclaves for confidential computing in private cloud, public cloud, and hybrid cloud environments.

Additional Intel® technologies can help to secure vulnerable endpoints to protect them from unauthorized users and malicious code. For example, desktop and laptop PCs based on the Intel vPro® platform include Intel® Hardware Shield to help safeguard system firmware, OS, memory, applications, and data against advanced threats.

Embracing Zero Trust

Zero trust is a comprehensive security framework for protecting an organization’s operations and assets in the cloud, in the data center, at endpoints, and at the edge. As organizations continue to engage in digital transformation and cloud modernization, it is critical to include a zero trust security strategy in their cloud architecture, beginning with the earliest stage of system design. This effective security strategy should be a priority, along with the technologies and infrastructure that support its full implementation. Security technologies from Intel help to tighten identity and access management, enabling the role-based control and policies that contribute to zero trust security across the entire infrastructure.

Intel® technology supports zero trust cloud security with hardware-enabled capabilities, optimized software, and developer tools that can strengthen third-party security solutions. Further, Intel partners with cloud service providers, security software vendors, and systems integrators to build powerful, effective security solutions for a broad variety of computing environments and usage models worldwide.

Learn About Security and the Cloud

Cloud security is different from traditional network security. The reach of cloud computing goes way beyond a self-contained network to include devices, data, and software that are not under direct control of an organization’s IT infrastructure. That’s why a holistic, multilayered approach like zero trust cloud security is the key to protecting the organization’s assets and users in private cloud, public cloud, and hybrid cloud environments.

Intel® Security Products

Intel’s comprehensive approach to security encompasses hardware, software, and tools that support secure computing in the cloud, in the data center, and at the edge.

Learn more

Security in the Cloud

Secure cloud computing relies on three core capabilities: confidentiality, integrity, and availability. Those three pillars of operation enable organizations to enjoy the on-demand computing and storage resources offered by the cloud while managing risks.

Learn more

Cloud Security Architecture

A multilayered security architecture of hardware and technologies is essential to protecting data, workloads, and systems in the cloud. The security strategy and implementation plan should be integral to cloud platform design and not be added as an afterthought.

Learn more

Cloud Deployment Models

Different cloud deployment and service models may require different security policies and practices. For example, security in a purely private cloud environment will differ from public cloud or hybrid cloud deployments, while SaaS, PaaS, and IaaS may vary in the number and type of users, runtime encryption needs, and the degree of control exerted by the cloud service provider.

Learn more

แสดงเพิ่ม แสดงน้อยลง

Frequently Asked Questions

Zero trust is a comprehensive framework that is designed to achieve rigorous security, identity, and compliance management by protecting all hardware, software, data, and users on an organization’s network and in the cloud. While traditional security strategies such as firewalls may award trusted status to users and devices within the defensive perimeter, a zero trust approach relies on repeated, continuous authentication before granting access. Intel’s security technologies and platforms contribute to zero trust frameworks by addressing the growing and evolving threats of cyberattacks on physical and virtual infrastructures.

Cloud computing operations can be vulnerable to new attack vectors that are not protected by a traditional, defensive, perimeter-based cybersecurity strategy. A zero trust cloud security framework can be more successful at addressing business concerns that are heightened in cloud operations, including data theft, supply chain vulnerabilities, and compromised remote workers or networks. The zero trust framework mitigates those and other cyberthreats with constant authentication and validation of users and devices before granting them access to the network and its resources.

A dynamic, flexible, zero trust security framework helps organizations protect data, applications, and business models from cyberattacks. Zero trust is especially important in environments such as a public cloud or hybrid cloud where a holistic, comprehensive security strategy is a critical need.

Disclaimer3

ข้อมูลผลิตภัณฑ์และประสิทธิภาพ

1The State of Zero Trust Security 2021: Identity and access management maturity in global organizations,” Okta Inc., June 2021, okta.com/sites/default/files/2021-07/WPR-2021-ZeroTrust-070821.pdf.Intel does not control or audit third-party data. You should consult other sources to evaluate accuracy.
2Codenames are used by Intel to identify products, technologies, or services that are in development and not publicly available. These are not "commercial" names and not intended to function as trademarks.
3

ความพร้อมของตัวเร่งความเร็วจะต่างกันไปขึ้นอยู่กับ SKU เยี่ยมชม 1···หน้าข้อมูลจำเพาะของผลิตภัณฑ์ Intel /1 เพื่อรับทราบรายละเอียดเพิ่มเติม