Managing Data Security in Public, Hybrid and Private Clouds
The cloud provides convenient, on-demand network access to a centralized pool of configurable computing resources such as such as computing servers, storage, networks, services, and applications that can be rapidly deployed with great efficiency and minimal management overhead.
Although cloud computing presents tremendous benefits in terms cost and performance, security and privacy concerns remain the primary hindrance to its wide deployment for critical applications. Despite assurances by the Cloud Service Providers (CSPs) the concern about the security of the cloud remains.
Some companies have been planning hybrid clouds while others have decided to create their own private cloud in hope to avoid some of the securities issues with the public clouds. However, it should be obvious that neither private nor hybrid cloud implementation can solve all the security issues completely.
In this article, I briefly list the security issues that can help you in setting your own suitable cloud infrastructure and manage them with proper tools.
Cloud Deployment and Service Models
When analyzing the threats to the cloud we can analyze these threats on the basis of deployment, service models and issues related to networks.
A. Threat Analysis Using Cloud Deployment Models
The cloud deployment model is classified as Private, Public and Hybrid Cloud.
A Public Cloud is what most people have in mind when they think of cloud computing. It is offered by a Cloud Service Provider (CSP), who typically uses a “pay as you go” or “metered service” model. The private cloud on the other hand is architected, and controlled by a particular enterprise. Private cloud is hosted inside the organization’s firewall. It can be accessed by users within the organization via intranet. Hybrid Cloud is a combination of two to avoid the outsourcing of computing, data and network resources entirely to the public cloud.
Regardless of deployment model, the cloud systems need to be architected to deal with the following security challenges:
- VM Instance Cloning and Resource Pooling: In both private and public cloud, Virtual Machines (VMs) can be quickly cloned and new instances of compute resources can be created as required either by console or using a programmable API. VMs can be copied and seamlessly moved across multiple physical servers. Thus, any o/s or application vulnerabilities, and configuration errors of one VM can quickly spread to other VMs. Also, because of the speed at which instances can be created and destroyed, it is difficult to maintain an auditable record of security levels of a VM at any given instant of time. This can hinder any mandatory compliance verifications.
- Mobility of Data and Data Residuals: For making the best use of physical resources, the cloud software may move the data from one physical resource to another without the end user even knowing about it. As a result the enterprise would not know the exact location where data is stored in the cloud. With this frequent data movement, the residuals of data may be left behind on servers or disks which may be accessed by unauthorized users.
Also, once data is in the public cloud, you don’t have any idea who is seeing it especially if it is without encryption. Encrypting the entire data set also has its own issues (performance, key management, search etc.) that we discuss later.
- Elastic Perimeter of the Cloud: Cloud infrastructure, whether public, private or hybrid, creates an elastic perimeter for the infrastructure elements in which data and applications may be moved across many servers and different department and users. This increases chances of data leakage and theft. Various departments and users throughout the organization would need access to the same infrastructure and the cloud management tools may not be able to provide the necessary segregation between users.
- Unencrypted Shared Data: Any data that is shared and accessible to outside users is at the risk. Data encryption can provide data security however puts a severe performance bottlenecks on the system. Besides searching through encrypted data is difficult without special search tools.
Furthermore, the key management in a data that is shared by a large set of users is a complex challenge. If a cloud system does not support policy oriented key management with identity based and integrity based server validation, unauthorized users may gain access to the encryption keys, and thus the data even with encryption.
Researchers have shown that if a multi-tenant cloud service database isn’t designed properly, a single flaw in one client’s application could allow an attacker to get at not just that client’s data, but every other client’s data as well.
- Multi-Tenant Data Leakage: The cloud security risks discussed above apply to both private and the public clouds. However, multi-tenant architecture of the public cloud raises additional security risks as to who can see a business’s data or who may be attaching to their storage volumes. Since you have no idea who else is sharing the physical server, you can never be sure if your VM instance is not under attack from the other owner of a VM instance.
Researchers have shown that you can initiate inter VM attacks using cross channel data inference techniques, and even hypervisors are not immune to penetration by attackers.
- Authentication and Identity Management: Identity management helps in authenticating the users through their credentials. In many application scenarios, such as those in enterprises or organizations, users’ access to data is usually selective and highly differentiated. Different users enjoy different access privileges with regard to the data.
When data are outsourced to the cloud, enforcing secure, efficient, and reliable data access among a large number of users is thus critical. Traditionally, to control the dissemination of privacy-sensitive data, users establish a trusted server to store data locally in clear, and then control that server to check whether requesting users present proper certification before letting them access the data.
From a security standpoint, this access control architecture is no longer applicable when we outsource data to the public cloud. Because data users and cloud servers aren’t in the same trusted domain, the server might no longer be fully trusted as an omniscient reference monitor for defining and enforcing access control policies and managing user details. In the event of either server compromise or potential insider attacks, users’ private data might even be exposed.
- Loss of Data Due to Poor Cloud Management Practices: The prospect of seeing your valuable data disappear into the ether without a trace is daunting. A malicious hacker might delete a target’s data out of spite — but then, you could lose your data to a careless cloud service provider or a disaster, such as a fire, flood, or earthquake. Compounding the challenge, encrypting your data to ward off theft can backfire if you lose your encryption key.
B. Threat Analysis Using Service Models
Cloud Services are classified as Software as a Service (SaaS), Platform as a Service (PaaS) and Infrastructure as a Service (IaaS). The users of SaaS have to rely heavily on the cloud provider for security purposes without any assurance to the data protection of users. In PaaS, the cloud providers offer some controls to the users building applications on their platform, without ensuring them the threats with network or intrusion prevention. While with IaaS, the developers have a better control over the application.
Using the service models as the basis, the threats can be listed as:
- Data Leakage, Duplication & Integrity Verifications: When the data is in a cloud then it will be required to be backed up either by the owner of data, or the service provider. If the data is duplicated and backed up by the CSP, it may be stored in unsafe locations; it may not be properly encrypted or many unauthorized copies may be made. This all can lead to data leakage and theft by unauthorized persons.
- Malicious Attacks on Cloud Instances: When you use a public infrastructure, you put an implicit faith in the CSP. If a CSP does not follow a proper security practices and processes then malicious users may gain access to confidential data and thus leading to data breaches.
- Data Backup and Storage: The cloud vendor must ensure that regular backup of data is implemented using good security practices. But this backup data is generally found in unencrypted form leading to misuse of the data by unauthorized parties. Thus data backups lead to various security threats that we discussed earlier.
- Hypervisor and Multi-Tenant Resource Control: CSP vendors deliver their cloud services in a scalable way using shared infrastructure. In a shared multi-tenant model, a virtualization hypervisor intercede the access between guest operating systems and the physical compute resources. Researchers have shown some hypervisors have exhibited flaws that have permitted guest operating systems to expand inappropriate levels of control or authority on the underlying platform. This can lead to all kinds of security threats such as data theft, denial of service attacks etc.
- Service or Session Hijacking: Any web application is vulnerable to session high jacking. So if an internal application is put on external cloud, then the system opens itself to all the security issues related to the web applications. Also, if the keys are not managed well then the access to the cloud can be compromised.
- VM Hopping: A VM hopping refers to when an attacker on one VM gains rights to use another victim VM. The attacker can check the victim VM’s resource procedure, alter its configurations and can even delete stored data, thus, putting it in danger the VM’s confidentiality, integrity, and availability. A requirement for this attack is that the two VMs must be operating on the same host, and the attacker must recognize the victim VM’s IP address. Researchers have shown that an attacker can get hold of or decide the IP address using benchmark customer capabilities on the basis of various tricks and combinational inputs to fetch user’s IP.
- VM Mobility: The contents of VM virtual disks are saved as files such that VMs can be copied from one host to another host over the system or via moveable storage devices with no physically pilfering a hard drive. VM mobility offers quick and rapid deployment of an instance but also causes security issues in terms of access management, application auditing and configuration management. A security and configuration vulnerability quickly spreads to all other instances. This can lead to man in the middle attacks.
- VM Denial of Service: Virtualization lets numerous VMs split physical resources like CPU, network bandwidth and memory or disk. A Denial-of-Service or DoS attack in a cloud takes place when one VM occupies all the obtainable physical resources such that the hypervisor cannot hold up more VMs and accessibility is endangered. A good hypervisor will generally allocate the resources and set limits, but a compromised or faulty hypervisor can open the backdoor.
- Trust on CSP Service Metering: , CSPs charge users according to the resources they consume. For example, the Amazon Elastic Compute Cloud (EC2) charges users based on the time that their specified EC2 instances are in a running state besides many other billing parameters, while Google AppEngine charges on the basis of how many CPU cycles a user application However, because users might have little or no visibility into the cloud infrastructure, they’re often unable to directly connect their actual cloud resource consumption and the usage charges.
Many shared resources, such as memory, I/O, and network bandwidth, can’t be perfectly isolated. Consequently, CSPs might incorrectly bill a user for services that they never used due to problems caused by software bugs or network congestion caused by other users. This can result in the financial risks.
C. Network Issues in Cloud Computing
The cloud services are accesses using a network based infrastructure. Hence, security issues with network on cloud are no different than the need to protect a dedicated data center.
However, in a public or even in hybrid cloud implementation, an end user or an enterprise does not necessarily have visibility or control how the cloud data centers are managed or protected. The cloud data center may be vulnerable to poor physical access control.
Similarly, all cloud installations are vulnerable to many threats and risks such as cloud malware injection attack, browser security issues, flooding attacks, locks-in to a particular cloud provider, incomplete data deletion, data protection and XML signature element wrapping etc.
Due to lack of space, we will not discuss the above in details.
Planning For Security Management in Cloud Computing
Given the large number of threats, it will be highly advisable to deploy proper security tools and processes. At the minimum it is advisable to deploy some cloud file Integrity management (FIM) tool and your own Cloud Based Backup System. A FIM software checks for additions, modifications, or deletions of sensitive files or other stored data. FIM can inform business stakeholders of unauthorized system or application access and indicate the potential presence of malware or other malicious activity.
An integrity management tool should include:
- On demand or scheduled detection and validation of integrity of critical operating system and application files (files, directories, registry keys, and values etc.)
- Extensive file property checking, including access and security attributes for PCI compliance
- Directory level monitoring of file access controls
- Auditable reports of system access and operations
Putting it All Together
I have shown that security and privacy is a major obstacle to the wider adaption of cloud technologies in many enterprises.
By understanding the threats and then using proper tools to manage them security risk will let you benefit with the promise of cloud technologies.
If you need more information, feel free to contact for individual consultation.