| copyright | lastupdated | keywords | subcollection | ||
|---|---|---|---|---|---|
|
2024-08-01 |
bare-metal |
{{site.data.keyword.cloud}}
{: #bm-hardware-monitroing-security-controls}
The escalation and sophistication of malicious threats has you employing more stringent security requirements and scrutinizing every aspect of your execution environment. You're looking to your cloud providers to offer hardware monitoring and security controls that can determine whether a workload is running on trusted hardware in a known location. {{site.data.keyword.cloud}} is leading the way to help you deploy hybrid and cloud environments with enhanced security verification of your launch environment by using Intel® Trusted Execution Technology (Intel TXT). {: shortdesc}
{: #bm-how-txt-works}
Intel TXT provides hardware monitoring and security controls that help make sure that a workload that is deployed on or migrated to the {{site.data.keyword.cloud_notm}} infrastructure is running on trusted hardware in a known location.
Intel TXT analyzes and measures the components of a computing system from the operating system or hypervisor to the computing system’s boot firmware and hardware. The analysis includes the system’s basic input/output system (BIOS), main boot record (MBR), and boot loader. The measurements are compared to a standard baseline to determine whether the system is trusted or untrusted. System software and local or remote management software can use the trust decision to allow or deny a workload from running on that a computing system. Since Intel® TXT performs the analysis and measuring during boot up, the added security doesn’t add any increased processor usage to applications.
The baseline measurements are stored on a Trusted Platform Module (TPM) hardware device. The TPM device is integrated within the server system and provides a range of Intel TXT security-related functions.
{: #bm-what-txt-does-for-you}
Intel TXT is especially advantageous for large enterprises subject to compliance and audit regulations, such as healthcare, financial services, and government organizations. It helps make sure that tracking of all trusted resources can be integrated, managed, and reported on with the relevant compliance organizations (HIPAA, PCI, FedRAMP, ISO, FISMA, and SSAE 16). For the first time, these organizations are able to certify that a cloud computing system is secured for workloads such as
- Governance and enterprise risk
- Information and lifecycle management
- Compliance and audit
- Application security
- Identity and access management
- Incident response
{: #bm-special-txt-technical-notice}
Intel TXT is provided by Intel® and operates on the {{site.data.keyword.cloud_notm}} {{site.data.keyword.baremetal_short}} that require specific technical knowledge to support and manage. The {{site.data.keyword.cloud_notm}} current delivery model can turn Intel® TXT either on or off. {{site.data.keyword.cloud_notm}} can't assist with configuration of Intel TXT settings because of the sensitivity of customer environments and data. The recommendation is that you either include Intel TXT-trained staff or engage with a consulting firm with expertise in orchestrating root of trust and measured launch environment (MLE) architecture.