300 J.P. Durbano et al.
Table 17.2 Fortune 100 customer private cloud security features alignment with cloud security recommendations
No.
3 |
Do not implicitly trust the cloud or |
A hardware appliance is used to |
|
any instances in the cloud; every |
provide multiple security contexts |
|
interaction in the cloud demands |
and restrict communication between |
|
authorization and authentication |
tenants. |
9 |
Restrict console access (physical and |
Separate controls are provided to users |
|
virtual) to users with a defined |
to enable management (e.g., VM |
|
business need |
creation/deletion/sizing) that do not |
|
|
involve console access. |
10 |
Create new instances according to |
Templates are provided to users in |
|
defined, tested, and approved |
order to instantiate preconfigured |
|
specifications |
VMs. |
11 |
Execute applications across multiple |
Users are free to launch VMs across |
|
physical servers to improve reliability |
dozens of servers to support their |
|
|
high availability needs |
12 |
Provide centralized authentication and |
A centralized Active Directory service |
|
authorization services |
provides these services. |
15 |
Restrict data ingress/egress points in the |
All network traffic (i.e., user-entered |
|
cloud to mitigate the introduction of |
data) flows through the same |
|
malicious software and removal of |
firewall; only administrators can |
|
private data |
bypass this mechanism and access |
|
|
is tightly controlled. |
19 |
Audit resource utilization records to |
Every VM is monitored for resource |
|
detect suspicious activity |
“spikes” (e.g., memory, processor, |
|
|
network); triggers are configured to |
|
|
notify administrators. |
17.4.2 Public Cloud: Amazon.com
The next case study is Amazon Web Services (AWS) Elastic Compute Cloud (EC2). Amazon acknowledges that maintaining security and privacy in a cloud environment is more complex than when managing a single datacenter. Table 17.3 identifies 6 of our 20 security recommendations that Amazon has incorporated into their security model. Detailed security information for Amazon is beyond the scope of this chapter, and the interested reader is referred to [8].
17.5 Summary and Conclusion
Of the many obstacles to adopting the cloud model of delivery and consumption of computing resources, security ranks at the top of the list [1]. The lack of strong security controls can resonate through the cloud, opening all of the applications and services that are running across the cloud to exploitation.
17 |
Securing the Cloud |
301 |
Table 17.3 AWS security features alignment with cloud security recommendations |
||
|
|
|
No. |
Recommendation |
Amazon implementation |
3 |
Do not implicitly trust the cloud or |
Every AWS interaction requires a “signed” API |
|
any instances in the cloud; every |
call (see also recommendation no. 14). |
|
interaction in the cloud demands |
|
|
authorization and authentication |
|
6 Virtually “shred” retired instances and data when no longer needed
8 Utilize a single management, logging, and monitoring system capable of supporting the entire cloud
9 Restrict console access (physical and virtual) to users with a defined business need
12 Provide centralized authentication and authorization services
14 Digitally sign control messages within the cloud in order to prevent tampering and unauthorized use
When customer storage is no longer used, every block of data is automatically wiped. AWS also uses a proprietary disk virtualization layer to ensure customer data remains private when virtual disk blocks are returned to resource pool.
AWS utilizes bastion hosts for cloud management.
Administrative access, both physical and virtual, is strictly controlled according to legitimate business requirements. Those access privileges are immediately revoked when an employee no longer has a need for access. Each administrator is assigned unique cryptographically strong SSH keys. Access to bastion hosts is logged and audited on a regular basis.
AWS utilizes bastion hosts for cloud management.
Customers are issued a unique key. This key, or an authorized X.509 certificate, must be used to sign all Amazon EC2 API calls. Signing API calls ensures that control messages within the cloud are authorized and prevents tampering. API calls in transit are encrypted with SSL.
First and foremost, the cloud is a data center and therefore traditional data center protections should be applied. It is not necessary to “start over” with security in the cloud. Many of the existing protections can and should be applied to the cloud. However, there are a number of gaps in existing coverage because of the unique aspects of cloud computing. In this chapter, we identified a number of these gaps (as compared against the existing ISO 27002 security controls). From these gaps, we provided 20 recommendations to help alleviate security concerns.
This chapter was intended to serve as an introduction to some of the many issues surrounding security in the cloud. There are additional gaps against the ISO standard that were not discussed and many other security issues to consider. Fortunately, groups such as the Cloud Security Alliance are actively investigating these issues. Also, this chapter focused on the ISO controls, but similar analyses could be performed against other controls (e.g., NIST 800-53) and regulatory documents (e.g., SOX, GLBA) unique to communities of interest.
302 |
J.P. Durbano et al. |
There is certainly a tremendous amount of work remaining to “secure” the cloud. However, it is important to note that every new computing paradigm has brought with it unique security challenges. The Internet is an excellent example of this; certainly, allowing remote users and computers to access internal resources has proved incredibly challenging to protect. However, the Internet has changed how we do business, communicate, and live our lives. Therefore, the goal of security is to mitigate risk to an acceptable level. Business is centered on risk management and cloud computing will be treated as any other business decision. If the community can develop controls to address the issues outlined in this chapter, then businesses will move to the cloud for the benefits that it offers.
References
1.IDC Enterprise Panel (2009) http://cloudcomputing.sys-con.com/node/1048317. Accessed Aug 2009
2.Federal Information Security Management Act (2009) http://csrc.nist.gov/groups/SMA/fisma/ index.html. Accessed Aug 2009
3.Health Insurance Portability and Accountability Act of 1996 (2009) http://www.hhs.gov/ocr/ privacy/index.html. Accessed Aug 2009
4.Sarbanes–Oxley Act of 2002 (2009) http://en.wikipedia.org/wiki/Sarbanes-Oxley_Act. Accessed Aug 2009
5.Gramm–Leach–Bliley Act (2009) http://www.ftc.gov/privacy/privacyinitiatives/glbact.html. Accessed Aug 2009
6.Cloud Security Alliance (2009) http://www.cloudsecurityalliance.org. Accessed Aug 2009
7.ISO/IEC 17799:2005 Information Technology Security Techniques (2009) http://www.iso.org/ iso/support/faqs/faqs_widely_used_standards/widely_used_standards_other/information_ security.htm. Accessed Aug 2009
8.Amazon Web Services Security, Overview of Security Processes (2009) http://s3.amazonaws. com/aws_blog/AWS_Security_Whitepaper_2008_09.pdf. Accessed Dec 2009
Part IV
Cloud Feedback