Safe on the Cloud (A Perspective into the Security Concerns of Cloud Computing)
Date: Thursday , April 02, 2009
Cloud' seems to be the most hyped buzz word in the industry today. Its promise of bringing down the capital expenditure cost, providing an optimum TCO, and an elasticity to grow as per demand coupled with the utility computing paradigm seems to be an irresistible lure to companies.
Cloud also has multiple avatars like:
* Infrastructure as a Service (IaaS), for example, Amazon Elastic Compute Cloud, GoGrid, Sun Grid
* Platform as a Service (PaaS), for example, Azure Services Platform, Force.com, Mosso
* Software as a Service (SaaS), for example, Salesforce.com, Google Apps, Web 2.0
So what's holding back adoption of the cloud?
As per a recent IDC survey security concerns in cloud seem to be the top reason that holds back many from adoption of the cloud. But before we dive deep into the security threats in the cloud, letís take a quick look at the cloud computing stack (picture courtesy: http://wiki.cloudcommunity.org/wiki/Main_Page)
Now let's examine each stack and threat vectors associated with it:
* Cloud Clients: This would typically be your end points (software or hardware) that would provide an end user access to the cloud (platform, services, etc.).
Typical examples would be your browser, a thin client, or even a hardware device like iPhone or CloudBook. Some relevant security concerns here would be:
* Security in the transport protocol between your cloud client and cloud server (preventing tapping, encryption strength, and Man in the Middle attacks)
* Authentication protocol (How strong are the authentication factors?)
* Browser Security (Browsers are prone to vulnerabilities as we all know, and if this becomes popular as a universal cloud computing client then the exploits will be of higher focus, visualize someone stealing your cloud credentials via browser vulnerability and getting access to all your data.)
* Trustworthiness of Clients (How do you ensure that your client is a trusted client and not a rogue client?)
* Client Sandboxing (How do you ensure that your client is in a secure sandbox and canít be compromised by other applications - for instance, a malicious Trojan or Virus - running on your system?)
* Cloud Applications / Services: These are typically services (SaaS) that are delivered via the cloud and hence eliminate the need for a local installation and maintenance. Salesforce.com, Google Docs, and Amazon Web Services are some examples. Some security concerns here would be:
* Multitenancy: This refers to a concept in software architecture where a single instance of the software is used to serve multiple client organizations (tenants). It implies an architecture pattern where the data and configuration is partitioned virtually and each client organization gets its own virtual customized instance. The security challenge here is to have a robust and securely sandboxed multitenancy implementation that prevents data leakage and unauthorized access by co-existing tenants. Data must be securely segregated and encrypted.
* Privacy: This is currently a hotly debated topic. Who owns the data? The EPIC compliant about Google to U.S. Federal Trade Commission about Google's privacy and security standards (aka the Google Docs breach) and the FaceBook Privacy issue have put this facet on a high concern radar. How can users be assured about their data privacy? How can users control and authorize personal data being held by these cloud service providers? These are areas worth exploring from a security point of view.
* Service Level Agreements (SLAs): Quality of Service is another aspect from a security perspective. Is your cloud provider vulnerable to a Denial Of Service attack (DOS)? Whatís the cloud providerís approach to backup and Disaster Recovery?
* Personnel: Who has administrative access to sensitive data? How are they hired and managed?
* Regulations: How compliant the cloud services provider is to regulations like PCI-DSS, HIPAA, and Data Location? What's their policy of communication and risk mitigation for violations? Note that here the risk is highly magnified because if a cloud service provider is compromised then not one but multiple client organizations are impacted.
* Auditing: What are the auditing controls in place? Are external third party audits done? To what level can an illegal activity be monitored and what are the alarms in place?
* Long term viability: What happens if the cloud provider goes out of business? How will the data be returned and in what format?
* Cloud Platform and Cloud Storage: This layer provides the delivery of a computing platform or a solution stack as a service. It comprises of the life cycle support of building and delivering Web applications and services entirely from the cloud without having to download or install anything locally. The framework would include access to virtual machines hosting pre-configured images (with the ability to load custom software), Web services, databases, team collaboration, and so on. The security challenges here are a combination of layer 2 and layer 4 as mentioned here.
* Cloud Infrastructure: This is the core foundation on which all the above stacks are based. Typically, this would be a highly virtualized environment (servers, network, and storage) with an exhaustive Provisioning and Management Framework. For example, next generation data centers. Popular virtualization technologies are VmWare, Microsoft Hyper-V, Citrix, or the newly announced Cisco Unified Computing System (UCS). This is where some core security concerns as the ones listed below come into play from a virtualization perspective:
* Virtual Machines (VMs): How is access to VMs (creation, deletion, execution, and modification) controlled and managed? How are VMs protected (encryption, integrity, and configuration)? How trusted are the resources that the VMs interact with? How secure is the communication between VMs? How can data leakage be prevented between the VMs?
* Hypervisors: Hypervisors provide a virtualized processing environment to host VMs for execution. Among other operations they manage and mediate VMs' access to communications and storage resources, instantiating virtual networks and virtual storage objects. Each hypervisor is hosted on a specific computing hardware platform. The individual hypervisors act under the VmWare's Virtual Data Center Layer (or equivalent) direction to host VMs and to perform related management operations.
The hypervisor layer supports the Virtual Data Center Layer (VDC) by providing processing resources for the VMs allocated to it by the VDC, and relies on the platform layer to obtain these resources. It provides isolation and inspection services for the VMs that it supports, and protects VMs from interference by other VMs. It relies on the VDC layer to manage and provide the policies that it enforces for VMs. Attacks against the hypervisor layer may have dire consequences: successful attacks against this layer may allow attackers unlimited access to virtual machine memory, state, communication, and storage.
VDC-directed management operation requests must be authenticated by their receiving hypervisors. Hypervisors communicate with one another, for example, to carry out VM migration when directed by VDC policies or commands. Mutual trust and authentication between hypervisors is needed for such processes, and it should be supported with secure communications. Hypervisors also must provide virtual networking services for their VMs, provide tools that enable appropriate communications security services to be applied, and designated dataflow controls to be enforced. In conclusion, I hope the above makes us more aware of the security issues in cloud computing and appropriately address them. And then it shall rain!
The author is RSA Engineering Manager, India Center of Exellence, EMC