Skip to content
Cyber Security Inside Podcast

#41 – Demystifying Data Centers and the Cloud

Have you ever wondered where the cloud lives, or what the inside of a data center looks like? Jake Smith, a director of Data Center Platforms Marketing at Intel, demystifies the answers to those questions and more in this fascinating episode of Cyber Security Inside.

 

We cover:

•  The infrastructure of cloud service providers and data centers

•  The kinds of security measures implemented to keep massive data centers secure, and what those facilities look like

•  Whether or not we, as individuals, pose any security risk as we operate via the cloud, and how those potential risks are mitigated via continuous updates

•  The biggest privacy and confidential computing trends we should be paying attention to over the course of the next three to five years.

.and more!  Tune in to join the conversation!

 

The views and opinions expressed are those of the guests and author and do not necessarily reflect the official policy or position of Intel Corporation.

 

Here are some key take-aways:

•  Data centers are gargantuan, and they require heightened security across multiple tiers that can include everything from key cards to biometrics.

•  Diligence is critical wherever the workload is being processed.

•  With a server infrastructure where you have millions of servers, even small anomalies can be detected, which is vitally important in finding and detecting security vulnerabilities and reducing Defects Per Million overall.

•  Security begins with the device.

•  Software guard extensions and scalable applications that take advantage of SGX are crucial to the future of computing.

•  And encryption is key.

 

Some interesting quotes from today’s episode:

 

You can’t argue, ‘Well, my on-premise environment is different than my cloud environment,’ because if the data is moving from the edge to the cloud, it has to be secure, encrypted and accounted for every step of the way.”

 

For many people it [the inside of a data center] looks daunting, maybe like something out of the movie The Matrix.”

 

The cloud has become a mirror of us as users on the outside, and I think we have to understand that.”

 

Security is a journey, it is not a point in time. It never ends. Hope is not a security strategy, and so we certainly don’t embrace hope. We actually embrace technology.”

 

“Encryption, encryption, encryption. Encrypt everything.”

 

“Only the paranoid survive, and only the most paranoid survive hackers at the scale that we’re seeing hackers come at us today.”

Share on social:

Facebook
Twitter
LinkedIn
Reddit
Email

Tom G: [00:00:00] Hi, and welcome to Cyber Security Inside Podcast. I’m Tom Garrison, and I’m happy to be here today with my cohost Camille Morhadrt. Well, we have an interesting guest that we’re going to talk to today and we’ll mention this in a little bit, but, uh, somebody I’ve worked with for a very long time at Intel and, and as also a podcast are over on our data.

Camille M: [00:00:25] You know what I like about. This interview is we get to make the cloud real. So I always think of it as a little bit of an abstract concept. You upload all your stuff and really where does it go? I mean, it goes into this ethereal kind of space. We don’t, we don’t know where it lands. And we hear about cloud farms, but really what are those things? Where are they? And are they safe? And he actually breaks it down for us into exactly where your stuff is kept and what those things look like. What does the cloud look like?

Tom G: [00:01:02] That was exactly where I was going to, you know, when we talk about. Really demystifying. What is the cloud and what does a data center even look like? I think a lot of people may not be in the business, may not understand the scale that we’re talking about for these cloud providers. And, and so I think there’s a lot of hopefully entertaining and educational content in our conversation with Jake. And I, I don’t think I’ve mentioned his name, his name’s Jake Smith. And I’ll introduce him here in a moment, but he is a long time friend of mine, just the nicest guy, super smart as well.

Camille M: [00:01:42] No, I really, I really enjoyed the conversation and, uh, I’m looking forward to people being able to hear kind of straight from him. What is cloud, what’s it all about and how is it secure?

Tom G: [00:01:53] All right. Well, let’s kick it off with Jake.

Tom G: [00:02:39] Our guest today is Jake Smith. Jake is a director of Data Center Platforms Marketing at Intel. Throughout his 20 plus years at Intel, Jake and his team have worked to support the development of a broad set of technologies, including non-volatile memory, virtualization security, manageability, storage, storage defined solutions for data centers, cloud computing technologies for storage devices, and many more. That was a very, very long list. We probably could’ve gone even more cause I I’ve known Jake for so long.
Jake is also an active member of the Intel Black Leadership Council and has been a technical advisor to the Open Data Center Alliance. So Jake, welcome to our podcast.

Jake Smith: [00:03:25] Tom, it’s just an honor to be here. You and I have known each other a long time. I would like to say more than half our lives, but I’d like to live a little bit longer. (laughs)

Tom G: [00:03:33] Maybe so far.

Jake Smith: [00:03:36] So, so far. It’s been a great journey, uh, and an honor to be here with you and Camille.

Tom G: [00:03:41] And you do a podcast at Intel as well that maybe some of our listeners have heard of. Can you talk about that for just a second?

Jake Smith: [00:03:50] Well, yeah, I’ve been fortunate enough to do, uh, several hundred episodes of Conversations in the Cloud where we talk about security and data-centric technologies.

Tom G: [00:03:58] That’s great. So Jake, can you spend just a minute or two and talk about your role currently at Intel? And I mentioned obviously the whole thing of all your background, but what are you working on today? And, um, and how does that relate to some of our challenges around security?

Jake Smith: [00:04:18] I think we’ve said this before, and you’ve really led the organization in my opinion of driving this idea of end-to-end security. And for our data center customers that begins not when the system arrives in the data center, uh, much of that work begins at the very tip end of the supply chain and custody of ownership and IP is a very, very important thing across the entire supply chain, particularly for our cloud customers who are moving many of these products right into their data centers. You know, There’s well-publicized security breaches, whether it’s microcode breaches or it’s breaches of having chips on boards that were not that designed in there, those kinds of breaches are a part of the data center supply chain.
My current role as Data Platform Marketing is working with our largest partners to ensure that they can deploy all of our security technologies and all this security technologies that we [00:02:30] mutually work on together across our entire supply chain. And that’s critically important for our future and for the security of our data center customers worldwide.

Tom G: [00:05:18] Yeah. You know, it’s, it’s interesting because from our podcasts, we’ve covered all different kinds of security topics. And obviously my background is, is currently more on the client side. But the, the infrastructure around say a cloud service provider or some of these larger installations [00:03:00] is just fascinating. And I wonder if maybe if you could just spend a moment for our listeners who may not really have a deep appreciation for how unique these environments actually are and how important obviously security would be in terms of uptime and other things that these service providers will think about.

Jake Smith: [00:05:59] You know, data centers are really built in what we call multiple tiers. You have a tier zero, which is sort of a lower end security; it has less backup capabilities, and maybe you don’t invest as much in security because it’s a shared environment. You have tier ones, tier twos, tier threes, to fours and tier fives. And you can go to the uptimeinstitute.com to find out more information about the tiering of data centers.
But within that tiering security, as you pointed out, Tom is priority number one. And it begins with, uh, levels of physical security. So many data centers are built where you have physical security either in location, the location is not known, or the location is only known to those who are actually going to be working on it, or you have physical barriers around the fence.
Then you actually get inside the building you have key card security, you have biometric security. You have all kinds of different types of security. You can have weight security. Um, some people have actually what they call the kill room, where you have to walk in–or a dead man’s chamber–and you have to actually, you get a body scan before you then go to the next chamber so that they can determine your actual body weight and body makeup When you walk into the data center and your body weight and body makeup when you walk out of the data center. Obviously, if you increase significantly–even five to 10 ounces–while walking in and out, something is leaving with you. Okay. Or something went into the data center that is still in the data center that you brought with you. So these are the kind of measures of security that you can do on the physical side.
Now let’s get into the Silicon security because you know, that’s what we love. That’s what we live in and breathe. When you talk about the chain of custody, we’ve invested so much in the chain of custody, uh, in, in areas in 2020, as, as your team was very much a part of this we launched confidential computing, uh, with Microsoft and an industry, consortia of leaders who are very much focused on the ideas of privacy, encryption, and security. Uh, we’ve continued to add capabilities like advanced encryption instructions in our Third Generation Xeon, scalable platform, formerly known as Ice Lake. Uh, we’re adding new features like software guard, extensions for a scalable, what we call a secure enclave technology that’s uniquely [00:05:30] available only to Intel customers worldwide.
So for us security begins at the front door and it ends when they retire. And certainly in the data center, it begins with the building of the concrete at the data center and it doesn’t end until frankly we burn up the devices and throw them away at the end.

Camille: [00:08:13] I want to back you up just a little bit, because you’re way advanced for me in this realm. And I’m still struggling with several years ago kind of concept of on-prem or in the cloud. You know, are you going to keep all your servers as a company, all your data in your own site so that you, you can have them behind a locked door and somebody can, you know, like you say, walk in and out, but you know who that person is already and you’ve already, you know, maybe identified that person. Versus it seems to be a massive trend right now to shift a lot of data and data storage and processing to the cloud.
Do you know who the cloud is? or where it is? or who’s running it? or what kind of security checks are there? How do you kind of measure that now?

Jake Smith: [00:08:59] Yeah, well, that’s part of the reason that we launched efforts like confidential competing with our largest cloud partners, uh, –Microsoft, Amazon, Google, all members, and many Silicon providers, too, who all want to participate in consortia like that, where we can all come together. A good example, where the mitigations that we had to go through last year when it had to do with Spectrum Meltdown and how we came together as an industry. and all came together. But it also showed us that real time daily updates–big point: real time daily updates are a critical survival mechanism for anybody who is going to live in the current digital world.
The cloud is everywhere and cloud-first workloads actually begin to take a leadership position in terms of the number of workloads. Amazon is clearly the leader in cloud computing worldwide, but they’re closely followed by Microsoft, Google. Ali-Baba Baidu, 10 cent, many leaders around the world. These leaders have security issues and are constantly being attempted to be hacked around the world by we call them black hats or white hats or bad people or good people, however you want to describe them. There are people who have good intent to ensure that you have a secure environment and there are people who find vulnerabilities, take advantage of that and ransom people; those are not considered good people.
But we have to constantly be diligent here, Camille, and I think what we learned from Spectre Meltdown and what we’ve learned on an ongoing basis, moving forward in the data center from edge to cloud, you have to be diligent wherever the workload is being processed. You can’t argue, “Well, my on-premise environment is different than my cloud environment.” Because if the data is moving from the edge to the cloud, it has to be secure, encrypted, and accounted for every step of the way.

Tom G: [00:10:52] You know, one of the areas that I find is fascinating is, is not just a trend towards these cloud workloads, which is by itself interesting, don’t get me wrong. But I find it fascinating, just the engineering and the size and scale and scope of these data centers. You know, describe what these data centers even look like.

Jake Smith: [00:11:18] Well, um, the way I like to think of it, because, uh, here in the United States, American football and worldwide, uh, soccer or worldwide football is very, very popular. So just think of a stadium. Okay. Take the, the size of the pitch if you will, or, or the football field, or even the baseball diamond, and then multiply that by six or eight times. Okay. But then imagine, okay if you were a spectator viewing that. Okay. So it’s probably two to three football fields wide, uh, and maybe eight football fields steep that then infrastructure–which is between 18 and 40 feet high–it depends on your architect, but we like to think of 18 to 22 feet is a good level.
On top of that 18 to 22 foot structure, you will have chiller, coolers. You might even have solar devices. There’s some new found space technology that we call space cooling technology. That’s very interesting. You’ll find all kinds of devices that are used to move the air, the air conditioning, and actually the flow throughout the building there’ll be on top.
Then when you actually look inside the building, you’ll have what we call plenum wiring throughout the building. Okay. And for many people it looks daunting, maybe something out of the movie Matrix, perhaps. But again, we’re talking about a million square feet of server space available with megawatts of power, 50 to 150, sometimes up to 250 megawatts of power being poured into a data center. That data center will also have backup and it’ll be available to run 24/7, 365 days a year.
By fortunate, we live in the Pacific Northwest, uh, near one of the most important dams, uh, which is the Columbia River Dam and the Columbia River valley, uh, where the world’s largest cloud providers have their, some of their largest data centers. And so, uh, if you ever want to look at the pictures of those data centers, just actually, you can pull them up [00:11:00] online, [email protected], aws.com data centers and microsoft.com and azure.com data centers, where they actually show you–and Google has the exact same thing.
Where they’ll show you where all of their data centers are located throughout the Columbia River valley, what they look like. They’re very impressive. Um, and, and, you know, the one thing that we’re excited about as a company is we’re building towards sustainable infrastructure because we’re in the Columbia River valley, this is a zero carbon footprint. It’s a hydro infrastructure that is powering these data centers. And so it allows us to continue to acquire renewable energy throughout the Pacific Northwest to then power some of the world’s largest data centers here with some of the great companies around the world.

Tom G: [00:14:03] And that’s a great point and the scale is massive. And if you now move that towards the workloads itself–from a security standpoint–they become really, really important because now you can find and sort of [00:12:00] see and measure at levels of scale that you can’t really see anomalies in let’s say a client world. Where, you know, people are, we, they don’t like it, but if a PC blue screens or does something wacky, we’ve all sort of trained ourselves to just reboot it and it comes back up and you’re back in working order. But on a server infrastructure now where you have millions of servers, even small anomalies can be [00:12:30] detected. And I think that that is something that people aren’t necessarily thinking about when they think about these data centers. They become a really important arsenal for us in terms of finding and detecting, uh, security vulnerabilities.

Jake Smith: [00:15:07] Well, that’s, that’s a great point. Um, we call it DPM and that’s Defects Per Million and you and I have lived through that and Camille’s lived through that as well. And ultimately the difficult thing that we have to adjust to and the problems that we have to deal with that [00:13:00] multiply when you have millions of servers are magnified from a security perspective inside a data center and that magnification when it’s really more like 2-4 4 million servers, um, is that anomalies start happening in the a hundred thousand units and they start to actually build up.
So we work very closely with our cloud customers to get the defects per million below 0.05. And that is our target methodology. Less than 500 per [00:13:30] million and we’ve actually trending there. And with our 3rd Generation Xeon Scalable, we were able to achieve that.
It’s not just security it’s in part reliability. A rebooting server actually presents a security problem for everybody.

Camille: [00:16:56] I was just going to ask you that. We’re instructed to reboot our PCs somewhat regularly. So you said data centers are on 24/7, 365. So are they ever rebooting? or are they rebooting and parts at a time? So there’s always something on, how are they handling that?

Jake Smith: [00:16:16] Well, one of the reasons that you sign NDAs is that you don’t reveal that publicly. (laughs) But I will just say that there are multiple ways for our largest cloud customers to reboot their environments.
Some of them actually create a seamless environment. Some of them do it in waves and some of them actually try to avoid rebooting completely. But you actually have to do updates, so with virtualization, you have the ability to update environments, actually move virtual machines off of your servers physically, and then bring them back. So you have a lot of flexibility with virtualization that we’ve never had before in the data center.

Tom G: [00:16:51] So what do you think are some of the, uh, important trends that our listeners should be aware of when it comes to cloud and, and just infrastructure in general, relating to security.

Jake Smith: [00:17:06] Well, so, so first of all, uh, the most secure data centers in the world in my opinion, are run by our largest cloud customers. They’re typically tier three, tier four and tier five. There are a couple of tier six out there, uh, and they know who they are and I’ll leave it at that. But, you know, in general, uh, the cloud architects and leaders in security are the best in the business that the smartest humans I’ve ever worked with, uh, in the industry.
But, um, all of our listeners need to understand security begins with the device. So it, in many cases begins with the PC. So all of the things that go into the cloud must go, you know, it’s good data in secure data in secure data out. Okay. And so the cloud has become a mirror of us as users on the outside. And I think we have to understand that. There’s not an application today being developed that I am aware of that is not also having a front end cloudified version of it. So while it may run on premise, it will also run in a hyperscale cloud. And so that’s critically important.

Camille: [00:18:16] Do we introduce any kind of security risk? Like you’re in this giant cloud infrastructure, you’re even saying, take a single one, many, many footballs fields wide and, and high and all kinds of devices that are out on the edge–all of us walking around with our phones and computers–inputting data or information that’s then being stored or processed in the cloud.
How do we make sure that somebody’s bad decision to click on something isn’t than infecting the entire data center?

Jake Smith: [00:18:49] Well, that’s part of the reason why these cloud providers do continuous updates. That’s part of the reason why we work with these cloud providers, through our DPA organization, do a firmware, microcode and bios updates throughout the life cycle of our products. And that is the life cycle assurance vision that Tom had before he left us for the client guys, uh, and, and we’ve stayed true to that. Uh, you know, uh, security is a journey. It is not a point in time. It never ends and a hope is not a security strategy. And so we certainly don’t embrace hope. We actually embrace technology.

Tom G: [00:19:23] You know, it’s been a while since I’ve been over on server lands. So I want to know like, what’s coming up. What should we as maybe users look forward to in the next, I don’t know, three, five years?

Jake Smith: [00:19:35] Well, I think software guard extensions and secure enclaves are huge. And that’s why we launched confidential computing with Microsoft because we both believe in privacy and confidential computing as core to who we are as companies. And so software guard, extensions, and scalable applications that take advantage of SGX are really, really critical to the future of computing in my opinion. And I’m super excited about the work that we’re doing across the industry and across our OEM, specifically Dell, HPE, and Lenovo, and Cisco who have embraced SGX and gone out and really built environments to take advantage of these capabilities.
So, uh, and there are many other OEMs and I don’t want to offend anybody that I didn’t mention, but you know, these four are leaders in their industry and they’re continuing to do that both on premise and in the cloud. Um, and then the second thing that I think is really important–and Tom, you know, I’ve been saying this for years—encryption, encryption, encryption. Encrypt everything. We have the best encryption platform in the industry. The 3rd Generation Xeon Scalable even improves our advanced encryption instructions even further. We are a leader in encryption technology, and I just think Wajdi and his team are some of the best in the industry. And please, please, please have him on your show because I think he is fantastic. And our listeners do, you know, just do a day of encryption, should learn more about what we’re doing and Wajdi ?Feigali? is amazing there.
So I think those are the two big trends that we have to pay attention to. And I’m always a fan of Andy Grove. I think Grovian philosophies are, uh, you know, maybe again, I’m 20 years in, so I’ve been washed and dipped in blue, but, um, you know, this is: only the paranoid survive and only the most paranoid survive hackers at the scale that we’re seeing hackers come at us today.

Tom G: [00:21:31] That’s great. Well, Jake has been fascinating. I, I, you know, our friendship has been a long, a long one and, and certainly a valued one, but it’s great to have you on the show, but before we go, uh, we have a segment that we like to call fun facts. And so we offer our guests and then Camille and I take a shot at it as well about sharing, interesting little tidbits that our listeners probably didn’t know and you think that they would find potentially interesting. So do you have something in mind that you’d like to share with our listeners?

Jake Smith: [00:21:55] Well I do. This favorite fun fact is, is sort of my guardian angel. There’s a lot of stories around it and I’d love to do a podcast on Roberto Clemente. So if you’re out there and you’re part of the Roberto Clemente, please find me. I would love to do a podcast with you, but Roberto Clemente, fun fact about him, was the first Latin American born player to win a World Series as a starter. He also was named MVP and he was also the first world series MVP and the first Hispanic player to be elected to the Hall of Fame.
And I just think that’s an amazing fun fact about an amazing player, a man and father. And so that’s my fun fact.

Tom G: [00:22:32] That’s great. And for those of you who don’t know Jake, outside of work, Jake is deeply involved in coaching and specifically coaching baseball. So it’s not at all. And, you know, uh, hard to guess that his fun fact would have something to do with the game of statistics known as baseball.

Jake Smith: [00:22:53] Well, thank you. (laughs) I do love the game.

Tom G: [00:22:58] He’s a great coach by the way, an outstanding coach. Okay. So Camille, what do you have for us today?

Camille: [00:23:02] Okay, I’m going to lean into sports a little bit, but I’m going to take it in a different direction. We’ll do a couple of fun facts about the hummingbird. So during flight, oxygen consumption per gram of muscle tissue in a hummingbird is about 10 times higher than that measured in elite human athletes.

Tom G: [00:23:20] Wow. Hummingbird I think is one of the coolest animals out there. They’re awesome. And it doesn’t surprise me in those. They’re so small and they’re, they’re incredibly fast, too.

Camille: [00:23:33] They are their heart. Their heart rate can reach 12, uh, 1200 beats per minute. And with the exception of insects, hummingbirds in flight, have the highest metabolism of all animals. And another kind of fun fact, and this is the one that got me into it because I had heard this and I just went to fact check it.
If you can fact check something like this. That a hummingbird can fly 500 miles. This isn’t probably not all hummingbirds, but there is a species of hummingbird that can fly 500 miles across the Gulf of Mexico nonstop.

Jake S: Isn’t that amazing?

Tom G: [00:24:07] That is. It’s crazy. Just think about the biomechanics of that. Like. Just, just keeping hydrated. If nothing else, there’s no water there.

Camille: [00:24:15] It is insane. And then if you watch them in slow motion, you know, even if they’re in a wind tunnel or if you just watch them like out in the desert in slow motion hovering, they keep their heads exactly still while their body is contorting, all different directions, the wings and the tail feathers moving every which way as the wind comes literally and tosses them all around to keep their head exactly still and focused. So I think it’s pretty cool animal.

Tom G: [00:24:44] It’s awesome. That’s great fun facts.

Jake Smith: [00:24:47] And they’re wing flaps at 17 milliseconds. Not quite fast enough to run away a network, but really, really quick. (all laugh)

Tom G: [00:24:55] That’s cool. Uh, so my fun fact, you know, with a tip of the hat, to all the people that serve as police officers and keep our streets safe with the radar guns, uh, I found a fun fact that the very first speeding ticket. Very first person convicted of speeding was going an astonishing eight miles per hour. (Jake laughs)

Camille: [00:25:52] Were they in a car? (laughs)

Tom G: [00:25:25] (laughs) I don’t know. I got to believe they were in a car, but I don’t know. Uh, yeah back in the day, eight miles an hour, that was worthy of a speeding ticket.

Camille: [00:25:35] Definitely not hummingbird fast! (Jake laughs)

Tom G: [00:25:38] That’s right. All right. Well, hey Jake, again, I just want to thank you for coming on our podcast. Uh, you’re a great friend and really, really interesting topic today.

Jake Smith: [00:25:48] it’s really great that you guys are doing this. I think, uh, the industry needs more of this and I’m certainly glad to participate anytime you need me. Our friendship is long. Our journey together has been great, and I just hope it continues.

More From