Security of cloud computing Paul Neumann1 1
CommIT Software University, Florence – Italy (
[email protected])
Summary: Shifting IT operations to cloud environment opens new opportunities to the corporations providing Internet services, as well as companies actively using IT-technologies in their operations. While bracing for cloud computing, they can save resources, flexibility, and choice of computing power. Such an approach allows for enhancing the IT infrastructure as additional capacities may be added when necessary. This article deals with the cloud computing, dubbed “Infrastructure as a Service” (IaaS). The focus is on various aspects of information security related to transferring IT operations to the cloud environment. The article tries to give companies and providers recommendations on information security, whose goal is to help shifting IT operations to the use innovative technologies without additional risks. Keywords: information security, cloud computing.
1. New opportunities. Why cloud computing has become so popular? Industry general trend. Independent analysts, as well as IT giants, like Amazon, Cisco, Citrix, Dell, EMC, Google, HP, IBM, Microsoft, Sun, or VMware – just to name few, unanimously support cloud computing. Flexibility. It is difficult to overestimate what flexibility does cloud computing offer to the IT companies. For example, one can outsource the hardware platform to an external or internal (in case of private clouds), leaving the entire management solely on the software platform. On the other hand, it is possible to transfer all the aspects of the IT management to the provider. A hybrid approach is possible as well; this may result from the needs of different departments, which decide for themselves
which aspects of their operations shall they outsource, and which should be retained inside. Economy. IaaS allows for for reducing spendings on the IT infrastructure and making it more efficient. Very often, limits on hiring IT personnel, as well as unwillingness to increase capital investments stalls implementation of innovative technologies. Seasonal splashes of demand on computing resources require maintaining redundant IT infrastructure; cloud computing is an economically better suitable alternative. In the simplest case cloud computing substantially enhances the corporate ability to meet the demand on computing resources of any power and perspective. Flexibility and the freedom of choice, mobility and scalability, coupled with the potential economical gains, are serious arguments for switching to the cloud computing. Nevertheless, there is one factor that holds back the process of switching to the
cloud technologies. That factor is security. As early as in 2008 the International Data Corporation made a market research among 244 managers of the world's top IT companies to evaluate the level of the use of the cloud technologies, as well as their own opinion on these technologies. Security threats were identified as the No.1 challenge of the cloud computing:
2. Law and security. Processing confidential data outside of the corporate security perimeter, and placing them in a third-party cloud must raise very serious concerns among the decision-makers in the companies, which stick to the traditional security model based on protection of the secure perimeter around their data-centres. What is more, such a practice may be in direct violation of the state laws and industry regulations on the part of information security. IT managers, who know the advantages of the cloud computing, and advocate their implementation, typically ask these questions: •
Will I have the same level of control over abiding the security policies
regarding the use of my applications? •
Will I be able to prove to my company and its clients that everything is securely protected, and the Service Level Agreements (SLA) are duly observed?
•
Is my IT infrastructure adequate from the point of view of the existing legislation, and how can I prove it to the
auditors? In order to answer these questions, it is necessary to overview briefly some aspects of protecting a traditional data-centre, and the impact of the virtualization, that is the very technology that has made the cloud revolution happen. 3. Traditional data-centre. The term “data-centre” quite long has been associated with a massive server farm, deployed in closed, spacious facilities, where uninterrupted power supply and optimal airconditioning are as important to the data security and integrity as security measures of all
the levels. The most traditional model of protecting such a data-centre has been maintaining of the secure perimeter. As a minimum, such a perimeter requires deployment of a firewall, demilitarized zones (DMZ), network segmentation, intrusion detection and prevention systems (IDS/IPS), as well as tools for network monitoring and control. 4. Virtual catalyst. Virtualization makes it possible to gain more computing power from underused computing capacities of the physical servers. Accordingly, the size of the traditional data-centre shrinks, which allows for lowering the costs of its maintenance thanks to the consolidation of the servers. Moreover, virtualization allows the corporations, and especially service providers, for offering individual services through the applications, which were originally used the same way by the all users, now deployed as copies in different virtual environments with customized set-ups. Relocation of existing virtual machines (VM) from data-centres to the external clouds, or adoption of services outside of the secure perimeter, causes that the traditional secure perimeter loses its sense, and the overall security level drops dramatically. Impossibility of physical separation, as well as implementing other physical security measures in the environment where many virtual servers are installed on one physical server leads to the necessity of building the security infrastructure directly on the physical server or each VM, and treating the information security as the data security. Only deployment of of such a mechanism of defence on each individual VM can guarantee security of the critically important applications in the cloud environment.
5. Complexity of the cloud security. At the first glance the requirements regarding security of the cloud environment seem the same as regarding the traditional data-centres; in general, typical requirements regarding identification, authentication and authorization, as well as network security. However, physical separation and other means of the physical security cannot adequately counted events happening inside a VM within a server. Companies providing cloud computing services are forced to deploy VM's of different clients on the same physical resources to make the most efficient use of the virtualization technologies. Detailed examination of the challenging aspects of such an approach must be of the utmost importance while planning adoption of any kind of cloud computing. a) Administrators access to the servers and applications. One of the most important features of the cloud computing is “self-service”, that is access to the computing resources via the Internet. Such a feature is significantly different from managing the traditional data-centres where administrators' access to the servers and other systems' components can be strictly controlled on the physical level. In the cloud environment administrators have to relay on the Internet access, which brings its specific threats. Accordingly, it is critically important to maintain strict control of administrators' access to the cloud components, as well as reliable control and transparency of the alterations on the system level. b) Dynamic VM's: their state and changes. Virtual machines are dynamic. They may be easily turned on and off, as well as returned to an early state. Moreover, VM's may be easily cloned and moved between physical servers. Such a dynamics of the virtual machines can cause a lot of problems to maintaining the integrity of the security system as a whole. Errors and vulnerabilities in the configuration
can spread uncontrollably. What is more, it is difficult to pin-point at a certain time the state of data protection for the next audit. Cloud environment requires a completely new approach to fix the state of defence independently from its location in time and space. c) Vulnerabilities and attacks inside the virtual environment. Servers of the cloud platforms use the same operating systems and Web applications as local physical and virtual servers. Therefore, cloud systems are as much exposed to being hacked or infected, as the ordinary systems. In fact, for the virtual systems the risk is even higher, as existence of numerous parallel VM's substantially increases the area under attack. On top of that there is an additional phenomenon, when one virtual machine may compromise another virtual machine inside a physical system. The system of intrusion detection and prevention must be able to operate on the VM level regardless from the location of the VM in the cloud environment. d) Protection of idle VM's. Unlike physical machines, VM's even when turned off still retains vulnerability to compromise and infection. All is needed for that is an access to the VM image storage over the networks. On the other hand, an idle VM has no ability to launch any software to protect itself from malicious events. In the cloud environment the responsibility for protection and scanning rests with the provider. Companies that use the cloud services must make sure that the provider does use such means of security in its cloud system. e) Impact on productivity. Existing means of IT security were created before the emergence of the technologies of virtualization of x86 systems, and consequently they were not built to work in the cloud environment. In the cloud environment, where
VM's of different users share the same physical resources, simultaneous scanning of all the virtual systems can lead to a catastrophic depletion of the productivity of the entire virtual environment. Providers of the cloud services, offering basic security functions to their clients, are able to avoid this problem if they employ resource-consuming scanning on the hypervisor level, and avoid the way concurrency of the computing resources on the level of individual VM's. f) Data integrity. Various statistics show that up to 59% of all the cases of system compromise result from external hacking. It may be expected that specialized resources are better protected than the general ones. Therefore, the area under attack in the general cloud system is bigger and under constant threat. Companies should be able to control on their own, and to prove it to the external auditors, that resources were not compromised, especially if they are deployed in a general-purpose cloud system. The integrity of the operating system and application files, as well as internal processes must be taken under control. g) Cryptography and data protection. Many laws and standards, like PCI DSS or HIPAA, include requirements to apply cryptographic means of protecting critical information, such as, for example, personal data, banking account data, credit card data, etc. Cryptographic protection of such data is a “safe haven”, which protects the companies from the prosecution in case if the data are stolen. Using the multi-user cloud services complicates following the standards and rules, which in its turn affects the difficult task of abiding the law to provide reliable and safe way of dealing with critical data. h) Update management. Cloud-computing services presume “selfservice”, which may cause confusion with
updates. As soon as the company subscribes to a service, for example – Web service with the Web site made from templates, management of the updates installed onto the Web platform and server are the company's responsibility. Again, statistical data show that for about 90% of known vulnerabilities exploited by hackers, updates were issued more than 6 months before the incident. Hence, companies using cloud services should be aware of that, and apply all the efforts to maintain regular, timely updates to all the applications installed in the cloud. If the regular updates are not possible or are impractical, then it is necessary to consider another approach: installing “virtual patches”. Technology of the “virtual patches” foresees blocking attacks aiming at known vulnerabilities directly on the network level, so to prevent malicious code or attackers from exploiting unfixed vulnerabilities. i) Laws and policies. Companies apply substantial efforts to comply with various laws and standards, as to PCI, HIPAA, GLBAA, etc., as well as they conduct audits according to various recommendations, as to ISO, SAS70, etc. It is necessary that the companies have possibility to prove their compliance with the law and security standards regardless of the location of the audited systems, which are the object of regulation (physical servers, virtual servers, cloud servers). j) Secure perimeter and network separation. In the cloud systems the secure perimeter disappears, and the security of the whole system is determined by the security of the least protected component. Corporate firewall, the main component to implement security policies and separate network's segments, is not able to protect servers placed inside a cloud environment. Its policies are insufficient to allow or deny access to selected resources – this is the responsibility of the cloud service provider. To separate segments of different
reliability in the cloud, VM's must protect themselves, effectively shifting the secure perimeter to themselves. 6. Virtual machines in the clouds. Virtualization is the process of preparing technologies in the cloud environment. Corporations, which do not use cloud computing now, most likely will consider their use in the nearest future. Data-centres, which have already consolidated their physical servers as VM's, may already undertake steps to elevate the level of of protection of their virtualized environment, as well as to prepare VM's to migration to the cloud environment when such a necessity occurs. A typical set of security technologies indispensable to build a robust, secure cloud system should include: firewall, IDS/IPS, integrity control, logs analysis, and anti-viruses. For each platform of either physical or virtual machines (Windows, Linux, BSD, Solaris, etc.) there must be installed and configured a set of software sufficient enough to provide system audit according to the state laws and industry regulations. a) Firewall. Its main purpose is to reduce the virtualized servers' area under attack in the cloud environment. Firewalls should contain preinstalled templates for typical corporate servers to provide the following functionality: •
separation of virtual machines,
•
fine-tuning of the traffic filtration according to the sender's address, receiver's address, ports, services, etc.,
•
coverage of all protocols of the TCP/IP stack (TCP, UDP, ICMP, etc.),
•
coverage of all types of the network frames (IP, ARP, etc.),
•
defence from the Denial of Service (DoS) attacks,
•
ability to define security policies on every interface,
•
detection and preventive scanning on the cloud servers,
•
location monitoring to combine strict security policies with flexibility allowing relocation of servers from the local network to a cloud.
b) IDS/IPS. Their purpose is screen vulnerabilities of the operating systems and user applications till the moment when patches will be available to repel known and unknown (zero-day) attacks. As the cloud servers operate under the same operating systems and applications as traditional servers, installing IDS/IPS as a software agent inside the a VM will allow for screening the vulnerabilities detected in the operating system and applications through: •
defence from any attacks on the known vulnerabilities within applying patches,
•
blocking XSS and SQL injection.
c) Integrity control. Integrity control of the operating system and applications allows for identification of the dangerous changes which may happen to occur as a result of malicious actions. Integrity control should provide: •
control on demand and/or schedule,
•
comprehensive attributes,
• •
control
of the
file
comprehensive control of the folder attributes, discrete set-up of the control objects,
•
reports for the audit.
d) Logs analysis. Log analysis greatly helps to detect events significant from the point of view of information security. Log analysis should collect and analyze logs related to the critical aspects of the operating system's work, as well as applications where data security is concerned. Properly configured log analysis should be able to detect anomalous events in large amounts of data: •
anomalous behaviour,
•
administrators' actions important for security,
•
security-related events throughout the whole data-centre.
critycally
e) Anti-viruses. Anti-viruses must be adapted for operating in the cloud environment. Cloud-enabled anti-viruses should use special software interfaces provided by the hypervisor (VMsafe et al) to protect active, as well as idle VM's Protection should include functionality to check VM's, as well as software agents within each VM, and with real-time execution. Such an approach guarantees that VM's are clean even if they were idle, as well as their continued protection after they were relaunched. A feature no less important for the software designed for VM protection is careful use of the computing resource during the system scanning, as to: •
preventing threat from the malicious code to the active and idle VM's,
•
protection from the viruses that uninstall anti-viruses or block their execution,
•
integration with a visualization system control panel (vCenter et al),
•
automatic set-up of protecting new VM's
7. Conclusions. Providers of the cloud services use technologies of virtualization to offer access to cheap computing resources. Their practical implementation presumes sharing the same hardware resources among the users' VM's to achieve the utmost economical effect. Corporate clients, who are interested in cloud computing to expand their internal IT infrastructure, should take into account threats borne out of this decision. Moving VM's to the public, general-purpose cloud services renders the concept of the secure perimeter irrelevant, and the general level of security begins to
depend on the weakest components of the system. Impossibility of physical separation and inefficiency of hardware protection of the virtual machines from the external threats between the VM's inevitably leads to the necessity of deploying defensive mechanisms on the virtualization server or the virtual machines themselves. Construction of the secure perimeter around each given VM, including a software firewall, IDS/IPS, integrity control, log analysis and anti-virus, appears the most efficient method of protecting information integrity, compliance with the regulations, and fulfilment of the security policies in the process of moving virtual resources from the local internal network to an external cloud. Such is the trend currently observed among the leading IT companies, which are aiming at exploiting the advantages of the cloud computing in the future.
