Introduction to cloud computing security
Cloud computing promises to serve enterprise computing needs while providing cost savings, particularly in the areas of capital hardware, data center management and software development.
The cost-benefit argument goes something like this: Why pay for software, custom-development and hardware when infrastructure expenses and management overhead can be transferred to a cloud computing provider? It's no wonder that as cash-strapped companies scramble for ways to cut costs, many of them are looking to the cloud.
While cloud computing provides compelling benefits, it's highly distributed. A service-based model will also render many of today's existing security architectures obsolete. Security architects will need to re-examine assumptions and derive a security model that can be implemented in a distributed, cloud infrastructure. The traditional "defense-in-depth" approach to security must be expanded beyond on-premise controls to distributed and federated ones that are portable enough to work in a variety of cloud architectures. Rethinking zones is also in order. Protective zones around servers, applications and even individual pieces of data must extend beyond the physical control of the in-house corporate network.
Although some risk can be transferred to the cloud, all of the issues related to accountability and responsibility for protection of sensitive data still rests with the original
Cloud computing infrastructure overview
Infrastructure is defined as those services that make clouds and cloud services available to end-user clients and the transport mechanisms to the cloud(s) and between the various components within the cloud(s).
This illustration represents the common elements within a typical shared cloud computing infrastructure architecture.
Cloud computing takes advantage of the fact that many services and data processes are repeatable. Rather than writing a unique piece of software for each customer, cloud computing enables a single instance of the software, on shared or single-purpose hardware, to be delivered as a service to multiple customers. This saves software developers time because the same code or application can be reused for multiple customers. Commercial off-the-shelf software, for example Microsoft's Exchange Server, provides the same reuse benefit. But cost is incurred by the end-user enterprises that purchase the software and the hardware it will run on, and then pay professionals to manage it.
Much like a global software library where certain repeatable procedures are stored and accessed by many, the cloud computing architecture transfers storage and management of applications -- and the hardware on which they run -- to a set of data centers, thereby creating a virtual software library of sorts. Traditional software libraries reside on a host's operating system. Cloud applications and application mash-ups reside in virtual libraries across multiple host systems and can interact with multiple clouds. These large data centers and server farms supply business services and data management for multiple customer clients, creating a mature "client/server" model for the masses.
However, to ensure that business processes and data are available to appropriate parties, all potential issues involving service failure and data exposure have to be considered. Understanding how the connections to and from the cloud are architected and routed enables companies to assess whether the model will fit their security and protection requirements.
Cloud computing: Enabling application access
Applications provisioned via cloud computing can be made available to users in a number of formats in virtually any location. For instance, corporate application users can access the service from a desk inside the company headquarters, from a laptop in a home office, or from a smartphone at a coffee shop connecting over Wi-Fi or EVDO.
However, for organizations that wish to provide maximum flexibility in regard to connection options, control over network security may be limited. For example, a free Wi-Fi hotspot may or may not have business-level security. In order to secure the connection over an unknown network, companies that use cloud computing must apply some level of transport security that protects data, regardless of whether the underlying network is secured, under the assumption that an unmanaged route is exposed -- and therefore possibly hostile.
The path between the client and the destination server provides an opportunity for an attacker to steal information by passive sniffing or more active man-in-the-middle and replay attacks. One of the root causes for this is the blind trust most applications and users place in IP routing and DNS translation, assuming it is working correctly so:
- The selected IP address is the correct IP address.
- The path taken from the client to the server IP address is the most efficient path.
- The path is somewhat secure.
IP hijinks are nothing new; attackers have been playing routing games since the Internet was created. Cloud computing enables enterprises to trust more of their highly sensitive, mission-critical data to networks and interconnected services that are managed and manipulated by external entities.
Because the underlying network cannot be fully trusted, organizations can compensate for this cloud computing security issue by using a number of methods:
- VPNs (SSL and IPSec) for transport security and optionally mutual authentication between client and server (or client application or service and master).
- Two-factor authentication between services, clouds, and users and applications.
- Data encryption -- even if the data is intercepted by attackers it cannot be read.
- Digital signatures, checksums, hashes and tamper-proofing.
Cloud computing and distributed security
Another concern is where those services and data may live in the cloud. To save money and keep costs low, cloud computing providers often distribute to data centers around the globe where land and labor are less expensive. With the rare exception of an international data protection standard, like the PCI DSS for credit cards, data protection rules and mandates vary greatly.
Organizations need to confirm that regardless of where their data is held and transferred, it is protected at a standardized level based on the customer's requirements, not merely on the laws of the country where the data is transacted, transmitted or stored. These kinds of controls can be written into the service level agreement (SLA) prior to signing with a provider.
Cloud computing services leverage economies of scale and create robust, meshed infrastructures. Cloud computing also moves much of our most important business data out of the corporate network and into the cloud.
To ensure corporate data and services are protected and available, security architects need to update their architectures to ones that work in highly distributed environments. For starters, assume the underlying network is untrusted and protect the information at a higher level both with encryption and with strong SLAs that set baseline controls regardless of where the data or application resides.
About the authors:
Diana Kelley is a partner with Amherst, N.H.-based consulting firm SecurityCurve. She formerly served as vice president and service director with research firm Burton Group. She has extensive experience creating secure network architectures and business solutions for large corporations and delivering strategic, competitive knowledge to security software vendors.
Char Sample is a research scientist at BBN Technologies specializing in network security and integration issues.
This was first published in June 2009