To avoid security issues with Infrastructure as a Service (IaaS), many security-conscious companies use a simple
solution: encrypting objects before they are placed in the cloud. Unfortunately, this approach isn't optimal for mitigating security issues with Platform as a Service (PaaS).
PaaS creates the environment for data access and processing. In the PaaS environment, data must be accessed, modified and stored. This means data will require decryption and re-encryption, thus introducing key management issues.
Encryption challenges are far from the only security issue with PaaS. In this tip, we'll examine PaaS security challenges companies should consider when contracting with a PaaS provider.
PaaS security challenge: Data location
PaaS offers the development environment for software along with the storage capability for resultant output or files. The actual platform is not a single host rather the platform and can be thought of as groups of clustered hosts. This means that, physically, the location of your data cannot be isolated to a specific sector on a specific host. The lack of a single location for data adds to the security challenge, since a single location is easier to secure than many.
PaaS holds the promise of reducing the cost of software development by providing the development tools and environment, such as software, storage areas and the necessary workspace. The PaaS environment achieves efficiency in part through duplication of data.
The duplication of data creates high availability of data for developers and users. However, data is never fully deleted; instead the pointers to the data are deleted. This distributed data remains, like any other data. The difference in this case is that the exact location is unknown, creating another security difficulty.
PaaS security challenge: Privileged access
A popular feature in PaaS is the advertised "built-in debug." Software developers typically use debug in order to work through problems found in code. Debug grants access to data and memory locations, allowing developers to step through code and modify values in order to test various outcomes. Debug offers the equivalent of privileged access and is a highly desired tool for developers but also for hackers.
Another advantage of using PaaS is that the organization does not have to deal with the balancing act between security and programmer privileges. Oftentimes, programmers want to work within the privileged environment and simply request full access rather than going through the process of determining which specific privileges are actually needed. By moving development into the PaaS environment, an organization transfers the touchy problem to the cloud service provider to resolve. Obviously, this does not guarantee the safest or best resolution of the problem, but it moves responsibility to another entity.
PaaS security challenge: Distributed system
The PaaS file system is often highly distributed. One popular implementation uses the Hadoop distributed file system(HDFS). The HDFS service uses independently managed Namenodes/Namespaces; the nodes may be independent, but the cloud service provider (CSP) owns the cluster so it is likely that standardized configuration paths will be in place. The HDFS uses the following default ports: 50070, 50075 and 50090. These ports are TCP ports, but they represent attack vectors where various inputs can be tried in an attempt to cause failures or DoS behaviors.
Additionally, using Map Reduce requires allowing TCP access on ports 50030 and 50060. Other ports require opening for Namenode, Datanode(s), Backupnode, Jobtracker and Tasktracker. Since these are used for operations and management, they also present potential attack vectors.
While it is important to recognize that potential attack vectors are not real vulnerabilities, they represent areas that require additional analysis before committing to the PaaS architecture. Evaluation of the traffic flow and the security mechanisms in place are minimal requirements. The CSP should be able to provide the necessary security, but the responsibility for verifying this belongs to the client.
About the author:
Char Sample has close to 20 years of experience in Internet security, and she has been involved with integrating various security technologies in both the public and private sectors. She is a doctoral candidate at Capitol College, where her dissertation topic deals with the use of cultural markers in attack attribution.