Cloud Computing Security Considerations

Cloud Computing Security Considerations can be a subjective issue, viewed differently across different industries, companies, and users, based on their needs, desires, and requirements.

Many of these actions and Cloud Computing Security Considerations appetites are strongly influenced by compliance and other regulatory requirements.

IaaS Cloud Computing Security Considerations

Within IaaS, a key emphasis and focus must be placed on the various layers and components stemming from the architecture to the virtual components.

Given the reliance and focus placed on the widespread use of virtualization and the associated hypervisor components, this must be a key focus as an attack vector to gain access to or disrupt a cloud service.

The hypervisor acts as the abstraction layer that provides the management functions for required hardware resources among VMs.

VM attacks: Cloud servers contain tens of VMs. These VMs may be active or offline and, regardless of state, are susceptible to attacks.

Active VMs are vulnerable to all traditional attacks that can affect physical servers. Once a VM is compromised,

VMs on the same physical server can attack each other because they share the same hardware and software resources, including memory, device drivers, storage, and hypervisor software.

Virtual network: The virtual network contains the virtual switch software that controls the movement of traffic between the virtual network interface cards (NICs) of the installed VMs and the physical NICs of the host.

Hypervisor attacks: Malicious hackers consider the hypervisor a potential target because of the greater control afforded by lower layers in the system.

Compromising the hypervisor enables control over the installed VMs, the physical system, and the hosted applications.

Common attacks include hyperjacking (installing a rogue hypervisor that can take complete control of a server), such as SubVir, Blue Pill (hypervisor rootkit using AMD secure virtual machine [SVM]),

Vitriol (hypervisor rootkit using Intel VT-x), and direct kernel structure manipulation (DKSM). Another common attack is the VM escape, which is done by crashing the guest OS to get out of it and running an arbitrary code on the host OS.

This allows malicious VMs to take complete control of the host OS.

VM-based rootkits (VMBRs): These rootkits act by inserting a malicious hypervisor on the fly or modifying the installed hypervisor to gain control over the host workload.

Virtual switch attacks: The virtual switch is vulnerable to a wide range of layer II attacks such as manipulation or modification of the virtual switch’s configuration, VLANs and trust zones, and ARP tables

DoS attacks: DoS attacks in a virtual environment form a critical threat to VMs, along with all other dependent and associated services. Note that not all DoS attacks are from external attackers.

These attacks can be the direct result of misconfigurations at the hypervisor, which allows a single VM instance to consume and utilize all available resources.

In the same manner, as a DoS attack renders resources unavailable to users attempting to access them, misconfigurations at the hypervisor restrict any other VM running on the same physical machine.

This prevents network hosts from functioning appropriately because of the resources being consumed and utilized by a single device.

Hypervisors prevent any VM from gaining 100 percent usage of any shared hardware resources, including CPU, RAM, network bandwidth, and other memory.

Appropriately configured hypervisors detect instances of resource hogging and take appropriate actions, such as restarting the VM to stabilize or halt any processes that may be causing the abuse.

Colocation: Multiple VMs residing on a single server and sharing the same resources increase the attack surface and the risk of VM-to-VM or VM-hypervisor compromise.

On the other hand, when a physical server is off, it is safe from attacks. However, when a VM comes offline, it is still available as VM image files that are susceptible to malware infections and patching.

Provisioning tools and VM templates are exposed to different attacks that attempt to create new unauthorized VMs or patch the VM templates. This infects the other VMs that will be cloned from this template.

These new categories of Cloud Computing Security Considerations threats are a result of the new, complex, and dynamic nature of the cloud virtual infrastructure, as follows:

1. Multitenancy: By design, different users within a cloud share the same applications and the physical hardware to run their VMs. As a result, information leakage, as well as an increase in the attack surface and the risk of VM-to-VM or VM-hypervisor compromise, can occur.

2. Loss of control: Users are typically not aware of the location of their data and services, whereas the CSPs host and run VMs without being aware of their contents.

3. Network topology: Cloud architecture is dynamic because existing workloads change over time because of the creation and removal of VMs.

• In addition, the ability of VMs to migrate from one host to another leads to the rise of nonpredefined network topologies.

4. Logical network segmentation: Within IaaS, the requirement for isolation alongside the hypervisor remains a key and fundamental activity to reduce external sniffing, monitoring, and interception of communications and others within the relevant segments.

• When assessing relevant security configurations and connectivity models, VLANs, NATs, bridging, and segregation provide viable options to ensure the overall security posture remains strong, flexible, and constant, as opposed to other mitigation controls that may affect the overall performance.

5. No physical endpoints: Due to the server and network virtualization, the number of physical endpoints (such as switches, servers, and NICs) is reduced. These physical endpoints are traditionally used in defining, managing, and protecting IT assets.

6. Single point of access (SPOA) or SPOF: Hosts have a limited number of access points (NICs) available to all VMs. This represents a critical security vulnerability:

• compromising these access points opens the door to compromise the VMs, the hypervisor, or the virtual switch.

• The Cloud Security Alliance Common Controls Matrix (CCM) provides a good go-to guide for specific risks for SaaS, PaaS, and IaaS.

PaaS Cloud Computing Security Considerations

PaaS Cloud Computing Security Considerations involves four main areas, each of which is discussed in the following sections.

System and Resource Isolation

PaaS tenants should not have shell access to the servers running their instances (even when virtualized).

The rationale behind this is to limit the chance and likelihood of configuration or system changes affecting multiple tenants.

Where possible, administration facilities should be restricted to siloed containers to reduce this risk.

Careful consideration should be given before access is provided to the underlying infrastructure hosting a PaaS instance.

In enterprises, this may have less to do with malicious behavior and more to do with efficient cost control; it takes time and effort to undo tenant-related fixes to their environments

User-Level Permissions

Each instance of service should have its notion of user-level entitlements (permissions).

If the instances share common policies, appropriate countermeasures and controls should be enabled by the cloud security professional to reduce authorization creep or the inheritance of permissions over time.

However, it is not all a challenge; the effective implementation of distinct and common permissions can yield significant benefits when implemented across multiple applications within the cloud environment.

User Access Management

User access management enables users to access IT services, resources, data, and other assets.

Access management helps to protect the availability, integrity, and confidentiality (AIC) of these assets and resources, ensuring that only those authorized to use or access these are permitted access.

In recent years, traditional standalone access control methods have become less utilized, with more holistic approaches to unify the authentication of users becoming favored.

For user access management processes and controls to function effectively, a key emphasis is placed on the agreement, implementation of the rules, and organizational policies for access to data and assets.

• The key components of user access management include in Cloud Computing Security Considerations but are not limited to the following:

1. Intelligence: Requires collection, analysis, auditing, and reporting against rule-based criteria, typically based on organizational policies.

2. Administration: The ability to perform onboarding or changing account access on systems and applications.

• These solutions or toolsets should enable the automation of tasks that were typically or historically performed by personnel within the operations or security function.

3. Authentication: Provides assurance and verification in real-time as to the user is who she claims to be, accompanied by relevant credentials (such as passwords).

4. Authorization: Determines the level of access to grant each user based on policies, roles, rules, and attributes. The principle of least privilege should always be applied (that is, only what is specifically required to fulfill the job functions).

Note that User Access Management enables organizations to avail benefits across the areas of Cloud Computing Security Considerations , operational efficiencies, user administration, auditing, and reporting along with other onboarding components;

However, it can be difficult to implement for historical components or environments.

Protection Against Malware, Backdoors, and Trojans

Traditionally, development and other teams create backdoors to enable administrative tasks to be performed.

The challenge with these is that once backdoors are created, they provide a constant vector for attackers to target and potentially gain access to the relevant PaaS resources.

You have heard of the story in which attackers gained access through a backdoor, only to create additional backdoors while removing the legitimate backdoors, essentially holding the systems, resources, and associated services hostage.

More recently, attackers have utilized embedded and hardcoded malware as a method of obtaining unauthorized access and retaining this access for a prolonged and extended period.

Most notably, malware has been placed in point-of-sale (PoS) devices, handheld card-processing devices, and other platforms, thereby divulging large amounts of sensitive data (including credit card numbers, customer details, and so on).

As with SaaS, web application and development reviews should go hand in hand.

Code reviews and other software development lifecycle checks are essential to ensure that the likelihood of malware, backdoors, Trojans, and other potentially harmful vectors is reduced significantly

SaaS Cloud Computing Security Considerations

SaaS Cloud Computing Security Considerations involves three main areas, each of which is discussed in the following sections.

Multitenancy is one of the major characteristics of cloud computing. As a result of multitenancy, multiple users can store their data using the applications that SaaS provides.

Within these architectures, the data of various users will reside at the same location or across multiple locations and sites.

With the appropriate permissions or using attack methods, the data of customers may become visible or possible to access.

Typically, in SaaS environments, this can be achieved by exploiting code vulnerabilities or injecting code within the SaaS application.

If the application executes this code without verification, there is a high potential of success for the attacker to access or view other customers’ or tenants’ data.

A SaaS model should therefore ensure clear segregation for each user’s data. Segregation must be ensured not only at the physical level but also at the application level.

The service should be intelligent enough to segregate the data from different users. A malicious user can use application vulnerabilities to hand-craft parameters that bypass security checks and access sensitive data of other tenants

Data Access and Policies

When allowing and reviewing access to customer data, the key aspect to structuring a measurable and scalable approach begins with the correct identification, customization, implementation, and repeated assessments of the security policies for accessing data.

The challenge associated with this is to map existing security policies, processes, and standards to meet and match the policies that the CSP enforces.

This may mean revising existing internal policies or adopting new practices whereby users can only access data and resources relevant to their job function and role.

The cloud must adhere to these security policies to avoid intrusion or unauthorized users viewing or accessing data.

The challenge from a CSP perspective is to offer a solution and service that is flexible enough to incorporate the specific organizational policies put forward by the organization, while also being positioned to provide a boundary and segregation among the multiple organizations and customers within a single cloud environment.

Web Application Security

Because SaaS resources are required to be always on and availability disruptions kept to a minimum, security vulnerabilities within the web application(s) carry significant risk and potential impact for the enterprise.

Vulnerabilities, no matter what risk categorization, present challenges for CSPs and customers alike.

Given the large volume of shared and collocated tenants within SaaS environments, if a vulnerability is exploited, both the cloud customer and the service provider may experience catastrophic consequences.

As with traditional web application technologies, cloud services rely on a robust, hardened, and regularly assessed web application to deliver services to its users.

The fundamental difference with cloud-based services versus traditional web applications is their footprint and the attack surface they will present.

In the same way that web application security assessments and code reviews are performed on applications before release, this becomes even more crucial when dealing with cloud services.

The failure to carry out web application security assessments and code reviews may result in unauthorized access, corruption, or other integrity issues affecting the data, along with a loss of availability

Finally, web applications introduce new and specific security risks that may not be counteracted or defended against by traditional network security solutions (firewalls, intrusion detection systems [IDSs], intrusion prevention systems [IPSs], and so on).

Nature and manner in which web application vulnerabilities and exploits operate may not be identified or may appear legitimate to the network security devices designed for non-cloud architectures.

Finally, web applications introduce new and specific security risks that may not be counteracted or defended against by traditional network security solutions (firewalls, intrusion detection systems [IDSs], intrusion prevention systems [IPSs], and so on).

Nature and manner in which web application vulnerabilities and exploits operate may not be identified or may appear legitimate to the network security devices designed for non-cloud architectures.