Architecture Matters
It is tempting to simply rely on a provider's SLAs and ignore the gory details – and many providers prefer you do just that, but when it comes to security, details matter. How can you be sure that the physical servers hosting your VMs and data are pristine and uncompromised? Intel has had chip-level technologies to address that issue for generations – specifically TXT – but providers often fail to enable these features. This is equally true for your private cloud servers as it is for providers. Do you have data locality requirements? Intel TXT addresses this concern as well with geo-location and geo-fencing. Refer to NIST 7904 for information about trusted geo-location. When combined with encryption, you can ensure that your company's virtual machines and data cannot be hijacked and copied to another cloud where they could be subjected to a brute force attack at the BIOS level. Ask your providers about their trusted platform and TXT support.