By Dave Rokita, VP Operations, Hexagrid.
When broaching the subject of cloud computing with enterprise decision makers, a “We’re not ready to make that jump” response is nearly always followed by a vague allusion to security concerns.
The first thing to understand, however, is that “Cloud” does not necessarily mean off-premise or out of your control. While some industry cloud solutions exist purely as hosted environments providing limited control of overall security, the notion that all clouds are intangible services to which data is surrendered is sorely misguided. This is not to suggest that hosted clouds are inherently insecure or inferior. Before proceeding with a discussion of cloud security, though, it’s necessary to differentiate these two approaches.
As with all business decisions, an organisation’s risk profile, technical resources and corporate culture will factor into which strategy (hosted vs. privately-owned) ultimately makes sense. It’s often not until the nuts-and-bolts mechanics of a cloud migration are considered that the negligible security impact of cloud computing comes into focus.
To illustrate, we’ll consider the security implications a fully hosted solution such as HexaGrid’s V3Cloud. We’ll address risk using the following common attack vectors: physical, network, system (OS), and out-of-band management.
Physical Security
The practical reality is that any legitimate cloud provider has its infrastructure housed in a purpose-built datacenter. Well run datacenters employ multiple layers of security, many of which would otherwise be financially infeasible to all but the largest corporations and nation-states. From the cloud provider’s point of view, ensuring the physical safety of their infrastructure is of paramount concern to the ongoing viability of their business. This fact alone should help ease concerns of those who are reluctant to cede physical control of data storage and processing systems. While poorly run datacenters and maligned business practices will always exist, basic due diligence will expose egregious shortcomings.
Another related consideration is geographic data storage location. This is primarily a legal concern relative to data privacy laws such as the EU Data Protection Directive or the U.S. HIPAA standard. In short, if a service provider can not or will not supply details of data storage facilities, run don’t walk to another provider. In spite of the inherent abstractions involved in cloud service delivery, there is no good reason for a provider to be elusive about where your data may live.
Network
Due to the extremely divergent risk profiles of different industry segments, a good cloud solution will not impede the ability to deploy traditional network or application level security. For instance, the V3Cloud offering from HexaGrid provides the flexibility to implement complex network designs that mirror traditional network security paradigms. Virtual machines can be placed behind firewalls, IDS, and management systems. They can also be trivially deployed across IP-segmented DMZ’s, development and private networks.
Ultimately, an effective cloud solution will enhance network security efforts by simplifying resource monitoring and management, minimising points of entry and facilitating nimble incident response procedures. The ability to quickly isolate suspect systems for post-mortem while redeploying a trusted build is reason enough to take advantage of on-demand cloud services.
System
This one is easy. Properly done, cloud bears no adverse impact on system security and, due to the relief it provides from managing physical and network resources, administrators are left with more availability to address OS and application-level concerns.
Some potential cloud converts still labour under the misconception that migrating to a cloud environment intrinsically grants the cloud provider unadulterated access to all data and system applications. As far as system access is concerned, the provider has enough access to gain console and be presented with the OS login screen. In the event that an attacker has compromised a provider’s management system, their access to guest systems would be restricted in the same way.
The exception to this lies with providers whose virtualization technology requires the use of guest-based software clients. Such an arrangement violates industry-accepted trust models and should be thoroughly assessed to determine the level of additional risk assumed through use of the client.
Regardless of the virtualization technology employed, those with root level access to host systems will have access to stored data. This fact is unavoidable given the state of computer technology and must be addressed head-on where sensitive data is concerned.
All modern operating systems and a slew of third-party offerings provide simple data encryption facilities which, if enabled, work transparently in a cloud environment with negligible impact on performance. As a reference point, HexaGrid’s memory-allocation pricing model does not penalise customers in any way for encrypting their data.
Although it might seem ideal to rely on the cloud provider for data encryption, such an implementation runs counter to accepted best-practices. The compromise of a provider’s management system would invariably result in a compromise of the provider’s key management system, exposing encrypted data for all clients. In situations where encryption is required, a distributed model of key management (with clients maintaining their respective keys) is the only viable solution.
Recap
The cloud model, whether hosted or on-premise, can offer numerous security benefits without introducing alternate avenues of exploitation. While some industry figures have trumpeted the ‘dangers’ of cloud computing, it is nothing more in substance than uneducated paranoia. Systems in the cloud must be secured in the same fashion as bare-metal systems but are afforded the additional high-value benefits of streamlined management, monitoring and resource utilisation.