Upload
biovia
View
393
Download
0
Tags:
Embed Size (px)
Citation preview
Balanced Cloud Solutions For the Life Sciences Enterprise
Chris Gough, Intel
Lead Healthcare Cloud Computing Architect
Agenda
• Forces Shaping the Industry • Intel Cloud Vision • Intel IT Cloud Initiative • Intel Healthcare Cloud Capabilities • Summary
Building Surge of Health & Life Sciences Data
•Digitization of healthcare data •Higher resolution images, sound, video •New data types; e.g. genomics •Longer retention needs •Health information exchange, and proliferation of duplicates •Sensitive data must be protected everywhere •The data surge is challenging performance
• Usability of healthcare apps, productivity of caregivers, quality of care
Hardware Enabled Security protects surging healthcare data, with high performance
Health & Life Sciences Cloud Computing
Business Drivers Concerns
How to maximize benefits and minimize concerns? One size does not fit all
Cost Reduction: Economies of
scale, multi-tenancy
Agility: Elasticity, provisioning
Availability: Highly redundant,
geo-dispersed
Leverage External Expertise
Security & Privacy: Data
breach, IP, regulations
Data Sovereignty: Where is my
data?
Auditability & Compliance: Complicated by distributed cloud
Vendor Lock-In
Agenda
• Forces Shaping the Industry • Intel Cloud Vision • Intel IT Cloud Initiative • Intel Healthcare Cloud Capabilities • Summary
Intel Cloud 2015 Vision
Federated Share data
securely across public and private
clouds
Automated IT can focus more on innovation and
less on management
Client Aware Optimizing services based on
device capability
Workstations/ Desktops
Laptops Embedded Smart- Phones
Netbooks Tablets Smart TVs
From Vision to Action
Define and Prioritize IT
Requirements
IT & Service Providers
Take Advantage of New
Capabilities In Intel Platforms
Utilize Proven Reference Solutions
to Ease your Deployments
Products & Technologies
Intel® Cloud Builders
Helping IT on path to Cloud 2015
Agenda
• Forces Shaping the Industry • Intel Cloud Vision • Intel IT Cloud Initiative • Intel Healthcare Cloud Capabilities • Summary
Considering Cloud Deployment Today
Hybrid clouds
Cloud Brokers
Intel IT Strategy: develop private cloud while adopting selective best of breed public cloud services
Best for: • Security
• Compliance and Governance
• Interoperability
Example: Medical Records, Images …
Deployed behind firewall for an organization’s internal use
Best for: • Rapid Deployment
• Reduced Capital Expenditure
• External Vendor Expertise
Example: Training, Patient Billing …
Services via public internet, multi-tenant
“Private Clouds” “Public Clouds”
Intel’s Cloud Journey
Tomorrow
Hybrid Cloud Large
Private Cloud Limited
Public Cloud
Today
• 65% Virtualized
• 80% of New Services in the Cloud
• Under 1 Hour to Deploy Infrastructure
• Land Applications in Minutes
• Automation: Lower Cost with Less Resources
• Open Cloud for Bursting Capacity
Transformation of IT
Business Unit Control at High Cost
IT Control at Low Cost
Business
IT
Shared Control at Optimized Cost
Business & IT
IT
Business/IT
Business
IT IT
Business/IT
IT
By 2013 Hybrid Applications are the Norm IT controls data integration, security, governance and cost
Business Business
Embedded IT Business Owned
Centralized IT Cost Center/Service Provider
IT Integrator Service Broker
IT controls data integration, security, governance and cost
Agenda
• Forces Shaping the Industry • Intel Cloud Vision • Intel IT Cloud Initiative • Intel Healthcare Cloud Capabilities • Summary
Scalable, Secure, Cost Effective
• Compute: Xeon E5 processor I/O innovations
• Network: Unified network on 10GbE fabric
• Storage: Tiered storage solutions that balance responsiveness, capacity & cost
Balanced Cloud Solutions
Intel Security Focus Security & Trust Built-In
14
Recovery and Enhanced Patching
Detection & Prevention of
Malware
Securing Data and Assets
Identity Protection & Fraud
Deterrence
Robust, High Performance, Hardware Enabled Security
• Performant, eg encryption
• Robust (hardened), eg advanced
behavior / heuristics anti-malware
• Usable, eg manageable systems “just
work”, 2-factor authentication
• Cost effective
• Migrate core security logic to hardware
• Integrate separate security hardware
• Security software on general hardware
• Separate security hardware
Enabling Healthcare with More Usable and
Secure Safeguard Solutions
General Purpose
Hardware
Security Software
General Purpose
Hardware
Core Security
Logic
Core Security
Logic
Security Software
Core Security
Logic
Trend
Better
Performance,
Robustness,
Usability, Cost
Time
Separate Security
Hardware
Past
Tren
d
Fu
ture
EHR
Hardware
Software
Usable Healthcare Security Today
with Vertically Integrated Safeguards
Virtualization
Healthcare Endpoint
Out of Band
Management
Encryption
Instructions
Anti-Malware Remote
Management
Encryption /
Decryption
Encryption Anti-
Malware Secure
Management
Enable Healthcare with Usable Security, a Better User Experience, Improved Compliance, and Reduced Risk
Anti-Theft
Remote Lock
and Wipe
Anti-Theft
Identity
Protection
Identity Protection
2-Factor
Login
Advanced Encryption Standard New Instructions (AES-NI)
Internet Intranet
2. Encrypted communication on Internet and Intranet
1. Full-disk encryption for hard disks
3. Application-level encryption
Name: J.Doe
SS#
4. Encryption for files on portable media
• AES: dominant block cipher, standard: NIST FIPS 197
• AES-NI:
• Versatile
• 6 new HW instructions
• HW acceleration: 3+ times
• More secure than only software
• Supports all standard usage modes of AES
• Available in 2010+ Intel Core and Xeon processors
AES-NI protects confidentiality at rest, in transit, and is versatile with a variety of different use cases
Hardware Assisted Security for Healthcare
Healthcare Client
AES- NI
IPT Anti-Theft
vPro AMT
Healthcare Server
AESNI
VT SSD
(AES)
SSD
(AES) TXT VT TXT
• SSD (Solid State Drive) with AES: high performance encryption of data at rest
• AES-NI (Advanced Encryption Standard—New Instructions): high performance, robust encryption
• IPT (Identity Protection Technology): strong 2-factor authentication
• Anti-Theft: mitigating risk of loss or theft of a client with sensitive data at rest
• vPro AMT (Active Management Technology): improving manageability, patching and compliance
• VT (Virtualization Technology): accelerates virtualization and enables anti-malware
• TXT (Trusted Execution Technology): protects confidentiality and integrity of virtualized systems
• XD (Execute Disable Bit): prevents execution of malware from data memory
• OS Guard (Operating System Guard): prevents execution of malware from application memory
• Secure Key: digital random number generation
vPro
AMT
XD XD OS Guard Secure Key
Enhancing End to End Cloud Security Intel & McAfee: Securing the Cloud
www.intel.com/cloudsecurity www.mcafee.com/datacenter
Secure Cloud Data Centers
In next 5 years, make cloud security equal to or better than traditional best in class enterprise security
Secure the Connections
Secure User & Intelligent Devices
Industry Collaboration
Available Today Future Developments
Accelerate broad adoption of security standards for cloud & enable broad range of open, interoperable security solutions
Protect infrastructure + policy enforcement & monitoring
Intel VT & TXT, McAfee MOVE AV, McAfee ePO1, Application Control
1 Integrating McAfee ePolicy Orchestrator (ePO) with Intel TXT requires custom integration work
Secure data & traffic between enterprises & clouds
McAfee Cloud Security Platform
Identity & Data Protection
Intel Identity Protection Tech., McAfee Cloud Identity Manager,
McAfee Deep Defender
Broaden & strengthen security enforcement and auditability across cloud infrastructures
Increased integrity assessments between devices
and cloud infrastructure
Enhanced protections against new forms of malware and
identity theft
Hardware-enhanced security + software & services key to achieve mission
Summary
• Healthcare is undergoing a rapid transformation
• Agile organizations will be best positioned to adapt quickly to this changing environment
• Cloud computing can enable agile, cost effective, and highly available solutions… but ensuring security and compliance concerns are addressed is paramount
• Intel is working with fellow travelers to produce secure, high performance, cloud solutions that help meet compliance and integration needs of the healthcare industry
Additional Resources • Chris Gough [email protected] • Intel Healthcare IT Professionals
http://premierit.intel.com/community/ipip/healthcare
• Peake Healthcare Innovations Medical Imaging Cloud http://www.youtube.com/watch?v=1n2dXGWPFmc
• Transforming the Health IT Storage Landscape http://www.youtube.com/watch?v=dhC7O9R_-3w
• Cloud Security: Built from the Ground Up http://www.youtube.com/watch?v=ellmGntUA3w
• GNAX Health: Protecting Healthcare Data in the Cloud http://premierit.intel.com/docs/DOC-6393
• Secure Healthcare Cloud: Start Now http://premierit.intel.com/docs/DOC-6130
• Intel Expressway Product Line http://software.intel.com/en-us/articles/Perimeter-Security-Products/
• Intel Cloud Builders http://www.intel.com/itcenter/topics/cloud/cloudbuilders/index.htm
• Open Data Center Alliance http://www.opendatacenteralliance.org/