Introduction - DTS Solution · Introduction delivered to you as a service wherever and whenever you need. ... security violations and a clearly defined service level agreement between

Introduction Cloud computing is one of the next

significant stage in the Internet’s evolution, providing the means through

which everything – from computing power to computing infrastructure,

applications, business processes to personal collaboration – can be

delivered to you as a service wherever and whenever you need.

The “cloud” in cloud computing can be defined as the set of hardware,

networks, storage, services, and interfaces that combine to deliver aspects

of computing as a service. Cloud service models are based on three

categories; Infrastructure as a Service (IaaS), Platform as a Service (PaaS)

and Software as a Service (SaaS).

Consumer Cloud Computing services has been well established ever since

mainstream Internet. Well known examples are WebMail services and social

networking platforms. However the adoption of Cloud Computing within the

Enterprise sector has been slow. This slow uptake in Cloud services that

promises so much has been primarily influenced by the numerous security

risks, concerns and challenges posed within such an environment.

Governance, Risk and Compliance factors of Cloud Services need to be

fully assessed and evaluated by organizations to provide informed

judgments. Data and Information lifecycle, source and origination, transfer,

destination, validation and deletion all need to be understood.

Transborder data flow across countries with different cyber law jurisdictions

need to be carefully considered and any sensitive information leakage

resulting in litigation requires the involvement of cyber law legal teams.

Periodic rights for 3rd party audit clause, frequent reporting mechanisms of

security violations and a clearly defined service level agreement between an

organization and the Cloud Service Provider needs to be developed.

With Cloud providers utilizing shared pool of resources, virtualization and

isolation; capabilities need to be questioned along with identity access

control and management frameworks. Encryption key lifecycle of virtualized

environments, portability of information if your organization decides to move

to another Cloud provider are just some critical factors to consider.

This whitepaper introduces a holistic security approach to Cloud Computing

and equips CIO’s and information security executives to understand the key

security drivers, requirements, risks and challenges they are likely to face

when considering moving enterprise infrastructure, platform and services to

the cloud.

Content The whitepaper will address the following topics that

are fundamental to any successful migration to the cloud. Assisting your

organization to make an informed decision and judgment through due care

and diligence; the topics will also provide sufficient information to challenge

the requirements to have information security built-in and not bolted-on

within the cloud environment whilst understanding and raising security

awareness to your organizational cross-functional teams.

Cloud Service Models – SaaS, PaaS and IaaS

Cloud Computing Risk Management

Compliance and Audit Control in Cloud Computing environments

Information Lifecycle Management in the Cloud

Data Portability and Interoperability between Cloud providers

Virtualization and Multi-Tenancy environments

Application and Hypervisor Security

Encryption and Key Management

Identity and Access Management

Cloud Ready Data Center Operations and Disaster Recovery Planning

Cloud Service Model The typical

characteristics of any cloud computing environment is based on multiple

concepts; rapid provisioning of services, agility of infrastructure, elasticity of

computing resources based on demand, high level of scalability, modularity

and performance, multi-tenancy through virtualization and

compartmentalization and dynamic security.

With such ground-breaking definitions that are typically not found in

traditional enterprise architectures a shift in the way we think needs to be

observed. Cloud computing provides enterprise IT economies of scale;

through effective and efficient utilization of a shared pool of resources to

perform IT functions; offloading complementary IT functions to a cloud

service provider freeing up IT personnel to focus on business critical

activities; reducing operational expenditure to manage, maintain and support

the IT infrastructure are just a few examples.

The Cloud Computing Service Model is based on three primary tenants –

Infrastructure as a Service (IaaS), Platform as a Service (PaaS) and

Software as a Service (SaaS). All IT functions such as applications,

networking, security, storage and software work in tandem to provide users

with a service based on the client-server model. This exact model of client-

server can be delivered through sharing Infrastructure, Platform and Service

that is user transparent.

Infrastructure as a Service - The capability provided

to the consumer is to provision processing, storage, networks, and other

fundamental computing resources where the consumer is able to deploy and

run arbitrary software, which can include operating systems and

applications. The consumer does not manage or control the underlying

cloud infrastructure but has control over operating systems, storage,

deployed applications, and possibly limited control of select networking

components (e.g., host firewalls).

Platform as a Service - The capability provided to the

consumer is to deploy onto the cloud infrastructure consumer-created or

acquired applications created using programming languages and tools

supported by the provider. The consumer does not manage or control the

underlying cloud infrastructure including network, servers, operating

systems, or storage, but has control over the deployed applications and

possibly application hosting environment configurations.

Software as a Service - The capability provided to the

consumer is to use the provider’s applications running on a cloud

infrastructure. The applications are accessible from various client devices

through a thin client interface such as a web browser (e.g., web-based

email). The consumer does not manage or control the underlying cloud

infrastructure including network, servers, operating systems, storage, or

even individual application capabilities, with the possible exception of limited

user-specific application configuration settings.

Deployment Models - there are four deployment models

for cloud services, with derivative variations that address specific

requirements:

Public Cloud. The cloud infrastructure is made available to the general

public or a large industry group and is owned by an organization selling

cloud services.

Private Cloud. The cloud infrastructure is operated solely for a single

organization. It may be managed by the organization or a third party, and

may exist on-premises or off- premises.

Community Cloud. The cloud infrastructure is shared by several

organizations and supports a specific community that has shared concerns

(e.g., mission, security requirements, policy, or compliance considerations).

It may be managed by the organizations or a third party and may exist on-

premises or off-premises.

Hybrid Cloud. The cloud infrastructure is a composition of two or more

clouds (private, community, or public) that remain unique entities but are

bound together by standardized or proprietary technology that enables data

and application portability (e.g., cloud bursting for load-balancing between

clouds).

Cloud Computing Risk

Management Framework – Numerous Information Security standards and compliance frameworks have

been well established and matured over the last decade – ISO27002 ISMS,

PCI-DSS, HIPAA, SOX to name a few. Such industry standards have played

a vital role in providing organizations and security professionals the ability to

measure security in the context of business risk; as the awareness,

importance and requirements for securing information assets gain more

traction the industry is set to face key challenges when it comes to securing

information assets for the cloud.

Standardized information security framework specifically for cloud

computing does not exist given the uniqueness in how cloud computing

operates; ENISA (European Network and Information Security Agency) have

developed a Cloud Computing Risk Assessment strategy however global

adoption and acceptance has indeed been difficult. Security professionals

will undoubtedly face complexities and challenges when it comes to

addressing key security requirements for cloud computing. Enterprise IT

Risk Management Framework not only needs to be applied in the context of

the cloud but numerous other considerations need to be assessed,

evaluated and deployed. Managing risk appetite when the information

resides out of your organizations control can be problematic and it is

imperative Security Services Level Agreements are well defined beforehand

with the cloud provider.

As a common step towards managing information security risk in the cloud -

the following focus areas of risk management should be at the forefront

when considering cloud deployment;

Identifying the asset for cloud deployment – requirements to move to

the cloud.

Evaluate the asset and measure both the technical and business

risks associated with the asset.

Correlate the asset to the type of cloud service and deployment

model.

Identify the potential data flow.

Develop audit controls that can be delivered to you as a self-service

or on-demand by the cloud provider.

Validate information lifecycle for the asset – data encryption and

decryption, data residency, retention and deletion.

Consistency of authorized use of asset by users between existing in-

house and proposed cloud provider services.

Ensure no lock-in clause for cloud provider and ability for asset to be

portable between cloud providers.

Data protection from leakage, data residency and malicious cloud

provider administrator.

Legal risk and transborder data flow across countries with differing

legal jurisdictions.

Security Services Level Agreement with cloud provider clearly

defined with financial penalty clauses for any violations.

Compliance and Audit Control

in Cloud Computing

environments – Managing and maintaining

compliance status within your environment is by far simpler and sustainable

than ensuring compliance is met in cloud environments. When

Infrastructure / Platforms and Services are under the control of the

organization, ensuring compliancy through governance is pretty

straightforward; roles and responsibilities are clearly defined, compliance

controls are designed and implemented with management approval whilst

audit of compliance status can easily be tracked and measured. The

moment services are migrated to the cloud an organization effectively loses

control on how compliance is implemented and maintained and is handed

over to the cloud service provider. As part of any compliance requirement a

gap analysis must be undertaken to identify how regulatory, legislative and

industry compliance can be designed and implemented from day one. It is

imperative that any compliance requirements you are obliged to adhere to

are validated and certified before migrating to the cloud.

Of the many regulations touching upon information technology with which organizations must comply, few were written with Cloud Computing in mind. Auditors and assessors may not be familiar with Cloud Computing generally or with a given cloud service in particular. That being the case, it falls upon the cloud customer to understand: Regulatory applicability for the use of a given cloud service

Division of compliance responsibilities between cloud provider and cloud customer

Cloud provider’s ability to produce evidence needed for compliance on demand

Cloud customer’s role in bridging the gap between cloud provider and auditor/assessor

The following recommendations should be carefully considered when applying compliance and audit

control processes within a cloud environment;

Right to Audit Clause – the cloud customer should reserve the right to request on demand

audit of the services the customer is subscribed to

Thorough legal and contractual agreements and terms that addresses compliance needs

Analysis on the compliance scope; determining that the compliance regulations the

organization is subject to will not be impacted by the use of the cloud services

Impact of regulatory compliance for data security and if the data that will move to the cloud is

subject to compliance requirements

Review cloud service provider partners – in certain cases the cloud service provide may sub-

contract partial functions to another party i.e. data processing

Ability to provide on demand evidence of compliance and how each compliance requirement

is being met

Information Lifecycle Management in the

Cloud – One of the primary goals of information security is to protect the fundamental data

that powers our systems and applications. As we transition to Cloud Computing, our traditional

methods of securing data are challenged by cloud-based architectures. Elasticity, multi-tenancy, new

physical and logical architectures, and abstracted controls require new data security strategies. With

many cloud deployments we are also transferring data to external — or even public — environments,

in ways that would have been unthinkable only a few years ago. Key challenges regarding data

lifecycle security in the cloud include the following:

Data security. Confidentiality, Integrity, Availability, Authenticity, Authorization, Authentication, and

Non-Repudiation.

Location of the data. There must be assurance that the data, including all of its copies and back-

ups, is stored only in geographic locations permitted by contract, SLA, and/or regulation. For

instance, use of “compliant storage” as mandated by the European Union for storing electronic health

records can be an added challenge to the data owner and cloud service provider.

Data remanance or persistence. Data must be effectively and completely removed to be deemed

‘destroyed.’ Therefore, techniques for completely and effectively locating data in the cloud,

erasing/destroying data, and assuring the data has been completely removed or rendered

unrecoverable must be available and used when required.

Commingling data with other cloud customers. Data – especially classified / sensitive data – must not

be commingled with other customer data without compensating controls while in use, storage, or transit.

Mixing or commingling the data will be a challenge when concerns are raised about data security and

geo-location.

Data backup and recovery schemes for recovery and restoration. Data must be available and data

backup and recovery schemes for the cloud must be in place and effective in order to prevent data loss,

unwanted data overwrite, and destruction. Don’t assume cloud-based data is backed up and recoverable.

Data discovery. As the legal system continues to focus on electronic discovery, cloud service providers

and data owners will need to focus on discovering data and assuring legal and regulatory authorities that

all data requested has been retrieved. In a cloud environment that question is extremely difficult to

answer and will require administrative, technical and legal controls when required.

Data aggregation and inference. With data in the cloud, there are added concerns of data aggregation

and inference that could result in breaching the confidentiality of sensitive and confidential information.

Hence practices must be in play to assure the data owner and data stakeholders that the data is still

protected from subtle “breach” when data is commingled and/or aggregated, thus reveal ing protected

information (e.g. medical records containing names and medical information mixed with anonymous data

but containing the same “crossover field”).

The Data Security Lifecycle is different from Information Lifecycle Management, reflecting the different

needs of the security audience. The Data Security Lifecycle consists of six phases and careful

consideration should be taken for data residing in the cloud;

CREATE – classify and assign rights to data, data labeling techniques, digital rights management

and watermarking, user tagging to classify data.

STORE – data access control based on need to know based on DBMS and document

management system, data encryption and decryption to authorized users, content discovery tool

such as data loss prevention.

USE – use of activity monitoring and enforcement using log files, rights management and logical

controls using DBMS solutions, data owner notification on change of status.

SHARE – use of encryption for transit information and signed documents, activity monitoring for

shared information, maintaining integrity for transit data.

ARCHIVE – data residency monitoring within storage environments, asset management and

tracking and encryption on backup archived information and for data at rest. Data archived should

only be retrieved by data owner.

DESTROY – removal and secure deletion of information by authorized personnel, validate

deletion with content discovery, crypto-shredding and content construction should not be possible.

Data Portability and Interoperability

between Cloud Providers – The Cloud brings new opportunities for

enterprises to develop and deploy efficient and compelling services, unlock the potential of the public and

private domain data, as well as reduce costs for ICT services. Even for a new technology like Cloud,

however, interoperability and portability is a key topic of discussion for policy makers, both as a tool to

reduce integration costs, as well as to reduce dependence on large ICT vendors.

While systems interoperability becomes the primary domain of the cloud service provider, issues around

data interoperability still remain important, and perhaps even critical, as enterprise data becomes

increasingly contained with the systems provided through the cloud service provider. Many public cloud

networks are configured as closed systems that do not interact with each other. This lack of integration

makes it difficult for organizations to consolidate their IT systems in the cloud in order to realize

productivity gains and cost savings. The issue of cloud portability is important to any enterprise, as they

want to ensure that customers can switch cloud service providers without unreasonable switching costs.

Inevitably when a customer changes the cloud service provider, it is reasonable to assume that there will

be a certain amount of switching costs. However, from a cloud portability perspective, it also becomes

critical that data is sharable between cloud providers, since without the ability to port data, it would

become simply impossible to switch cloud service providers at all.

Policies need to be crafted around data interoperability related issues to ensure that data interchange

between cloud services is un-hindered, as most enterprise users will likely use heterogeneous cloud

service providers for their needs. Policy makers will have to focus on data ownership and control issues

to ensure that they continue to control the destiny of their own data.

To achieve the economies of scale that will make cloud computing successful, common platforms are

needed to ensure users can easily navigate between services and applications regardless of where

they’re coming from, and enable organizations to more cost-effectively transition their IT systems to a

services-oriented model. IT personnel want the same types of control they have in the data center in the

cloud. When you push data out to the cloud, you outsource availability and security to the cloud vendor

which is considered a major weakness.

Virtualization and Multi-Tenancy

Environments – The ability to provide multi-tenant cloud services at the

infrastructure, platform, or software level is often underpinned by the ability to provide some form of

virtualization to create economic scale – utilization of a shared pool of resources to host multiple tenants.

However, use of these technologies brings additional security concerns. While there are several forms of

virtualization, by far the most common is the virtualized operating system known as Virtual Machines. If

Virtual Machine (VM) technology is being used in the infrastructure of the cloud services, then you must

be concerned about compartmentalization, isolation and hardening of those VM systems.

The reality of current practices related to management of virtual operating systems is that many of the

processes that provide security-by-default are missing, and special attention must be paid to replacing

them. The core virtualization technology itself introduces new attack surfaces in the hypervisor and other

management components, but more important is the severe impact virtualization has on network

security. Virtual machines now communicate over a hardware backplane, rather than a network. As a

result, standard network security controls are blind to this traffic and cannot perform monitoring or in-line

blocking. These controls need to take a new form to function in the virtual environment.

Interference and commingling of data in centralized services and repositories is another concern. A

centralized database as provided by a Cloud Computing service should in theory improve security over

data distributed over a vast number and mixture of endpoints. However this is also centralizing risk,

increasing the consequences of a breach.

Another concern is the commingling of VMs of different sensitivities and security. In Cloud Computing

environments, the lowest common denominator of security will be shared by all tenants in the multi-

tenant virtual environment unless new security architecture can be achieved that does not “wire in” any

network dependency for protection.

Virtualization technology has been around for many years and many enterprises already have some form

of virtualization deployed within their internal data centers; however compare that with a cloud service

provider that requires providing virtualization in a multi-tenancy environment the security risks inevitably

increase.

Application and Hypervisor Security – Cloud

environments by virtue of their flexibility, openness, and often public availability challenge many

fundamental assumptions about application security. Some of these assumptions are well understood;

however many are not. Cloud Computing influences security over the lifetime of an application in many

ways — from design to operations to ultimate decommissioning.

It is important that all stakeholders including application designers, security professionals, operations

personnel, and technical management understand on how to best mitigate risk and manage assurance

within Cloud Computing applications. Cloud Computing is a particular challenge for applications across

the layers of Software as a Service (SaaS), Platform as a Service (PaaS) and Infrastructure as a Service

(IaaS). Cloud-based software applications require a design rigor similar to applications residing in a

classic DMZ. This includes a deep up-front analysis covering all the traditional aspects of managing

information confidentiality, integrity, and availability.

Applications in cloud environments will both impact and be impacted by the following major aspects;

Application Security Architecture – Consideration must be given to the reality that most

applications have dependencies on various other systems. With Cloud Computing, application

dependencies can be highly dynamic, even to the point where each dependency represents a

discrete third party service provider. Cloud characteristics make configuration management and

ongoing provisioning significantly more complex than with traditional application deployment. The

environment drives the need for architectural modifications to assure application security.

Compliance – Compliance clearly affects data, but it also influences applications (for example,

regulating how a program implements a particular cryptographic function), platforms (perhaps by

prescribing operating system controls and settings) and processes (such as reporting

requirements for security incidents).

Vulnerabilities – These include not only the well-documented—and continuously evolving—

vulnerabilities associated with web apps, but also vulnerabilities associated with machine-to-

machine Service-Oriented Architecture (SOA) applications, which are increasingly being deployed

into the cloud.

Tools and Services – Cloud computing introduces a number of new challenges around the tools

and services required to build and maintain running applications. These include application

management utilities, the coupling to external services, and dependencies on libraries and

operating system services, which may originate from cloud providers. Understanding the

ramifications of who provides, owns, operates, and assumes responsibility for each of these is

fundamental.

Hypervisor security is the process of ensuring the hypervisor, the software that enables virtualization, is

secure throughout its life cycle, including during development, implementation, provisioning,

management and de-provisioning. The hypervisor which enables virtualization and the use of VM is a

critical component for securing VM assets in the cloud. The hypervisor is the central software that

enables VM-to-VM communication and VM to external entity communication and therefore the most

critical component in providing security.

VM-to-VM communication does not traverse the network infrastructure and remains inside the physical

server and therefore traditional network security firewalls cannot be deployed for traffic inspection. It is

important to give consideration to hypervisor security in the form of a security virtual appliance. A virtual

firewall that operates at the hypervisor level provides security between VM-to-VM and increasing visibility

between the communication of authorized VM’s without such mechanisms in place you are likely to be

susceptible to blind attacks.

A common hypervisor security deployment is illustrated in the diagram where the virtualGW product from

Juniper Networks is providing security to the individual VM’s. Security and compliance concerns are first-

order priorities for virtualized data center and cloud deployments. vGW Virtual Gateway is a

comprehensive security solution for virtualized data centers and clouds that is capable of monitoring and

protecting virtualized environments while maintaining the highest levels of VM host capacity and

performance. vGW includes a high-performance hypervisor-based stateful firewall, integrated intrusion

detection (IDS), and virtualization-specific antivirus (AV) protection.

Encryption and Key Management – Cloud users and

providers need to protect against data loss, leakage and theft. Encryption of personal and enterprise data

is widely used and in some cases mandated by laws and regulations around the world. Cloud customers

want the same level of data encryption services for data at rest and in motion and want their providers to

encrypt their data to ensure that it is protected no matter where the data is physically located. Likewise,

the cloud provider needs to protect its customers’ sensitive data to avoid embarrassment and protect its

own integrity.

Strong encryption with key management is one of the core mechanisms that Cloud Computing systems

should use to protect data. While encryption itself doesn’t necessarily prevent data loss, safe harbor

provisions in laws and regulations treat lost encrypted data as not lost at all. The encryption provides

resource protection while key management enables access to protected resources.

One common question that often comes up during cloud computing discussions is where the enterprise

data stored. Data sovereignty raises issues for businesses adopting cloud computing for sensitive data.

Cloud service providers often store customer data in various geographical locations to ensure scalability,

efficiency and resiliency; often on a common platform that is shared by multiple tenants. Your data may

not reside within the same country as your business, and privacy laws and jurisdictions may vary

dramatically between countries and regions.

When moving applications to the cloud, you want to understand not only where your users reside, but

also where the data resides in the cloud application – if not precisely, at least in which legal jurisdictions.

Yet this information can be difficult to determine, as data is constantly in motion in the cloud.

Cloud environments are shared with many tenants, and service providers have privileged access to the

data in those environments. Thus confidential data hosted in a cloud must be protected using a

combination of access control, contractual liability and encryption. Of these, encryption offers the benefits

of minimum reliance on the cloud service provider and lack of dependence on detection of operational

failures.

Encrypting data in transit over networks. There is the utmost need to encrypt multi-use credentials,

such as credit card numbers, passwords, and private keys, in transit over the Internet. Although cloud

provider networks may be more secure than the open Internet, they are by their very architecture made

up of many disparate components, and disparate organizations share the cloud. Therefore it is important

to protect this sensitive and regulated information in transit even within the cloud provider’s network.

Typically this can be implemented with equal ease in SaaS, PaaS, and IaaS environments.

Encrypting data at rest. Encrypting data on disk or in a live production database has value, as it can

protect against a malicious cloud service provider or a malicious co-tenant as well as against some types

of application abuse. For long-term archival storage, some customers encrypt their own data and then

send it as ciphertext to a cloud data storage vendor. The customer then controls and holds the

cryptographic keys and decrypts the data, if necessary, back on their own premises. Encrypting data at

rest is common within IaaS environments, using a variety of provider and third party tools. Encrypting

data at rest within PaaS environments is generally more complex, requiring instrumentation of provider

offerings or special customization. Encrypting data at rest within SaaS environments is a feature cloud

customers cannot implement directly, and need to request from their providers.

Encrypting data on backup media. This can protect against misuse of lost or stolen media. Ideally, the

cloud service provider implements it transparently. However, as a customer and provider of data, it is

your responsibility to verify that such encryption takes place. One consideration for the encryption

infrastructure is dealing with the longevity of the data.

Encrypting data on backup media. This can protect against misuse of lost or stolen media. Ideally, the

cloud service provider implements it transparently. However, as a customer and provider of data, it is

your responsibility to verify that such encryption takes place. One consideration for the encryption

infrastructure is dealing with the longevity of the data.

Emerging technologies that provide a complete encryption using standardized encryptions algorithms

and key management lifecycle have seen significant growth. One emerging technology known as

tokenization provides the enterprise customer of the cloud provider the ability to store, retrieve and

delete data based on the keys that the enterprise holds. No other co-tenant or the cloud service provider

for that matter has access to that data. Any store, retrieve and delete process of the residence data can

only be encrypted and decrypted by keys that are owned by the enterprise customer. Tokenization

techniques are now being adopted by PCI-DSS compliance standards for the payment card industry.

Tokenization & Data Residency - Tokenization is the process of substituting original

(sensitive) data with randomly generated alphanumeric values (tokens). While structurally similar to the

original data, these tokens have no mathematic relationship with the original data. The mapping between

the original data and tokens is stored in a secure token database, and access to this database is required

to reverse the process and retrieve the original data. By retaining original data within the concerned

jurisdiction and storing tokens in cloud applications, data residency challenges can be eliminated.

Tokenization Eliminates Cloud Data Residency Challenges - Tokenization

technology allows customers to replace sensitive information with anonymous values (tokens) that

respect field formatting, and preserve all native features and functionality of compatible cloud solutions,

such as searching, sorting, and reporting. The token database that stores sensitive information can either

be placed behind the enterprise firewall or with a trusted hosting provider in the customers’ jurisdiction.

Additional key characteristics include:

Rapid configuration and deployment

High-performance architecture with ultra-low latency

Support for multiple load-balancing and high-availability deployment topologies to address global

customer needs

Subscription based pricing that eliminates up-front capital expenditure

Centralized logging and auditing of user activities in the cloud

Extensible architecture for cross-platform tokenization

Federated Identity and Access

Management in the Cloud- Managing identities of users and

access control for enterprise applications remains one of the greatest challenges facing IT today. While

an enterprise may be able to leverage several Cloud Computing services without a good identity and

access management strategy, in the long run extending an organization’s identity services into the cloud

is a necessary precursor towards strategic use of on-demand computing services. Supporting today’s

aggressive adoption of an admittedly immature cloud ecosystem requires an honest assessment of an

organization’s readiness to conduct cloud-based Identity and Access Management (IAM), as well as

understanding the capabilities of that organization’s Cloud Computing providers.

Identity Provisioning: One of the major challenges for organizations adopting Cloud Computing

services is the secure and timely management of on-boarding (provisioning) and off-boarding

(deprovisioning) of users in the cloud. Furthermore, enterprises that have invested in user management

processes within an enterprise will seek to extend those processes and practice to cloud services.

Authentication: When organizations start to utilize cloud services, authenticating users in a trustworthy

and manageable manner is a vital requirement. Organizations must address authentication-related

challenges such as credential management, strong authentication (typically defined as multi-factor

authentication), delegated authentication, and managing trust across all types of cloud services.

Federation: In a Cloud Computing environment, Federated Identity Management plays a vital role in

enabling organizations to authenticate their users of cloud services using the organization’s chosen

identity provider (IdP). In that context, exchanging identity attributes between the service provider (SP)

and the IdP in a secure way is also an important requirement. Organizations considering federated

identity management in the cloud should understand the various challenges and possible solutions to

address those challenges with respect to identity lifecycle management, available authentication

methods to protect confidentiality, and integrity; while supporting non-repudiation.

Authorization & user profile management: The requirements for user profiles and access control

policy vary depending on whether the user is acting on their own behalf (such as a consumer) or as a

member of an organization (such as an employer, university, hospital, or other enterprise). The access

control requirements in SPI environments include establishing trusted user profile and policy information,

using it to control access within the cloud service, and doing this in an auditable way.

Federated Identity - Identity federation builds a trust relationship between applications that

reflects business affiliations so that employees can remotely access applications with a single sign-on

(SSO), regardless of whether or not the applications are locally or remotely located. Identity federation

also protects an employee’s private information. As a first step towards your cloud initiative it is

recommended to use the identity federation solution using an open standard solution, such as Security

Assertion Markup Language (SAML), to ensure interoperability in a hybrid cloud environment whilst

extending your internal IAM systems into the cloud. SAML addresses one of the key challenges in how to

integrate all cloud computing resources with internal enterprise resources in order to deliver a unified

service to employees and customers anywhere and anytime while still maintaining a secure environment

.

In the illustration the user is actually accessing many applications on a hybrid cloud computing

environment, which goes beyond the boundary of the enterprise data center. The user’s access control

must be enforced by the cloud environment, i.e. outside the data center and this creates new challenges

for the enterprise when adopting cloud computing and transforming its business.

Single Sign-on Challenge - The enterprise typically uses access management to integrate

applications in different domains to an application portal, so that the end user can access applications

without re-authentication. Access management might work well for the applications within the data center

or within the same domain. However, the cloud computing service typically is external to the data center

and located within a different domain and shared with multiple other tenants.

Security Challenge - Security is another challenge. As an example, let’s consider an access

control policy change. Typically, the application is associated with a dedicated identity and access

management solution. And many applications using this approach create duplicated identity and access

management functionality. Therefore, the application’s access control policies reside in multiple locations

across the network, creating policy management overhead and complexity. Furthermore, an employee

often requires multiple roles for different applications, and the duplication of Identity and Access

Management (IAM) prevents identity provision and enforcement on demand. Finally, the traditional IAM

approach cannot fit into a cloud computing platform, because the enterprise does not control the cloud

service provider’s IAM practices and has even less influence over strict security practices.

Identity Federation – is based on two important concepts;

The virtual reunion or assembled identity of a person’s user information (or principal) which is

stored across multiple distinct identity management systems. Typically, the user’s name, being a common token, joins the data.

A user’s authentication process which is integrated across multiple IT systems or even

organizations.

For example, a traveler could be a flight passenger as well as a hotel guest. If the airline and the hotel

use a federated identity management system, this means that they have a contracted mutual trust in

each other’s user authentication. Initially, the traveler can self-identify as a customer for booking the flight

and then this identity can be transferred to hotel reservations.

The ultimate goal of identity federation is to enable users of one domain to securely access data or

systems of another domain seamlessly, without requiring redundant user administration. The goal

requires that all participating systems use the same protocol to be interoperable. Public cloud computing

service providers such as Google, Amazon, and Salesforce.com offer their own IAM interface, which by

default is not capable of SSO. Private cloud computing service providers may recommend different IAM

practices than enterprise customers. To integrate cloud service into an enterprise’s access portal with

SSO, it is recommended an identity federation open standard such as SAML is used.

The SAML protocol decouples both the SAML identity provider and the SAML service provider. This

enables the enterprise to have a centralized identity provider that can support many other service

providers in a distributed fashion. The SAML identity provider focuses on identity management, access

policy management, and security token generation, while SAML service providers receive the remote

security token, retrieve credential data, and reinforce user access policies locally.

With the SAML protocol, the enterprise can provide services to other enterprises. Identity federation supports cross domain single sign-on (CD SSO) and interchanges access control information with a wide range of partners, reflecting business trust relationships. The SAML protocol is interoperable. Because cloud service providers implement different identity

federation protocols or different versions of the same protocol, the enterprise cloud can leverage Security

Token Service (STS) to interoperate between these different SSO practices. For example, the SAML

assertion token can be converted between SAML 1.1 and SAML 2.0.

Identity Authentication Flow Patterns

Identity authentication patterns reflect authentication flows between the user and IAM. As illustrated

below, when accessing supply chain applications, all participants globally are required to log into a

common application platform, creating a “fan in” identity authentication flow to the supply chain

applications. Enterprise users log into a portal and then access different applications using SSO, creating

a “fan out” identity authentication flow. During mergers and acquisitions, authentication flows between the

two companies involved often spill over, because each company holds partial identity. In all three

authentication flows, the IAM is required to handle on demand requests and do so in high volume. As a

result, the enterprise IAM often faces challenges concerning performance and on demand capacity in

order to meet service-level agreements (SLAs). Identity federation does not change the flow of the

identity authentication. However, it decouples the authentication process and access control process

such that regulating identity authentication occurs at one site and reinforcing authorization occurs at

another. This simplifies the IAM infrastructure.

Enterprises use identity authentication patterns in the following ways.

The enterprise can act as the identity provider, processing employee authentications locally. With identity federation, the employees’ service requests fan out to the cloud services.

The enterprise can build a private cloud data center that hosts services, acting as a service provider. With identity federation, the service requests from different trusted partners fan into this private cloud data center with SSO.

For two companies involved in a merger and acquisition (M&A) process, their employees’ service requests cross over different domains and data centers with SSO.

Identity Federation Pattern: Trust Domain The identity federation is about creating a trust domain. This is the trust relationship of identity

authentication and authorization that reflects the business relationship. As illustrated below, a trust

relationship can transfer trust from one party to another party, creating a trust domain chain. The user

can have different credentials in each application or cloud service. When these applications and cloud

services are in a chained trust domain, the SAML identity provider can reconcile different identities

allowing users to access different applications using their appropriate credentials. In a real life example, a

traveler could be a flight passenger as well as a hotel guest. If both the airline and the hotel use a

federated identity management system, they have a contracted mutual trust in each other’s

authentication of the passenger/guest. Initially, the traveler can self-identify as a customer when booking

a flight and then be transferred towards a hotel reservation as an identified customer.

The enterprise can leverage this pattern to integrate different cloud services into the enterprise remote

access portal to improve overall productivity.

SAML Patterns: SAML identity provider and SAML service provider With the trust partnership, the involved parties can either act as an identity provider, which asserts

information about the user, or a service provider, which consumes the assertion provided by the identity

provider. In SAML integration, SAML identity provider directly accesses an identity management (IdM)

system such as LDAP or Active Directory, while SAML service provider strictly reinforces application

access. An SAML integration pattern decouples the access and the authentication, so that the

authentication and access can collaborate together within a trust domain over the Internet.

The enterprise can create a centralized identity service with an identity provider that supports SAML for

CD SSO; the enterprise can also implement SAML service provider functionality in the private cloud data

center with ease using identity management

Cloud Ready Data Center

Overview

CIOs are looking for ways to achieve greater IT efficiencies and agility to meet their requirements for an

improved user experience and lower costs. Cloud computing represents a new way of meeting these

goals by delivering services on a dynamic and shared IT infrastructure. Previously, applications were

linked to hardware that was specifically designated for compute and storage. With cloud computing, the

functionality of these same software and hardware products is delivered in a more scalable fashion as

services over a network. CIOs are looking to apply the lessons of the cloud to their own IT departments

to optimize results. However, they are limited because, as application architectures, server virtualization,

and storage technology have evolved over time, innovation in the network and security has not kept

pace. Because networks and security are the foundation of a cloud-ready data center, businesses need a

new network and security solution to unleash the promise of the cloud.

Cloud computing can vastly improve the performance, scale, agility and security of applications in any

data center. This reduces IT costs while improving the user experience. IT services are delivered by

infrastructures that are centrally managed and shared through consolidation and virtualization. Any of the

standard data center elements—such as servers, appliances, storage, and other networking devices—

can be contained within a cloud-like architecture. By abstracting the logical from the physical, these

elements can be arranged in resource pools that are shared securely across multiple applications, users,

departments, suppliers, and customers. The resources in these pools can also be dynamically allocated

to accommodate the changing capacity requirements of different applications and improve asset

utilization levels. Consequently, cloud infrastructures have proven to simplify management, reduce

operating and ownership costs, and allow services to be provisioned with unprecedented speed. The

characteristics of the cloud ready data center or also referred to as next generation data center is based

on building simplified, scalable, agile, and secure networks with these design objectives.

Key Components

Success in building a cloud-ready data center network requires three steps: Simplify, Share and Secure.

It is also important to automate at each step. Whether you are running your internal IT infrastructure to be

cloud-like or plan to connect with public cloud services, designing a cloud-ready data center network

involves removing the restrictions related to where you place your resources. This gives you significant

operational advantages that can help you lower costs, increase efficiency, and keep your data center

agile enough to accommodate any changes in your business or your technology infrastructure.

Simplify the architecture - Consolidate siloed systems and collapse inefficient tiers using a network

fabric and a single network operating system. This gives you fewer devices, a smaller operational

footprint, reduced complexity, easier management operations, and improved application performance.

Share the resources - Virtualize network resources to segment the network into simple, logical, and

scalable partitions for your various applications and services while using fabric technology to ensure

seamless connectivity to those resources regardless of where they are located. Keep privacy, flexibility,

high performance, and quality of service (QoS) as primary goals. This sharing enables agility for multiple

users, applications, and services.

Secure the data flows - Make sure that integrated and dynamic security services are resident in the

network to provide security scale, threat visibility, and enforcement. These comprehensive services

secure data flows across both physical and virtual environments, while leveraging centralized

orchestration to drastically simplify the enforcement of dynamic, application-aware, and identity aware

policies, ultimately ensuring better application availability and network performance.

Data Center Architectures Evolution

The data center infrastructure and security architecture has evolved over the last decade; from a multi -

tiered network and security layer design to consolidated single tier with virtual layers or security zones.

This is best represented by the series of diagrams below; legacy data centers typically followed a

standardized core, distribution and access three layer topology where different devices performed

dedicated functions not only increasing complexity in terms of management and operations but also cost

of maintaining the data center.

As the data center has evolved with virtualization at the server level; the core, distribution and access

layers has also seen major changes and now replaced with consolidation into two layers known as the

aggregation and access. Security layers such as DMZ, extranet, perimeters and internal core zones

being virtualized at the infrastructure level. Whilst these security zones still exist as they did for the

legacy data center where individual devices use to perform dedicated functions such as perimeter

external stateful-firewall, external IPS, reverse proxy, Web Application Firewall, internal zone firewall etc

the transition to a two layer model of aggregation and access has allowed these security functions to be

consolidated and virtualized.

The new shift to cloud ready data centers has changed the way network and security infrastructure is

designed – next generation data centers have a unified control plane known as a fabric. No longer does

a network security perimeter exist between different security zones, security needs to be viewed as a de-

perimeterized function given the very nature of cloud computing – that is any to any connectivity with

extreme low latency, building trust relationships using federated identity across different entities whilst

securing your assets in the cloud where the underlying infrastructure is likely to be shared by hundreds if

not thousands of co-tenants. Application of multi-tenancy has also meant that virtualization not only

needs to be observed at the server level in the form of a Virtual Machine but also at the infrastructure

level; use of virtual switching, virtual routing and virtual firewall/IPS and virtualized application delivery

control. A single tenant that is under a DDoS attack should not be a source of attack for another tenant

and it is these concepts that needs to be understood and countermeasures built in from day one.

The abstract of the legacy data center with core, distribution and access layer with multiple security

devices providing security functions in multi-tiered layer architecture. Security is a very much dedicated

function with no consolidation in mind; security management is a severe overhead.

The abstract of the two-tier data center architecture with aggregation and access layer. Security services

consolidated at the aggregation layer and providing security zone demarcation across different trust

domains. With the use of MPLS/VPLS technology this architecture can be considered semi-perimeterized

– since such architectures cater for inter-Data Center communication within a single entity which may not

require security services.

Security as a Service in the Cloud Data Center

The abstract of single-tier data center architecture with a unified flat fabric that provides the ability for

any-to-any connectivity with extreme low latency. Network and security infrastructures are seen as one

logical layer through the fabric and any resource within the cloud can observe its very own security

policy. In this architecture the security has completely transformed from a perimeter based architecture to

something that has no boundaries and is considered de-perimeterized. Security can be implemented at

the hypervisor as discussed previously providing this de-perimeterized security concept.

With cloud services ranging from IaaS, PaaS and SaaS; the Security as a Service concept is agnostic

to the service model and can be deployed in any form; as an Infrastructure through dedicated hardware,

as a Platform in a multi-tenancy environment where you are managing security policies to a Service

where the cloud provider is responsible in providing security for your assets in the cloud.

About the Author

Co-Founder and Sr. Security Consultant at DTS Solution – Smart Solution for the Smart Business; an innovative and dynamic start-up organization aimed to provide best-in-class network and security solutions in the regional market. A dynamic, astute and professional individual with more than 10 years of industry expertise and experience. Having worked for a Service Provider, System Integrator and multiple Vendors he has extensive knowledge on complete project lifecycle focused around security solutions.

Besides this technical expertise and certifications he holds CISSP, CISA, CISM, CRISC and CCSK and is an active member of ISACA and Cloud Security Alliance. [email protected]