Virtualization: VMs decoupled from hardware. Can’t use TPM, UEFI, secure boot, etc. VM mobility, complex lifecycle, strong isolation.
Cloud Computing: Treat your systems like cattle, not pets. Management process at scale. Distributed cloud.
Service Providers: trust boundary between tenant and service provider. Governance, risk, compliance. Cloud adoption blocker? Distributed accountability.
Administrator privileges – a risk factor. Stolen admin credentials. Insiders. Malicious service provider staff. They WILL be compromised.
Principles: Assume breach, trust boundaries.
Microsoft is introducing the “Trust Plane” between the Fabric and the workloads.
Virtual Secure Mode: Separate address space isolated from host OS. Enforced by hypervisor using hardware. Small “trustlets”. NO Windows stack, no network, no drivers, etc.
VM protected at rest and in transit: VM encrypted on disk, encryption key is locked in virtual TPM. Secure key exchange within the trust plane. Fabric and control plane have no access to keys.
Showed a demo where a tenant admin could NOT open a bitlocker encrypted VHDX.
Attestation service – Uses physical TPM, vTPM and UEFI. If a host is rootkited, it will invalidate the trust chain and be evicted from the cloud. Provider admin can’t open a console to a shielded VM.
Protect Workloads from direct attack
Encryption does not protect against legitimate access. Identity management is fundamental.
Demo: Privileged access control. Just in time and just enough privs to do you job. Shows off a portal to request privs, then it contains your privs to a specific part of the system.
Reduce attack surface: Nanoserver
Harden for common attacks: pass-the-hash mitigations (LSA in VSM). Applies only to Windows 10 and Server 2016.
Operations Insights Security Pack
Shows a demo of a pass-the-hash attack where the Microsoft product detected and alerted on it in real time.
Bottom line: Get servers with TPM 2.0 and UEFI.