Introduction Cloud computing is one of the next significant stage in the Internet’s evolution, providing the means through which everything – from computing power to computing infrastructure, applications, business processes to personal collaboration – can be delivered to you as a service wherever and whenever you need. The “cloud” in cloud computing can be defined as the set of hardware, networks, storage, services, and interfaces that combine to deliver aspects of computing as a service. Cloud service models are based on three categories; Infrastructure as a Service (IaaS), Platform as a Service (PaaS) and Software as a Service (SaaS). Consumer Cloud Computing services has been well established ever since mainstream Internet. Well known examples are WebMail services and social networking platforms. However the adoption of Cloud Computing within the Enterprise sector has been slow. This slow uptake in Cloud services that promises so much has been primarily influenced by the numerous security risks, concerns and challenges posed within such an environment. Governance, Risk and Compliance factors of Cloud Services need to be fully assessed and evaluated by organizations to provide informed judgments. Data and Information lifecycle, source and origination, transfer, destination, validation and deletion all need to be understood. Transborder data flow across countries with different cyber law jurisdictions need to be carefully considered and any sensitive information leakage resulting in litigation requires the involvement of cyber law legal teams. Periodic rights for 3rd party audit clause, frequent reporting mechanisms of security violations and a clearly defined service level agreement between an organization and the Cloud Service Provider needs to be developed. With Cloud providers utilizing shared pool of resources, virtualization and isolation; capabilities need to be questioned along with identity access control and management frameworks. Encryption key lifecycle of virtualized environments, portability of information if your organization decides to move to another Cloud provider are just some critical factors to consider. This whitepaper introduces a holistic security approach to Cloud Computing and equips CIO’s and information security executives to understand the key security drivers, requirements, risks and challenges they are likely to face when considering moving enterprise infrastructure, platform and services to the cloud. Content The whitepaper will address the following topics that are fundamental to any successful migration to the cloud. Assisting your organization to make an informed decision and judgment through due care and diligence; the topics will also provide sufficient information to challenge the requirements to have information security built-in and not bolted-on within the cloud environment whilst understanding and raising security awareness to your organizational cross-functional teams. Cloud Service Models – SaaS, PaaS and IaaS Cloud Computing Risk Management Compliance and Audit Control in Cloud Computing environments Information Lifecycle Management in the Cloud Data Portability and Interoperability between Cloud providers Virtualization and Multi-Tenancy environments Application and Hypervisor Security Encryption and Key Management Identity and Access Management Cloud Ready Data Center Operations and Disaster Recovery Planning Cloud Service Model The typical characteristics of any cloud computing environment is based on multiple concepts; rapid provisioning of services, agility of infrastructure, elasticity of computing resources based on demand, high level of scalability, modularity and performance, multi-tenancy through virtualization and compartmentalization and dynamic security. With such ground-breaking definitions that are typically not found in traditional enterprise architectures a shift in the way we think needs to be observed. Cloud computing provides enterprise IT economies of scale; through effective and efficient utilization of a shared pool of resources to perform IT functions; offloading complementary IT functions to a cloud service provider freeing up IT personnel to focus on business critical activities; reducing operational expenditure to manage, maintain and support the IT infrastructure are just a few examples. The Cloud Computing Service Model is based on three primary tenants – Infrastructure as a Service (IaaS), Platform as a Service (PaaS) and Software as a Service (SaaS). All IT functions such as applications, networking, security, storage and software work in tandem to provide users with a service based on the client-server model. This exact model of client- server can be delivered through sharing Infrastructure, Platform and Service that is user transparent. Infrastructure as a Service - The capability provided to the consumer is to provision processing, storage, networks, and other fundamental computing resources where the consumer is able to deploy and run arbitrary software, which can include operating systems and applications. The consumer does not manage or control the underlying cloud infrastructure but has control over operating systems, storage, deployed applications, and possibly limited control of select networking components (e.g., host firewalls). Platform as a Service - The capability provided to the consumer is to deploy onto the cloud infrastructure consumer-created or acquired applications created using programming languages and tools supported by the provider. The consumer does not manage or control the underlying cloud infrastructure including network, servers, operating systems, or storage, but has control over the deployed applications and possibly application hosting environment configurations.
8
Embed
Introduction - DTS Solution · Introduction delivered to you as a service wherever and whenever you need. ... security violations and a clearly defined service level agreement between
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Introduction Cloud computing is one of the next
significant stage in the Internet’s evolution, providing the means through
which everything – from computing power to computing infrastructure,
applications, business processes to personal collaboration – can be
delivered to you as a service wherever and whenever you need.
The “cloud” in cloud computing can be defined as the set of hardware,
networks, storage, services, and interfaces that combine to deliver aspects
of computing as a service. Cloud service models are based on three
categories; Infrastructure as a Service (IaaS), Platform as a Service (PaaS)
and Software as a Service (SaaS).
Consumer Cloud Computing services has been well established ever since
mainstream Internet. Well known examples are WebMail services and social
networking platforms. However the adoption of Cloud Computing within the
Enterprise sector has been slow. This slow uptake in Cloud services that
promises so much has been primarily influenced by the numerous security
risks, concerns and challenges posed within such an environment.
Governance, Risk and Compliance factors of Cloud Services need to be
fully assessed and evaluated by organizations to provide informed
judgments. Data and Information lifecycle, source and origination, transfer,
destination, validation and deletion all need to be understood.
Transborder data flow across countries with different cyber law jurisdictions
need to be carefully considered and any sensitive information leakage
resulting in litigation requires the involvement of cyber law legal teams.
Periodic rights for 3rd party audit clause, frequent reporting mechanisms of
security violations and a clearly defined service level agreement between an
organization and the Cloud Service Provider needs to be developed.
With Cloud providers utilizing shared pool of resources, virtualization and
isolation; capabilities need to be questioned along with identity access
control and management frameworks. Encryption key lifecycle of virtualized
environments, portability of information if your organization decides to move
to another Cloud provider are just some critical factors to consider.
This whitepaper introduces a holistic security approach to Cloud Computing
and equips CIO’s and information security executives to understand the key
security drivers, requirements, risks and challenges they are likely to face
when considering moving enterprise infrastructure, platform and services to
the cloud.
Content The whitepaper will address the following topics that
are fundamental to any successful migration to the cloud. Assisting your
organization to make an informed decision and judgment through due care
and diligence; the topics will also provide sufficient information to challenge
the requirements to have information security built-in and not bolted-on
within the cloud environment whilst understanding and raising security
awareness to your organizational cross-functional teams.
Cloud Service Models – SaaS, PaaS and IaaS
Cloud Computing Risk Management
Compliance and Audit Control in Cloud Computing environments
Information Lifecycle Management in the Cloud
Data Portability and Interoperability between Cloud providers
Virtualization and Multi-Tenancy environments
Application and Hypervisor Security
Encryption and Key Management
Identity and Access Management
Cloud Ready Data Center Operations and Disaster Recovery Planning
Cloud Service Model The typical
characteristics of any cloud computing environment is based on multiple
concepts; rapid provisioning of services, agility of infrastructure, elasticity of
computing resources based on demand, high level of scalability, modularity
and performance, multi-tenancy through virtualization and
compartmentalization and dynamic security.
With such ground-breaking definitions that are typically not found in
traditional enterprise architectures a shift in the way we think needs to be
observed. Cloud computing provides enterprise IT economies of scale;
through effective and efficient utilization of a shared pool of resources to
perform IT functions; offloading complementary IT functions to a cloud
service provider freeing up IT personnel to focus on business critical
activities; reducing operational expenditure to manage, maintain and support
the IT infrastructure are just a few examples.
The Cloud Computing Service Model is based on three primary tenants –
Infrastructure as a Service (IaaS), Platform as a Service (PaaS) and
Software as a Service (SaaS). All IT functions such as applications,
networking, security, storage and software work in tandem to provide users
with a service based on the client-server model. This exact model of client-
server can be delivered through sharing Infrastructure, Platform and Service
that is user transparent.
Infrastructure as a Service - The capability provided
to the consumer is to provision processing, storage, networks, and other
fundamental computing resources where the consumer is able to deploy and
run arbitrary software, which can include operating systems and
applications. The consumer does not manage or control the underlying
cloud infrastructure but has control over operating systems, storage,
deployed applications, and possibly limited control of select networking
components (e.g., host firewalls).
Platform as a Service - The capability provided to the
consumer is to deploy onto the cloud infrastructure consumer-created or
acquired applications created using programming languages and tools
supported by the provider. The consumer does not manage or control the
underlying cloud infrastructure including network, servers, operating
systems, or storage, but has control over the deployed applications and
Software as a Service - The capability provided to the
consumer is to use the provider’s applications running on a cloud
infrastructure. The applications are accessible from various client devices
through a thin client interface such as a web browser (e.g., web-based
email). The consumer does not manage or control the underlying cloud
infrastructure including network, servers, operating systems, storage, or
even individual application capabilities, with the possible exception of limited
user-specific application configuration settings.
Deployment Models - there are four deployment models
for cloud services, with derivative variations that address specific
requirements:
Public Cloud. The cloud infrastructure is made available to the general
public or a large industry group and is owned by an organization selling
cloud services.
Private Cloud. The cloud infrastructure is operated solely for a single
organization. It may be managed by the organization or a third party, and
may exist on-premises or off- premises.
Community Cloud. The cloud infrastructure is shared by several
organizations and supports a specific community that has shared concerns
(e.g., mission, security requirements, policy, or compliance considerations).
It may be managed by the organizations or a third party and may exist on-
premises or off-premises.
Hybrid Cloud. The cloud infrastructure is a composition of two or more
clouds (private, community, or public) that remain unique entities but are
bound together by standardized or proprietary technology that enables data
and application portability (e.g., cloud bursting for load-balancing between
clouds).
Cloud Computing Risk
Management Framework – Numerous Information Security standards and compliance frameworks have
been well established and matured over the last decade – ISO27002 ISMS,
PCI-DSS, HIPAA, SOX to name a few. Such industry standards have played
a vital role in providing organizations and security professionals the ability to
measure security in the context of business risk; as the awareness,
importance and requirements for securing information assets gain more
traction the industry is set to face key challenges when it comes to securing
information assets for the cloud.
Standardized information security framework specifically for cloud
computing does not exist given the uniqueness in how cloud computing
operates; ENISA (European Network and Information Security Agency) have
developed a Cloud Computing Risk Assessment strategy however global
adoption and acceptance has indeed been difficult. Security professionals
will undoubtedly face complexities and challenges when it comes to
addressing key security requirements for cloud computing. Enterprise IT
Risk Management Framework not only needs to be applied in the context of
the cloud but numerous other considerations need to be assessed,
evaluated and deployed. Managing risk appetite when the information
resides out of your organizations control can be problematic and it is
imperative Security Services Level Agreements are well defined beforehand
with the cloud provider.
As a common step towards managing information security risk in the cloud -
the following focus areas of risk management should be at the forefront
when considering cloud deployment;
Identifying the asset for cloud deployment – requirements to move to
the cloud.
Evaluate the asset and measure both the technical and business
risks associated with the asset.
Correlate the asset to the type of cloud service and deployment
model.
Identify the potential data flow.
Develop audit controls that can be delivered to you as a self-service
or on-demand by the cloud provider.
Validate information lifecycle for the asset – data encryption and
decryption, data residency, retention and deletion.
Consistency of authorized use of asset by users between existing in-
house and proposed cloud provider services.
Ensure no lock-in clause for cloud provider and ability for asset to be
portable between cloud providers.
Data protection from leakage, data residency and malicious cloud
provider administrator.
Legal risk and transborder data flow across countries with differing
legal jurisdictions.
Security Services Level Agreement with cloud provider clearly
defined with financial penalty clauses for any violations.
Compliance and Audit Control
in Cloud Computing
environments – Managing and maintaining
compliance status within your environment is by far simpler and sustainable
than ensuring compliance is met in cloud environments. When
Infrastructure / Platforms and Services are under the control of the
organization, ensuring compliancy through governance is pretty
straightforward; roles and responsibilities are clearly defined, compliance
controls are designed and implemented with management approval whilst
audit of compliance status can easily be tracked and measured. The
moment services are migrated to the cloud an organization effectively loses
control on how compliance is implemented and maintained and is handed
over to the cloud service provider. As part of any compliance requirement a
gap analysis must be undertaken to identify how regulatory, legislative and
industry compliance can be designed and implemented from day one. It is
imperative that any compliance requirements you are obliged to adhere to
are validated and certified before migrating to the cloud.
Of the many regulations touching upon information technology with which organizations must comply, few were written with Cloud Computing in mind. Auditors and assessors may not be familiar with Cloud Computing generally or with a given cloud service in particular. That being the case, it falls upon the cloud customer to understand: Regulatory applicability for the use of a given cloud service
Division of compliance responsibilities between cloud provider and cloud customer
Cloud provider’s ability to produce evidence needed for compliance on demand
Cloud customer’s role in bridging the gap between cloud provider and auditor/assessor
The following recommendations should be carefully considered when applying compliance and audit
control processes within a cloud environment;
Right to Audit Clause – the cloud customer should reserve the right to request on demand
audit of the services the customer is subscribed to
Thorough legal and contractual agreements and terms that addresses compliance needs
Analysis on the compliance scope; determining that the compliance regulations the
organization is subject to will not be impacted by the use of the cloud services
Impact of regulatory compliance for data security and if the data that will move to the cloud is
subject to compliance requirements
Review cloud service provider partners – in certain cases the cloud service provide may sub-
contract partial functions to another party i.e. data processing
Ability to provide on demand evidence of compliance and how each compliance requirement
is being met
Information Lifecycle Management in the
Cloud – One of the primary goals of information security is to protect the fundamental data
that powers our systems and applications. As we transition to Cloud Computing, our traditional
methods of securing data are challenged by cloud-based architectures. Elasticity, multi-tenancy, new
physical and logical architectures, and abstracted controls require new data security strategies. With
many cloud deployments we are also transferring data to external — or even public — environments,
in ways that would have been unthinkable only a few years ago. Key challenges regarding data
lifecycle security in the cloud include the following:
Data security. Confidentiality, Integrity, Availability, Authenticity, Authorization, Authentication, and
Non-Repudiation.
Location of the data. There must be assurance that the data, including all of its copies and back-
ups, is stored only in geographic locations permitted by contract, SLA, and/or regulation. For
instance, use of “compliant storage” as mandated by the European Union for storing electronic health
records can be an added challenge to the data owner and cloud service provider.
Data remanance or persistence. Data must be effectively and completely removed to be deemed
‘destroyed.’ Therefore, techniques for completely and effectively locating data in the cloud,
erasing/destroying data, and assuring the data has been completely removed or rendered
unrecoverable must be available and used when required.
Commingling data with other cloud customers. Data – especially classified / sensitive data – must not
be commingled with other customer data without compensating controls while in use, storage, or transit.
Mixing or commingling the data will be a challenge when concerns are raised about data security and
geo-location.
Data backup and recovery schemes for recovery and restoration. Data must be available and data
backup and recovery schemes for the cloud must be in place and effective in order to prevent data loss,
unwanted data overwrite, and destruction. Don’t assume cloud-based data is backed up and recoverable.
Data discovery. As the legal system continues to focus on electronic discovery, cloud service providers
and data owners will need to focus on discovering data and assuring legal and regulatory authorities that
all data requested has been retrieved. In a cloud environment that question is extremely difficult to
answer and will require administrative, technical and legal controls when required.
Data aggregation and inference. With data in the cloud, there are added concerns of data aggregation
and inference that could result in breaching the confidentiality of sensitive and confidential information.
Hence practices must be in play to assure the data owner and data stakeholders that the data is still
protected from subtle “breach” when data is commingled and/or aggregated, thus reveal ing protected
information (e.g. medical records containing names and medical information mixed with anonymous data
but containing the same “crossover field”).
The Data Security Lifecycle is different from Information Lifecycle Management, reflecting the different
needs of the security audience. The Data Security Lifecycle consists of six phases and careful
consideration should be taken for data residing in the cloud;
CREATE – classify and assign rights to data, data labeling techniques, digital rights management
and watermarking, user tagging to classify data.
STORE – data access control based on need to know based on DBMS and document
management system, data encryption and decryption to authorized users, content discovery tool
such as data loss prevention.
USE – use of activity monitoring and enforcement using log files, rights management and logical
controls using DBMS solutions, data owner notification on change of status.
SHARE – use of encryption for transit information and signed documents, activity monitoring for
shared information, maintaining integrity for transit data.
ARCHIVE – data residency monitoring within storage environments, asset management and
tracking and encryption on backup archived information and for data at rest. Data archived should
only be retrieved by data owner.
DESTROY – removal and secure deletion of information by authorized personnel, validate
deletion with content discovery, crypto-shredding and content construction should not be possible.
Data Portability and Interoperability
between Cloud Providers – The Cloud brings new opportunities for
enterprises to develop and deploy efficient and compelling services, unlock the potential of the public and
private domain data, as well as reduce costs for ICT services. Even for a new technology like Cloud,
however, interoperability and portability is a key topic of discussion for policy makers, both as a tool to
reduce integration costs, as well as to reduce dependence on large ICT vendors.
While systems interoperability becomes the primary domain of the cloud service provider, issues around
data interoperability still remain important, and perhaps even critical, as enterprise data becomes
increasingly contained with the systems provided through the cloud service provider. Many public cloud
networks are configured as closed systems that do not interact with each other. This lack of integration
makes it difficult for organizations to consolidate their IT systems in the cloud in order to realize
productivity gains and cost savings. The issue of cloud portability is important to any enterprise, as they
want to ensure that customers can switch cloud service providers without unreasonable switching costs.
Inevitably when a customer changes the cloud service provider, it is reasonable to assume that there will
be a certain amount of switching costs. However, from a cloud portability perspective, it also becomes
critical that data is sharable between cloud providers, since without the ability to port data, it would
become simply impossible to switch cloud service providers at all.
Policies need to be crafted around data interoperability related issues to ensure that data interchange
between cloud services is un-hindered, as most enterprise users will likely use heterogeneous cloud
service providers for their needs. Policy makers will have to focus on data ownership and control issues
to ensure that they continue to control the destiny of their own data.
To achieve the economies of scale that will make cloud computing successful, common platforms are
needed to ensure users can easily navigate between services and applications regardless of where
they’re coming from, and enable organizations to more cost-effectively transition their IT systems to a
services-oriented model. IT personnel want the same types of control they have in the data center in the
cloud. When you push data out to the cloud, you outsource availability and security to the cloud vendor
which is considered a major weakness.
Virtualization and Multi-Tenancy
Environments – The ability to provide multi-tenant cloud services at the
infrastructure, platform, or software level is often underpinned by the ability to provide some form of
virtualization to create economic scale – utilization of a shared pool of resources to host multiple tenants.
However, use of these technologies brings additional security concerns. While there are several forms of
virtualization, by far the most common is the virtualized operating system known as Virtual Machines. If
Virtual Machine (VM) technology is being used in the infrastructure of the cloud services, then you must
be concerned about compartmentalization, isolation and hardening of those VM systems.
The reality of current practices related to management of virtual operating systems is that many of the
processes that provide security-by-default are missing, and special attention must be paid to replacing
them. The core virtualization technology itself introduces new attack surfaces in the hypervisor and other
management components, but more important is the severe impact virtualization has on network
security. Virtual machines now communicate over a hardware backplane, rather than a network. As a
result, standard network security controls are blind to this traffic and cannot perform monitoring or in-line
blocking. These controls need to take a new form to function in the virtual environment.
Interference and commingling of data in centralized services and repositories is another concern. A
centralized database as provided by a Cloud Computing service should in theory improve security over
data distributed over a vast number and mixture of endpoints. However this is also centralizing risk,
increasing the consequences of a breach.
Another concern is the commingling of VMs of different sensitivities and security. In Cloud Computing
environments, the lowest common denominator of security will be shared by all tenants in the multi-
tenant virtual environment unless new security architecture can be achieved that does not “wire in” any
network dependency for protection.
Virtualization technology has been around for many years and many enterprises already have some form
of virtualization deployed within their internal data centers; however compare that with a cloud service
provider that requires providing virtualization in a multi-tenancy environment the security risks inevitably
increase.
Application and Hypervisor Security – Cloud
environments by virtue of their flexibility, openness, and often public availability challenge many
fundamental assumptions about application security. Some of these assumptions are well understood;
however many are not. Cloud Computing influences security over the lifetime of an application in many
ways — from design to operations to ultimate decommissioning.
It is important that all stakeholders including application designers, security professionals, operations
personnel, and technical management understand on how to best mitigate risk and manage assurance
within Cloud Computing applications. Cloud Computing is a particular challenge for applications across
the layers of Software as a Service (SaaS), Platform as a Service (PaaS) and Infrastructure as a Service
(IaaS). Cloud-based software applications require a design rigor similar to applications residing in a
classic DMZ. This includes a deep up-front analysis covering all the traditional aspects of managing
information confidentiality, integrity, and availability.
Applications in cloud environments will both impact and be impacted by the following major aspects;
Application Security Architecture – Consideration must be given to the reality that most
applications have dependencies on various other systems. With Cloud Computing, application
dependencies can be highly dynamic, even to the point where each dependency represents a
discrete third party service provider. Cloud characteristics make configuration management and
ongoing provisioning significantly more complex than with traditional application deployment. The
environment drives the need for architectural modifications to assure application security.
Compliance – Compliance clearly affects data, but it also influences applications (for example,
regulating how a program implements a particular cryptographic function), platforms (perhaps by
prescribing operating system controls and settings) and processes (such as reporting
requirements for security incidents).
Vulnerabilities – These include not only the well-documented—and continuously evolving—
vulnerabilities associated with web apps, but also vulnerabilities associated with machine-to-
machine Service-Oriented Architecture (SOA) applications, which are increasingly being deployed
into the cloud.
Tools and Services – Cloud computing introduces a number of new challenges around the tools
and services required to build and maintain running applications. These include application
management utilities, the coupling to external services, and dependencies on libraries and
operating system services, which may originate from cloud providers. Understanding the
ramifications of who provides, owns, operates, and assumes responsibility for each of these is
fundamental.
Hypervisor security is the process of ensuring the hypervisor, the software that enables virtualization, is
secure throughout its life cycle, including during development, implementation, provisioning,
management and de-provisioning. The hypervisor which enables virtualization and the use of VM is a
critical component for securing VM assets in the cloud. The hypervisor is the central software that
enables VM-to-VM communication and VM to external entity communication and therefore the most
critical component in providing security.
VM-to-VM communication does not traverse the network infrastructure and remains inside the physical
server and therefore traditional network security firewalls cannot be deployed for traffic inspection. It is
important to give consideration to hypervisor security in the form of a security virtual appliance. A virtual
firewall that operates at the hypervisor level provides security between VM-to-VM and increasing visibility
between the communication of authorized VM’s without such mechanisms in place you are likely to be
susceptible to blind attacks.
A common hypervisor security deployment is illustrated in the diagram where the virtualGW product from
Juniper Networks is providing security to the individual VM’s. Security and compliance concerns are first-
order priorities for virtualized data center and cloud deployments. vGW Virtual Gateway is a
comprehensive security solution for virtualized data centers and clouds that is capable of monitoring and
protecting virtualized environments while maintaining the highest levels of VM host capacity and
performance. vGW includes a high-performance hypervisor-based stateful firewall, integrated intrusion
detection (IDS), and virtualization-specific antivirus (AV) protection.
Encryption and Key Management – Cloud users and
providers need to protect against data loss, leakage and theft. Encryption of personal and enterprise data
is widely used and in some cases mandated by laws and regulations around the world. Cloud customers
want the same level of data encryption services for data at rest and in motion and want their providers to
encrypt their data to ensure that it is protected no matter where the data is physically located. Likewise,
the cloud provider needs to protect its customers’ sensitive data to avoid embarrassment and protect its
own integrity.
Strong encryption with key management is one of the core mechanisms that Cloud Computing systems
should use to protect data. While encryption itself doesn’t necessarily prevent data loss, safe harbor
provisions in laws and regulations treat lost encrypted data as not lost at all. The encryption provides
resource protection while key management enables access to protected resources.
One common question that often comes up during cloud computing discussions is where the enterprise
data stored. Data sovereignty raises issues for businesses adopting cloud computing for sensitive data.
Cloud service providers often store customer data in various geographical locations to ensure scalability,
efficiency and resiliency; often on a common platform that is shared by multiple tenants. Your data may
not reside within the same country as your business, and privacy laws and jurisdictions may vary
dramatically between countries and regions.
When moving applications to the cloud, you want to understand not only where your users reside, but
also where the data resides in the cloud application – if not precisely, at least in which legal jurisdictions.
Yet this information can be difficult to determine, as data is constantly in motion in the cloud.
Cloud environments are shared with many tenants, and service providers have privileged access to the
data in those environments. Thus confidential data hosted in a cloud must be protected using a
combination of access control, contractual liability and encryption. Of these, encryption offers the benefits
of minimum reliance on the cloud service provider and lack of dependence on detection of operational
failures.
Encrypting data in transit over networks. There is the utmost need to encrypt multi-use credentials,
such as credit card numbers, passwords, and private keys, in transit over the Internet. Although cloud
provider networks may be more secure than the open Internet, they are by their very architecture made
up of many disparate components, and disparate organizations share the cloud. Therefore it is important
to protect this sensitive and regulated information in transit even within the cloud provider’s network.
Typically this can be implemented with equal ease in SaaS, PaaS, and IaaS environments.
Encrypting data at rest. Encrypting data on disk or in a live production database has value, as it can
protect against a malicious cloud service provider or a malicious co-tenant as well as against some types
of application abuse. For long-term archival storage, some customers encrypt their own data and then
send it as ciphertext to a cloud data storage vendor. The customer then controls and holds the
cryptographic keys and decrypts the data, if necessary, back on their own premises. Encrypting data at
rest is common within IaaS environments, using a variety of provider and third party tools. Encrypting
data at rest within PaaS environments is generally more complex, requiring instrumentation of provider
offerings or special customization. Encrypting data at rest within SaaS environments is a feature cloud
customers cannot implement directly, and need to request from their providers.
Encrypting data on backup media. This can protect against misuse of lost or stolen media. Ideally, the
cloud service provider implements it transparently. However, as a customer and provider of data, it is
your responsibility to verify that such encryption takes place. One consideration for the encryption
infrastructure is dealing with the longevity of the data.
Encrypting data on backup media. This can protect against misuse of lost or stolen media. Ideally, the
cloud service provider implements it transparently. However, as a customer and provider of data, it is
your responsibility to verify that such encryption takes place. One consideration for the encryption
infrastructure is dealing with the longevity of the data.
Emerging technologies that provide a complete encryption using standardized encryptions algorithms
and key management lifecycle have seen significant growth. One emerging technology known as
tokenization provides the enterprise customer of the cloud provider the ability to store, retrieve and
delete data based on the keys that the enterprise holds. No other co-tenant or the cloud service provider
for that matter has access to that data. Any store, retrieve and delete process of the residence data can
only be encrypted and decrypted by keys that are owned by the enterprise customer. Tokenization
techniques are now being adopted by PCI-DSS compliance standards for the payment card industry.
Tokenization & Data Residency - Tokenization is the process of substituting original
(sensitive) data with randomly generated alphanumeric values (tokens). While structurally similar to the
original data, these tokens have no mathematic relationship with the original data. The mapping between
the original data and tokens is stored in a secure token database, and access to this database is required
to reverse the process and retrieve the original data. By retaining original data within the concerned
jurisdiction and storing tokens in cloud applications, data residency challenges can be eliminated.
Tokenization Eliminates Cloud Data Residency Challenges - Tokenization
technology allows customers to replace sensitive information with anonymous values (tokens) that
respect field formatting, and preserve all native features and functionality of compatible cloud solutions,
such as searching, sorting, and reporting. The token database that stores sensitive information can either
be placed behind the enterprise firewall or with a trusted hosting provider in the customers’ jurisdiction.
Additional key characteristics include:
Rapid configuration and deployment
High-performance architecture with ultra-low latency
Support for multiple load-balancing and high-availability deployment topologies to address global
customer needs
Subscription based pricing that eliminates up-front capital expenditure
Centralized logging and auditing of user activities in the cloud
Extensible architecture for cross-platform tokenization
Federated Identity and Access
Management in the Cloud- Managing identities of users and
access control for enterprise applications remains one of the greatest challenges facing IT today. While
an enterprise may be able to leverage several Cloud Computing services without a good identity and
access management strategy, in the long run extending an organization’s identity services into the cloud
is a necessary precursor towards strategic use of on-demand computing services. Supporting today’s
aggressive adoption of an admittedly immature cloud ecosystem requires an honest assessment of an
organization’s readiness to conduct cloud-based Identity and Access Management (IAM), as well as
understanding the capabilities of that organization’s Cloud Computing providers.
Identity Provisioning: One of the major challenges for organizations adopting Cloud Computing
services is the secure and timely management of on-boarding (provisioning) and off-boarding
(deprovisioning) of users in the cloud. Furthermore, enterprises that have invested in user management
processes within an enterprise will seek to extend those processes and practice to cloud services.
Authentication: When organizations start to utilize cloud services, authenticating users in a trustworthy
and manageable manner is a vital requirement. Organizations must address authentication-related
challenges such as credential management, strong authentication (typically defined as multi-factor
authentication), delegated authentication, and managing trust across all types of cloud services.
Federation: In a Cloud Computing environment, Federated Identity Management plays a vital role in
enabling organizations to authenticate their users of cloud services using the organization’s chosen
identity provider (IdP). In that context, exchanging identity attributes between the service provider (SP)
and the IdP in a secure way is also an important requirement. Organizations considering federated
identity management in the cloud should understand the various challenges and possible solutions to
address those challenges with respect to identity lifecycle management, available authentication
methods to protect confidentiality, and integrity; while supporting non-repudiation.
Authorization & user profile management: The requirements for user profiles and access control
policy vary depending on whether the user is acting on their own behalf (such as a consumer) or as a
member of an organization (such as an employer, university, hospital, or other enterprise). The access
control requirements in SPI environments include establishing trusted user profile and policy information,
using it to control access within the cloud service, and doing this in an auditable way.
Federated Identity - Identity federation builds a trust relationship between applications that
reflects business affiliations so that employees can remotely access applications with a single sign-on
(SSO), regardless of whether or not the applications are locally or remotely located. Identity federation
also protects an employee’s private information. As a first step towards your cloud initiative it is
recommended to use the identity federation solution using an open standard solution, such as Security
Assertion Markup Language (SAML), to ensure interoperability in a hybrid cloud environment whilst
extending your internal IAM systems into the cloud. SAML addresses one of the key challenges in how to
integrate all cloud computing resources with internal enterprise resources in order to deliver a unified
service to employees and customers anywhere and anytime while still maintaining a secure environment
.
In the illustration the user is actually accessing many applications on a hybrid cloud computing
environment, which goes beyond the boundary of the enterprise data center. The user’s access control
must be enforced by the cloud environment, i.e. outside the data center and this creates new challenges
for the enterprise when adopting cloud computing and transforming its business.
Single Sign-on Challenge - The enterprise typically uses access management to integrate
applications in different domains to an application portal, so that the end user can access applications
without re-authentication. Access management might work well for the applications within the data center
or within the same domain. However, the cloud computing service typically is external to the data center
and located within a different domain and shared with multiple other tenants.
Security Challenge - Security is another challenge. As an example, let’s consider an access
control policy change. Typically, the application is associated with a dedicated identity and access
management solution. And many applications using this approach create duplicated identity and access
management functionality. Therefore, the application’s access control policies reside in multiple locations
across the network, creating policy management overhead and complexity. Furthermore, an employee
often requires multiple roles for different applications, and the duplication of Identity and Access
Management (IAM) prevents identity provision and enforcement on demand. Finally, the traditional IAM
approach cannot fit into a cloud computing platform, because the enterprise does not control the cloud
service provider’s IAM practices and has even less influence over strict security practices.
Identity Federation – is based on two important concepts;
The virtual reunion or assembled identity of a person’s user information (or principal) which is
stored across multiple distinct identity management systems. Typically, the user’s name, being a common token, joins the data.
A user’s authentication process which is integrated across multiple IT systems or even
organizations.
For example, a traveler could be a flight passenger as well as a hotel guest. If the airline and the hotel
use a federated identity management system, this means that they have a contracted mutual trust in
each other’s user authentication. Initially, the traveler can self-identify as a customer for booking the flight
and then this identity can be transferred to hotel reservations.
The ultimate goal of identity federation is to enable users of one domain to securely access data or
systems of another domain seamlessly, without requiring redundant user administration. The goal
requires that all participating systems use the same protocol to be interoperable. Public cloud computing
service providers such as Google, Amazon, and Salesforce.com offer their own IAM interface, which by
default is not capable of SSO. Private cloud computing service providers may recommend different IAM
practices than enterprise customers. To integrate cloud service into an enterprise’s access portal with
SSO, it is recommended an identity federation open standard such as SAML is used.
The SAML protocol decouples both the SAML identity provider and the SAML service provider. This
enables the enterprise to have a centralized identity provider that can support many other service
providers in a distributed fashion. The SAML identity provider focuses on identity management, access
policy management, and security token generation, while SAML service providers receive the remote
security token, retrieve credential data, and reinforce user access policies locally.
With the SAML protocol, the enterprise can provide services to other enterprises. Identity federation supports cross domain single sign-on (CD SSO) and interchanges access control information with a wide range of partners, reflecting business trust relationships. The SAML protocol is interoperable. Because cloud service providers implement different identity
federation protocols or different versions of the same protocol, the enterprise cloud can leverage Security
Token Service (STS) to interoperate between these different SSO practices. For example, the SAML
assertion token can be converted between SAML 1.1 and SAML 2.0.
Identity Authentication Flow Patterns
Identity authentication patterns reflect authentication flows between the user and IAM. As illustrated
below, when accessing supply chain applications, all participants globally are required to log into a
common application platform, creating a “fan in” identity authentication flow to the supply chain
applications. Enterprise users log into a portal and then access different applications using SSO, creating
a “fan out” identity authentication flow. During mergers and acquisitions, authentication flows between the
two companies involved often spill over, because each company holds partial identity. In all three
authentication flows, the IAM is required to handle on demand requests and do so in high volume. As a
result, the enterprise IAM often faces challenges concerning performance and on demand capacity in
order to meet service-level agreements (SLAs). Identity federation does not change the flow of the
identity authentication. However, it decouples the authentication process and access control process
such that regulating identity authentication occurs at one site and reinforcing authorization occurs at
another. This simplifies the IAM infrastructure.
Enterprises use identity authentication patterns in the following ways.
The enterprise can act as the identity provider, processing employee authentications locally. With identity federation, the employees’ service requests fan out to the cloud services.
The enterprise can build a private cloud data center that hosts services, acting as a service provider. With identity federation, the service requests from different trusted partners fan into this private cloud data center with SSO.
For two companies involved in a merger and acquisition (M&A) process, their employees’ service requests cross over different domains and data centers with SSO.
Identity Federation Pattern: Trust Domain The identity federation is about creating a trust domain. This is the trust relationship of identity
authentication and authorization that reflects the business relationship. As illustrated below, a trust
relationship can transfer trust from one party to another party, creating a trust domain chain. The user
can have different credentials in each application or cloud service. When these applications and cloud
services are in a chained trust domain, the SAML identity provider can reconcile different identities
allowing users to access different applications using their appropriate credentials. In a real life example, a
traveler could be a flight passenger as well as a hotel guest. If both the airline and the hotel use a
federated identity management system, they have a contracted mutual trust in each other’s
authentication of the passenger/guest. Initially, the traveler can self-identify as a customer when booking
a flight and then be transferred towards a hotel reservation as an identified customer.
The enterprise can leverage this pattern to integrate different cloud services into the enterprise remote
access portal to improve overall productivity.
SAML Patterns: SAML identity provider and SAML service provider With the trust partnership, the involved parties can either act as an identity provider, which asserts
information about the user, or a service provider, which consumes the assertion provided by the identity
provider. In SAML integration, SAML identity provider directly accesses an identity management (IdM)
system such as LDAP or Active Directory, while SAML service provider strictly reinforces application
access. An SAML integration pattern decouples the access and the authentication, so that the
authentication and access can collaborate together within a trust domain over the Internet.
The enterprise can create a centralized identity service with an identity provider that supports SAML for
CD SSO; the enterprise can also implement SAML service provider functionality in the private cloud data
center with ease using identity management
Cloud Ready Data Center
Overview
CIOs are looking for ways to achieve greater IT efficiencies and agility to meet their requirements for an
improved user experience and lower costs. Cloud computing represents a new way of meeting these
goals by delivering services on a dynamic and shared IT infrastructure. Previously, applications were
linked to hardware that was specifically designated for compute and storage. With cloud computing, the
functionality of these same software and hardware products is delivered in a more scalable fashion as
services over a network. CIOs are looking to apply the lessons of the cloud to their own IT departments
to optimize results. However, they are limited because, as application architectures, server virtualization,
and storage technology have evolved over time, innovation in the network and security has not kept
pace. Because networks and security are the foundation of a cloud-ready data center, businesses need a
new network and security solution to unleash the promise of the cloud.
Cloud computing can vastly improve the performance, scale, agility and security of applications in any
data center. This reduces IT costs while improving the user experience. IT services are delivered by
infrastructures that are centrally managed and shared through consolidation and virtualization. Any of the
standard data center elements—such as servers, appliances, storage, and other networking devices—
can be contained within a cloud-like architecture. By abstracting the logical from the physical, these
elements can be arranged in resource pools that are shared securely across multiple applications, users,
departments, suppliers, and customers. The resources in these pools can also be dynamically allocated
to accommodate the changing capacity requirements of different applications and improve asset
utilization levels. Consequently, cloud infrastructures have proven to simplify management, reduce
operating and ownership costs, and allow services to be provisioned with unprecedented speed. The
characteristics of the cloud ready data center or also referred to as next generation data center is based
on building simplified, scalable, agile, and secure networks with these design objectives.
Key Components
Success in building a cloud-ready data center network requires three steps: Simplify, Share and Secure.
It is also important to automate at each step. Whether you are running your internal IT infrastructure to be
cloud-like or plan to connect with public cloud services, designing a cloud-ready data center network
involves removing the restrictions related to where you place your resources. This gives you significant
operational advantages that can help you lower costs, increase efficiency, and keep your data center
agile enough to accommodate any changes in your business or your technology infrastructure.
Simplify the architecture - Consolidate siloed systems and collapse inefficient tiers using a network
fabric and a single network operating system. This gives you fewer devices, a smaller operational
footprint, reduced complexity, easier management operations, and improved application performance.
Share the resources - Virtualize network resources to segment the network into simple, logical, and
scalable partitions for your various applications and services while using fabric technology to ensure
seamless connectivity to those resources regardless of where they are located. Keep privacy, flexibility,
high performance, and quality of service (QoS) as primary goals. This sharing enables agility for multiple
users, applications, and services.
Secure the data flows - Make sure that integrated and dynamic security services are resident in the
network to provide security scale, threat visibility, and enforcement. These comprehensive services
secure data flows across both physical and virtual environments, while leveraging centralized
orchestration to drastically simplify the enforcement of dynamic, application-aware, and identity aware
policies, ultimately ensuring better application availability and network performance.
Data Center Architectures Evolution
The data center infrastructure and security architecture has evolved over the last decade; from a multi -
tiered network and security layer design to consolidated single tier with virtual layers or security zones.
This is best represented by the series of diagrams below; legacy data centers typically followed a
standardized core, distribution and access three layer topology where different devices performed
dedicated functions not only increasing complexity in terms of management and operations but also cost
of maintaining the data center.
As the data center has evolved with virtualization at the server level; the core, distribution and access
layers has also seen major changes and now replaced with consolidation into two layers known as the
aggregation and access. Security layers such as DMZ, extranet, perimeters and internal core zones
being virtualized at the infrastructure level. Whilst these security zones still exist as they did for the
legacy data center where individual devices use to perform dedicated functions such as perimeter
external stateful-firewall, external IPS, reverse proxy, Web Application Firewall, internal zone firewall etc
the transition to a two layer model of aggregation and access has allowed these security functions to be
consolidated and virtualized.
The new shift to cloud ready data centers has changed the way network and security infrastructure is
designed – next generation data centers have a unified control plane known as a fabric. No longer does
a network security perimeter exist between different security zones, security needs to be viewed as a de-
perimeterized function given the very nature of cloud computing – that is any to any connectivity with
extreme low latency, building trust relationships using federated identity across different entities whilst
securing your assets in the cloud where the underlying infrastructure is likely to be shared by hundreds if
not thousands of co-tenants. Application of multi-tenancy has also meant that virtualization not only
needs to be observed at the server level in the form of a Virtual Machine but also at the infrastructure
level; use of virtual switching, virtual routing and virtual firewall/IPS and virtualized application delivery
control. A single tenant that is under a DDoS attack should not be a source of attack for another tenant
and it is these concepts that needs to be understood and countermeasures built in from day one.
The abstract of the legacy data center with core, distribution and access layer with multiple security
devices providing security functions in multi-tiered layer architecture. Security is a very much dedicated
function with no consolidation in mind; security management is a severe overhead.
The abstract of the two-tier data center architecture with aggregation and access layer. Security services
consolidated at the aggregation layer and providing security zone demarcation across different trust
domains. With the use of MPLS/VPLS technology this architecture can be considered semi-perimeterized
– since such architectures cater for inter-Data Center communication within a single entity which may not
require security services.
Security as a Service in the Cloud Data Center
The abstract of single-tier data center architecture with a unified flat fabric that provides the ability for
any-to-any connectivity with extreme low latency. Network and security infrastructures are seen as one
logical layer through the fabric and any resource within the cloud can observe its very own security
policy. In this architecture the security has completely transformed from a perimeter based architecture to
something that has no boundaries and is considered de-perimeterized. Security can be implemented at
the hypervisor as discussed previously providing this de-perimeterized security concept.
With cloud services ranging from IaaS, PaaS and SaaS; the Security as a Service concept is agnostic
to the service model and can be deployed in any form; as an Infrastructure through dedicated hardware,
as a Platform in a multi-tenancy environment where you are managing security policies to a Service
where the cloud provider is responsible in providing security for your assets in the cloud.
About the Author
Co-Founder and Sr. Security Consultant at DTS Solution – Smart Solution for the Smart Business; an innovative and dynamic start-up organization aimed to provide best-in-class network and security solutions in the regional market. A dynamic, astute and professional individual with more than 10 years of industry expertise and experience. Having worked for a Service Provider, System Integrator and multiple Vendors he has extensive knowledge on complete project lifecycle focused around security solutions.
Besides this technical expertise and certifications he holds CISSP, CISA, CISM, CRISC and CCSK and is an active member of ISACA and Cloud Security Alliance. [email protected]