INFORMATION SECURITY IN CLOUD COMPUTING
Cloud service providers implement their individual proprietary standards and security technologies. In a vendor cloud model, it is ultimately up to clients to ensure that security in the cloud meets their own security standards and agree with their policies through requirements gathering and provider risk assessments.
We will look at security features offered by cloud computing providers, the security risks involved in cloud computing and some recommendations regarding security in the cloud.
(1) Security Features in Cloud Computing
There are a number of security benefits of using cloud computing. However, the level of security depends on the provider.
- Economies of Scale: The pooling of resources on a large scale translates to security benefits in two areas.
- Costs: Security measures are going to be cheaper when implemented on a large scale. The same amount of investment could buy better security protection such as packet filtering, patch management and the hardening of virtual machine instances for example.
- Expertise: Major cloud service providers such as Amazon, Google, Azure, and Rackspace all have massive resources and expertise in security fields at their disposal.
- Centralized Data: Using a centralized data model makes securing and managing of data easier.
- Reduced physical data leakage: There are many ways internal data can be leaked through physical means, loss of company thumb-drives, laptops and backup disks all contribute to this. With cloud computing, we are able to avoid this problem because data is now stored in the cloud away from the physical devices.
- Monitoring benefits: With centralized storage, it is easier to control and monitor. It is both easier and cheaper to implement security controls on centralized data than for individual clients because there is only place where targeted attacks can happen. The resources can then be reallocated quickly for filtering, traffic controlling, verification, encryption and other security measures and this will improve resilience against security threats.
- Incident Investigation: Cloud storage helps speed up the process incident investigation in two ways.
- Forensic readiness: With Infrastructure as a Service (IaaS) providers, a dedicated forensic server image in the same cloud can be built and placed offline. When a security incident happens, you can have the server up absolutely instantly! In using cloud computing, you are avoiding all the clunky hardware provisioning that is required and you are also able to have your server as and when you need it.
- Decreased evidence acquisition time: Data transfer between 2 servers in the same cloud is extremely fast so the evidence transfer time between the compromised server and forensics server will be reduced. This will help speed up the forensics process and the quicker the security forensics process can be done, the quicker the server can be back up and running.
- Logging: Cloud storage abstracts away clunky provisioning for logging.
- Automatic logging: Logs are an important link in security investigations and setting up new defensive infrastructures. However, logging is often an afterthought in many organizations. Because of clunky resource allocation, there are often little or no logs at all. Cloud storage changes all of this by introducing automatic logging for your applications deployed in the cloud.
- Gold Images: Cloud storage helps with the deployment and management of gold images.
- Ease of Management: A gold-image is a unit or an instance that has been fully subjected to proper stability and vulnerability tests and is ready for public deployment. Now we would like to deploy this to multiple units or instances. In normal systems, all the units would be running on separate platforms and environment which makes it really difficult to track each individual setting. On the other hand, because of the uniformity of cloud computing’s instances in platforms and environment, it makes it a lot easier to deploy and manage each of these gold images.
(2)Top Security Risks and Recommendations
There are unique attributes in cloud computing that require special risk assessment in areas such as data integrity, recovery, and privacy.
- Privileged user access: Sensitive data processed outside of the internal networks of the organizations bring with it an inherent risk because cloud services bypass the physical control that organizations are able to have otherwise. We do not know who have direct access to your data. It could be high executives of the cloud providers or system administrators or even employees in-charge of hardware. These roles in cloud architectures are unavoidable and they present possible risks. Carelessness and malicious insiders could lead to data exposure from the inside.
- Data protection: Data protection refers to the physical protection of data through access methods and encryption. This is an area of security risk because many cloud providers are still using the classic authentication method which is the username/password model which is a weak secure model. Moreover, it does not provide any level of granularity where different levels of access are given to different people.
- Data isolation: This risk category covers the failure of mechanisms separating storage, memory or other resources between different clients. However, attacks on resource isolation mechanisms are still less prominent and in essence very difficult for an attacker to put in practice compared to attacks on traditional OSs.
- Data sanitization: Sanitization refers to the proper removal of data from a device once it is not used. There can be two scenarios that can be problematic in this area.
The first scenario is when the hardware is removed due to failure. When the commodity hardware fails and it is thrown away, your data risk being retrieved from the unwanted hardware if it is not properly sanitized before it is thrown away.
The second scenario is when the clients terminate their service with a particular cloud provider. Residual data that is left with the cloud are often not deleted and kept on purpose. This can pose a problem because data isolation mechanisms are not fool-proof and this could lead to other clients accessing that block of data by accident after your termination.
- Data location: Because of the distributed nature of the cloud, you probably won't know exactly where its data is hosted at. You might not even know what country it will be stored in. You need to ask providers if they will commit to storing and processing data in specific location and consequently jurisdictions, and whether it is in your contract to allow them to obey local privacy requirements on behalf of their clients.
- Data loss and recovery: A cloud provider should be transparent about what will happen to the data and service in case of data loss. While the chances of a total loss are low because of the high levels of redundancy, things can go wrong. There is a possibility of multiple servers losing your data at the same time. Therefore, it is crucial to watch out for agreements with a cloud service provider to see if they are clear about their data restoration processes, how long it would take, and how much it would cost for example.
- Investigative support: In the previous chapter, we have introduced some benefits to IT forensics when using cloud computing but investigating inappropriate or illegal activity may be difficult due to some implementation details of cloud service providers as well.
- Incidence response: Even though a cloud provider may be willing to help with investigative procedures, they might not be capable of doing so in a quick and effective way. The complexity of the cloud can often obscure this procedure.
0 Comments:
Post a Comment