Cloud Benefits 101: Provisioning and Encrypted Storage
Beyond the flexibility and costs savings of cloud computing are certain tactical advantages like automated provisioning and encrypted storage. This quick primer by cloud security expert Vic Winkler will give you the pros and cons of each.
Adapted from "Securing the Cloud" (Syngress, an imprint of Elsevier)
There are several advantages conveyed by cloud computing that most IT professionals don't often consider. One such advantage is automated provisioning. The prime advantage of automated provisioning in the cloud is quite simply the automation, predictability and speed of preparing a resource for an internal or external customer.
The resources you can provision this way run the gamut, and include a virtual datacenter (Infrastructure as a Service), a virtual machine (VM) with or without a software stack (Platform as a Service), or hosted application software (Software as a Service). There are other advantages to provisioning this way, such as enhancing availability by provisioning multiple instances of a service or provisioning a service across multiple datacenters.
Provisioning represents a delivery stage, so whatever is delivered must have integrity before it's delivered and deployed. Provisioning security depends on the ability to protect master images and deploy them intact and in a secure manner.
Other provisioning security challenges include the reliance on hypervisors and the need for process isolation at every stage of provisioning and de-provisioning. There's greater concern for potential compromise of a provisioning service than for the security of a hypervisor. After provisioning a service or VM, you have to protect and isolate it from other tenants and services.
There's greater concern with security than with the underlying VM technology. Although a tenant or customer may have on-demand access to security controls such as virtual firewalls, authentication services and security logging, these services could change as the underlying implementation is patched or updated.
Firewall rules and other security configuration data might become operationally incorrect as you re-provision VM images in an updated or reconfigured infrastructure. Although this is typically handled by public cloud implementations, things such as version control and configuration management for cloud implementations might need significant improvement.
There are other risks, including unintended interactions or information transfer when on-demand security controls are integrated with a customer application. Recycled user IDs and IP addresses also represent concern if recycling an IP or UID makes it possible for a user to inadvertently gain access to an information resource that isn't theirs. The essential issue here has to do with the process of allocating and de-allocating any VMs, information resources or enabling elements.
Finally, there are other concerns when de-provisioning a service or VM. This process can have identical consequences to provisioning if it fails or is compromised at any stage.
Cloud Storage Parameters
Those provisioning concerns don't exist in a vacuum. There are several related concerns around cloud data storage:
- Cloud storage often uses centralized facilities, so some view storage as a potential target for criminals or hackers. This has always been the case for any valuable resource. You can mitigate this by applying the appropriate security controls.
- Multitenancy presents concerns, with the potential for data-isolation mechanisms that may either fail in operation or in a rollback operation from a backup system.
- Storage systems consist of complex hardware and software implementations. There's always the potential for catastrophic failure modes that might either destroy the data or expose the data from one customer to another.
These concerns are largely hypothetical, although not outside the realm of possibility. A cloud consumer would be well served to select a provider based on how they represent their approach to mitigate or avoid these risks. We should expect that if cloud providers are aware of such risks, they will likely seek to address them to avoid damaging their reputations.
There are other storage security concerns that may warrant greater attention. There's a possibility that a cloud provider might store information in multiple jurisdictions. Hence, the potential exists for data to become accessed by foreign governments.
There are several concerns here, notably the opportunity for a hosting nation to flex its legal rights to obtain a copy of transiting or stored data via a warrant. This is likely to become a self-correcting situation, as providers will likely avoid the risk to their reputations as data custodians by transferring data from a source nation to another one where data might be accessed by another nation's authorities.
The greater concern is the possibility that a customer's data might be commingled with data belonging to others. This is generally not a risk unless there's a failure that results in information exposure. Realistically, the underlying controls built into file systems, disk partitioning, RAID schemes and hardware controllers that implement or otherwise support data separation are very reliable.
When failures occur, they tend to be detected at low levels, rendering the storage unit unavailable. Instead of commingling data belonging to multiple users in a single logical file system, using VMs allows for further isolation due to how a VM can use virtual storage within the VM.
There are many ways to isolate your data from data belonging to other users. It's likely the norm for cloud storage to have multiple means of isolation, mutually reinforcing from the VM up to file system permissions to disk partitioning and even to physical devices. Again, jurisdictional and commingling concerns warrant investigation by prospective cloud consumers.
Cloud providers generally address many of these storage concerns. Although implementing cloud storage is dependent on provider choices, the inherent characteristics of the model typically invite better data storage security than traditional infrastructure. As storage in a cloud tends to be centralized, implementing data protection and encryption across the board in a public cloud is fairly straightforward.
Thus, encrypting data at rest and in transit is typical for public cloud offerings. Centralizing storage also makes it easier to implement monitoring, most likely at a level that you wouldn't be able to implement in a cost-effective manner in a decentralized infrastructure.
Encryption has numerous other uses in the cloud environment as well, including:
- Controlling access to the control interfaces for resources
- Controlling access for administrators to VMs and OS images
- Controlling access to applications
Data doesn't just exist within the cloud itself, though. The typical datacenter continuously backs up data for disaster recovery or retention purposes. These backups are often stored off-site at an offline facility operated by a third party.
Although these providers are more likely to act within the bounds of their contract and preserve the confidentiality of these data copies, they are subject to error. They're certainly subject to jurisdictional arm twisting that may not be in your best interests. So, as always, it pays to be cautious and diligent with your data
Vic (J.R.) Winkler is a senior associate at Booz Allen Hamilton, providing technical consultation to primarily U.S. government clients. He's a published information security and cyber security researcher, as well as an expert in intrusion/anomaly detection. ©2011 Elsevier Inc. All rights reserved. Printed with permission from Syngress, an imprint of Elsevier. ©2011. "Securing the Cloud" by Vic (J.R.) Winkler. For more information on this title and other similar books, please visit elsevierdirect.com.