In previous posts, we discussed some of the ways in which clouds are built, and major ways in which they differ—and don’t differ—from non-cloud infrastructures from a security perspective. In this post, we’ll discuss some of the security challenges that are more or less unique to a cloud environment. These include privacy and data separation issues, isolating operational impacts, and dealing with well-meaning but uninformed courts and law enforcement.
A major issue that comes up in cloud conversations is privacy. Multi-tenancy on shared hardware necessarily implies a logical, rather than a physical, separation of customer data. At a fundamental level, this means that various pieces of software must be entrusted to keep different environments inaccessible from each other.
The key piece of software is the underlying hypervisor software, which has evolved over time, so the core technology is fairly well trusted. The biggest risk comes from configuration management—it’s imperative that a cloud provider implements the virtual environments without any errors or oversights in the isolation settings.
For example, when a cloud provider collects performance data, or performs any kind of forensics, it’s critical that the provider not accidentally access and potentially reveal other customers’ data. The possibility of mistakenly revealing data creates a need for multiple logical control layers to compensate for the potential human error. Nevertheless, a single setting in the control configuration can prevent data leakage, so it’s important for providers to have strong operational discipline and change management practices.
Another related security challenge in a cloud environment is the need to isolate operational impacts. There are various ways in which a single customer can impact the performance of the underlying cloud infrastructure and the other customers sharing it, creating a potential denial of service situation. Malicious activity by the customer is an obvious one, but cloud-users should understand that an external entity might compromise a virtual server within a customer’s environment, and take malicious actions without the knowledge or consent of the customer. This malicious activity could be designed to impact the cloud infrastructure, as in the case of a packet flood, or the damage to the cloud infrastructure could be collateral, as in the case of a spam flood, which could cause the cloud’s IP subnets to be placed on various blacklists.
Even in the absence of malicious intent, a single customer might unwittingly create a denial of service situation. A simple example—during the normal operation of a (poorly behaved) application virtual infrastructures can be susceptible to IO-intensive activities, such as forensic data gathering and analysis for incident response, subpoena service, etc. For these reasons, it’s important for a cloud provider to implement robust workload distribution across clusters, and to consider the impacts of specialized activities. There is no room for operational fragility.
Finally, an often-overlooked area in cloud management is collaborating effectively with courts and law enforcement. Courts and agencies are often used to dealing with non-cloud environments. They may be trained in the use of physical disk imaging tools that are recognized by the courts, and these tools may not deal efficiently with virtual storage technologies used in cloud environments.
What’s more, these agencies often don’t understand the impact of their requests within the context of a cloud infrastructure. We’ve seen overly specific subpoenas that describe steps to be taken—steps that simply won’t work in a cloud infrastructure, or would take an entire cloud cluster offline while every drive in that cluster is imaged for forensic analysis! There are often more effective and more efficient techniques available, and cloud providers should cultivate relationships with local, state, and federal agencies to encourage the use of improved tools and techniques in a cloud environment.
In the next article in the series, we’ll discuss some solutions to the issues that underlie these challenges.