Cloud Computing Security Issues and Controls

Transcription

1 Cloud Computing Security Issues and Controls ACC 626 Information System Assurance & Computer-Assisted Auditing Peter Shih-Hsien Chen June 30th, 2013

2 Table of Contents Introduction... 1 History of Cloud Computing... 1 Types of Cloud Computing Services... 2 Benefits of Cloud Computing... 2 Examples of Cloud Computing... 3 Relevance to C-Suite Executives... 3 Examples of Cloud Computing Security Breaches... 4 Approaches to Address Cloud Computing Security Issues... 5 Fundamental Approaches... 5 Audits... 5 Insurance... 6 Cloud Structure... 6 Human Factors... 6 Credible Cloud Service Providers with Effective Procurement Processes... 6 Organization Policies and Procedures... 6 Technical Frameworks Proposed by Literature Survey... 7 Multi-Cloud Databases (MCDB)... 7 Single Gateway and Real-time Auditing Framework... 8 Combined Approach at Data Storage and Retrieval Phases Anonymous User Identity and Separation of Cloud Application Framework Other Technical Approaches Conclusion Bibliography... 14

3 Introduction Cloud computing provides computing resources as on-demand services that are hosted remotely, accessed over the Internet, and generally billed on a per-use basis. 1 One widely accepted definition of cloud computing by the US National Institute of Standards and Technology states cloud computing is a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources that can be rapidly provisioned and released with minimal management effort or service provider interaction. 2 One research study claims that refusing to use cloud capabilities is not a viable option for most institutions. 3 Therefore, it is clear that cloud computing technology has significant impacts on businesses that cannot be ignored and must be addressed carefully by all organizations. Security measures are critical in ensuring successful adoption of cloud technology by companies. This report provides a general overview of cloud computing technology and its impact on business organizations. Various aspects of security concerns faced by the cloud computing environment and various ways for organizations to prevent these security issues are examined. History of Cloud Computing Although cloud computing has recently received much attention and growth, the concept of cloud computing is not entirely new; in 1960s, the timesharing technology existed to allow access to the processing power of offsite mainframes by transmitting data for processing through the telephone lines. 2 More recently, the modern age of cloud computing technology began with the establishment of SETI@home (Search for Extra-Terrestrial Intelligence at home) project conducted by the UC Berkeley Space Sciences Laboratory in 1999, salesforce.com in 1999, and Amazon Web Services (AWS) and Amazon Elastic Compute Cloud (EC2) in Ever since, cloud computing has undergone significant and rapid growth, where more than 69% of Americans, ranging from individuals to large corporations, have used some form of cloud computing technology. 4 Increased adoption of cloud computing technology by organizations will likely continue in the future. It was established in a recent survey conducted by McKinsey & Company that 80% of all North American organizations will use some form of cloud computing technology; out of those organizations, up to 75% of the applications used by the organization will be hosted using cloud technologies, translating to up to 70% 1 (G.R. & Rama Mohan Reddy, 2012): 2 (Bender, 2012): 3 (Kaplan, Rezek, & Sprague, 2012): 4 (Harauz, Kaufman, & Potter, 2009): Fabs_all.jsp%3Farnumber%3D Page 1

4 of cost savings. 5 The majority of business leaders agreed that cloud computing technology has clear advantages over traditional technology and can help the entire organization become more agile and responsive. 5 Types of Cloud Computing Services There are three main models of cloud computing services: 6 Public Cloud: a cloud service that allows access to any registered users; in other words, anyone can gain access to a public cloud service by registering an account. Private Cloud: a cloud service that is built within an organization s intranet; therefore, it provides services only to the members of the organization that owns the private cloud. It can be hosted either internally or externally. Private clouds generally provide more customization capabilities and control for the organization. Hybrid Cloud: a combination of both public cloud and private cloud models, where a private cloud is connected to public clouds and can use their resources. Depending on the service provided over the cloud, there are three major types of cloud computing services referred as Software as a Service (SaaS), Platform as a Service (PaaS) and Infrastructure as a Service (IaaS). 7 Benefits of Cloud Computing The most significant benefits of cloud computing to businesses are cost savings and superior computing capabilities. 5 In summary, cloud computing provides the following benefits: 6 Fast deployment and provision: cloud services, especially the public cloud model, can be deployed at a rapid speed. In both public and private cloud models, software deployment or upgrade is done only once on the centralized cloud server. Pay-for-use and scalability: public clouds usually operate under a subscription based model, so companies can easy scale up or down depending on the need of the company in a very short turnaround time. Lower cost: public clouds eliminate most of the need for companies to maintain their own hosting infrastructure, such as expensive data centres. Both private and public cloud models provide centralized data storage and computation so they require less maintenance on an individual basis. In addition, less costly IT equipment is required for each user because most of data storage and computing can be performed in the cloud. 5 (Kaplan, Rezek, & Sprague, 2012): 6 (G.R. & Rama Mohan Reddy, 2012): 7 (Takabi, 2010): Fxpls%2Fabs_all.jsp%3Farnumber%3D Page 2

5 Low-cost disaster recovery and storage solutions: in both public and private cloud models, most data is stored generally at a centralized cloud server. Therefore, data backups can be created more easily compared to backing up each individual computer within the organization; this effectively reduces the cost of disaster recovery. Examples of Cloud Computing Current examples of business-related cloud computing applications at various levels are illustrated in Figure 1 below. Major companies like Twitter and The New York Times are currently delivering their services to users by using Amazon s EC2 IaaS. 8 9; 10 Figure 1: Examples of Business Applications Using Cloud Computing Technology IaaS Google Compute Engine Amazon EC2 PaaS Google App Engine Force.com SaaS GMail Salesforce.com Relevance to C-Suite Executives Cloud computing technology provides a wide range of benefits, resulting in increased in reliance on the cloud over time by users and organizations of all kinds for business applications. All kinds of information are being stored and processed centrally in the cloud, including sensitive and confidential information, so it becomes important to enable the right people to access the right information in a trusted environment. 11 Therefore, cloud computing services can be a tempting target for cybercrimes. 12 The potential damage caused by a single security breach in the cloud computing environment is much larger, and can result in more data being accessed without authorization in any single incident because all data is 8 (Juels & Opera, 2013): 9 (Cloud Sherpas, 2013): 10 (Caruso, 2011): html?page=1 11 (Katzan, 2011): 12 (Harauz, Kaufman, & Potter, 2009): Fabs_all.jsp%3Farnumber%3D Page 3

6 stored at a centralized location. 13 For these reasons, security is the most significant concern about cloud computing technologies, as rated by business leaders (Figure 2). 14 Figure 2: Ratings of Challenges/Issues in the Cloud Computing Environment 14 The essential cloud computing security components include identity of the user, authentication of user s identity, authorization of each user s permission, accountability of the users and trusted computing environment, such as secured hardware, trusted operating system and applications, trusted users, and trusted data. 15 Data security aspects, in particular data confidentiality, integrity and availability (CIA), are important concerns in the cloud computing environment. 16 Failure to secure data stored in the cloud could lead to data loss, unauthorized access and corruption. 16 Examples of Cloud Computing Security Breaches There are many ways that security breaches can occur in the cloud computing environment, including attacks initiated by malicious tenants sharing the cloud computing resource on a public cloud. 16 Other security concerns include traditional attacks of the Internet, such as phishing and botnet attacks. 14 The cloud service provider can also cause security breaches by accessing clients information without proper authorization (Juels & Opera, 2013): 14 (Kuyoro, Ibikunle, & Awodele, 2011): pdf 15 (Katzan, 2011): 16 (Harauz, Kaufman, & Potter, 2009): Fabs_all.jsp%3Farnumber%3D (Sood, 2012): Page 4

7 Some recent security breaches of the cloud computing environment affecting the business community include Amazon s S3 users suffering from data corruption problems. 18 In 2009, Google s cloud document service, Google Docs, had a data security breach where documents stored by its users were accidentally made available to unauthorized users. 19 Approaches to Address Cloud Computing Security Issues There are many approaches to address cloud computing security issues, such as proper encryption to ensure data are safeguarded, adequate access controls to prevent any unauthorized access, frequent backups and safe storage of backup copies. 20 Most security concerns arise from the usage of cloud computing technology provided by an external provider because most computing and data storage occur with the cloud service provider outside of the organization. The approaches to address cloud computing security concerns can be broken down into two categories: fundamental and technical approaches. Fundamental Approaches Fundamental approaches are not technical in nature; rather, they consist of approaches focused on the due diligence exercised by the organization, risk mitigation strategies or other methods, such as policies and procedures that can be adopted by organization without the introduction of technical frameworks. Audits When sourcing a cloud computing service provider, appropriate audit reports should be obtained. 19 Cloud computing service providers that undergo proper audits through credible third parties are likely to have higher security standards. In addition, obtaining proper audit reports from the service providers can also help the client organization prove they exercised due diligence when selecting a cloud computing service provider. 19 Audit reports relevant to cloud computing security issues include audits conducted according to the Service Organization Controls (SOC) framework to ensure adequacy of privacy and security related controls and ISO/IEC 27001:2005 to ensure compliance with the continuous information security management standards. 19 For regulated data, such as health information, additional audit reports can also ensure regulatory compliance of the cloud service provider. 21 The client should also seek a right-to-audit clause when negotiating the contract with the cloud provider to increase transparency of the service provider (AlZain, Soh, & Pardede, 2012): 19 (Bender, 2012): 20 (G.R. & Rama Mohan Reddy, 2012): 21 (Kuyoro, Ibikunle, & Awodele, 2011): pdf 22 (Wilson, 2011): Page 5

8 Insurance Cyber insurance is a good strategy to mitigate the risks faced by an organization utilizing cloud computing technology provided by a third party. 23 Organizations insured with an adequate policy can limit their financial liability should any security incidents occur. Cloud Structure The organization can use the private cloud for sensitive information and public cloud for non-sensitive information. 24 The organization can gain more control and ensure data access by the service provider is minimized by hosting third party provided private cloud solutions onsite. 24 Organizations with similar security measures can establish community clouds together; this will allow the creation of cloud computing environments with security measures that more closely address all the tenants security concerns. 24 Human Factors Human factors play a key role in ensuring the security of cloud computing technology because human behavior can often lead to security breaches; therefore, organizations need to establish and strengthen the necessary capabilities, mind-sets, behavior governance, and culture to reduce the likelihood of security breaches caused by its employees. 24 Employees should be properly informed and trained on how the cloud operates and any possible information security risks that could occur. 25 Credible Cloud Service Providers with Effective Procurement Processes Organizations should make sure they select the service provider that can guarantee long-term stability. 26 When negotiating a contract with the service provider, clear data ownership and allowed data access by the service provider, including how the data is being processed, should be clearly outlined. 26; 25 Warranties and service requirements should be clearly outlined in the contract. 25 Data should be stored in a secured data centre with concrete physical security and recovery and backups of the data should be achieved easily. 26 It is also important to ensure that each business unit will not procure their own cloud providers that overlap with the corporate-wide centralized cloud providers, because it would be difficult to oversee the security issues over many separate cloud services used by an organization. 25 Organization Policies and Procedures The client organization should establish clear data classification policies and procedures, such as clearly outlining the information that should or should not be held in the cloud. 24; 25 Contingency plans should be clearly thought out, including the division of roles and liabilities between the service provider and the client. 25 Lastly, having a viable exit route from any cloud arrangement is critical in case the cloud service provider can no longer provide the adequate services required by the client (Bender, 2012): 24 (Kaplan, Rezek, & Sprague, 2012): 25 (Wilson, 2011): 26 (Kuyoro, Ibikunle, & Awodele, 2011): pdf Page 6

9 Technical Frameworks Proposed by Literature Survey Technical frameworks are used to address the security concerns of cloud computing using technical means, such as encryption and distinctive arrangement of cloud computing structures. Multi-Cloud Databases (MCDB) 27 AlZain and colleagues (2012) proposed a Multi-Cloud Database (MCDB) framework that involves two components referred to as multi-clouds and secret-sharing algorithm to address the security concerns of cloud computing, especially the possibility that the cloud provider would have access to the information stored on the cloud. 27 Secret-Sharing Algorithm Using the secret-sharing algorithm, information is broken down into pieces for distribution onto different clouds using a random polynomial function. 27 The pieces of information are calculated back to its original form using the same polynomial function when retrieved. 27 This approach is simpler than the traditional encryption technology and requires less computing power and processing time. 27 Figure 3: "Secret-Sharing Algorithm 27 Multi-Clouds Structure Multiple cloud service providers are used in this approach and the operation between various cloud providers is managed through a database management system (AlZain, Soh, & Pardede, 2012): Page 7

10 Figure 4: Multi-Clouds Structure 28 Advantages This approach helps to ensure availability even when a few service providers are experiencing outage. 28 Without the use of traditional encryption methodology, less computing burden is required so a faster retrieval and storage of data can be achieved. 28 Lastly, the possibility of unauthorized data access, especially by the cloud provider, can be reduced because no single server contains the complete set of data. 28 Disadvantages This approach is more costly because of the need to contract various cloud computing providers and the need to maintain a database management system to build the Multi-Clouds Structure. 28 Although this method is likely to be effective against unauthorized information access by the service provider, the polynomial function used to encrypt the information might not be as secure as other encryption technologies; therefore, the concern of data access by external hackers is still present. Single Gateway and Real-time Auditing Framework 29 A model proposed by Juels and Opera (2013) is designed to achieve data integrity and data freshness. Data integrity means the data is not corrupted or viciously manipulated. 29 Data freshness means the data presented to the users is the most up-to-date version; this is an important security measure because data stored on the cloud could be subject to rollback attacks when the service is manipulated to display older versions of the data (AlZain, Soh, & Pardede, 2012): 29 (Juels & Opera, 2013): Page 8

11 Single Gateway to the Cloud This gateway manages all the encryption of data before the data is stored on the cloud. 30 In addition, this gateway manages the Message-Authentication Codes (MACs) on each data block for the purpose of ensuring the integrity of the data stored on the cloud. 30 MACs are values calculated based on information stored so computers can use this value to verify the integrity of the data at retrieval. 30 For the purpose of ensuring data freshness, the gateway also assigns a specific block version number that can be used to authenticate at data retrieval. 30 Real-time Auditing of Data The data stored on the cloud is continuously audited by an independent cloud-auditing service. 30 The result of the data audit is continuously communicated to the enterprise gateway; therefore, any potential security breach can be discovered early for appropriate counteractions. 30 Figure 5: The Single Gateway to the Cloud and Real-time Auditing Model 30 Advantages Data is encrypted so unauthorized access of data by an external party is less likely. Continuous auditing will increase the likelihood and timeliness of detection of any security breach incident. Thus, concerns of data integrity and freshness are effectively addressed with this approach. Disadvantages More IT infrastructure is required internally to fulfill the requirement of the single gateway. Heavy computing resource is required by the client organization because all data is encrypted before it is stored in the cloud. Further computing burden is added to the gateway because of the need to calculate MACs and block version numbering. Internal computing resource is required during the data retrieval process because of the need to decrypt the data and authenticate the data s integrity and freshness. 30 (Juels & Opera, 2013): Page 9

12 future. 31 Figure 6: Data Storage Framework 31 Combined Approach at Data Storage and Retrieval Phases 31 This framework focuses on the data storage and data retrieval phases of cloud computing. Data integrity and security can be achieved. 31 Data Storage Data is first classified into public, private or limited access depending on how important and sensitive the data is; data is then encrypted depending on the classification. 31 Prior to storage on the cloud, the data is also indexed, the index is encrypted, and MACs are added to ensure fast retrieval and data integrity in the Data Retrieval The user s identity is verified by the client s own server and the user is provided with a decryption key for data and index decryption. 31 The client s own server provides the user s identity to the cloud server, granting the user access. 31 The user can use the decryption key to access the data and research result and the MAC can be used to verify data integrity. 31 Figure 7: Authentication Process at Data Retrieval (Sood, 2012): Page 10

13 Advantages With this approach, the data is never revealed to any external parties, including the cloud service provider. 32 Fast data research results are still allowed by indexing the data stored. 32 In addition, the likelihood of undetected data tampering is minimized with the use of MACs. Lastly, the likelihood of connecting to fake servers is minimized with the use of SSL certification issued by Certificate Authorities. 32 Disadvantages More computing resource is required to encrypt and index the data being stored; these procedures can potentially require longer processing times. In addition, a server is required to be maintained by the client organization, which represents additional costs for the client organization. Anonymous User Identity and Separation of Cloud Application Framework 33 This framework focuses on preventing unauthorized access of client s information by the cloud service provider. The user s identity is also protected through the use of this framework. 33 The overall approach is illustrated in Figure 8 below. Figure 8: Overall Approach of the Anonymous User Identity and Separation of Cloud Application Framework 33 Anonymous User Identity The user s identity is hidden to ensure a higher level security; an identity certificate from a trusted authority is used instead of the user s real identity. 33 Then the application provider generates specific applications based on the user s identity certificate and requirements (Sood, 2012): 33 (Yau, An, & Buduru, 2012): Page 11

14 Separation of Cloud Application Components At least three different cloud computing applications are involved in this framework, including the data processing provider, data storage provider and applications providers. 34 Data Processing, Obfuscation and Cryptography Data transmitted is always encrypted and obfuscated. 34 Data encryption occurs at the user s side using an encryption key that is only shared with the data processing application. 34 When requested, the data storage application provides the requested data to the data processing application for decryption and processing. 34 Any processed data will be encrypted and stored with the data storage application. 34 Thus, neither the data storage provider nor the data processing provider will ever obtain the complete data set in un-encrypted form. 34 The data storage application can provide data directly in the encrypted form to the user to be decrypted. 34 Advantages User identity and associated activities are not easily revealed to any single service provider. 34 Therefore, it decreases the significance of any security breach. This framework also ensures the complete set of data is not easily accessed by any single service provider, which effectively maintains a higher level of data confidentiality. 34 Disadvantages This framework requires multiple cloud service providers, adding significant costs to the organization. 34 Precise coordination is required between all the service providers to ensure adequate performance and high availability of the service 34 Other Technical Approaches At minimum, organizations should set up proper firewalls and secured virtual private network (VPN) connections, enforce strict authentication processes, maintain offsite backups, and ensure proper logging and monitoring of security logs. 35 If strong authentication of users across various cloud services is required, the centric identity management system and role-based access controls can be used. 36 To prevent attack from malicious tenants, a strong segregation of customer identity and authentication information must be enforced by the cloud service provider. 36 To further address the security concerns of the cloud computing environment where multiple virtual machines reside within a physical machine, IBM proposed approaches such as virtual machine introspection and lie detection. 37 In the virtual machine 34 (Yau, An, & Buduru, 2012): 35 (Sood, 2012): 36 (Takabi, 2010): Fxpls%2Fabs_all.jsp%3Farnumber%3D (Anthes, 2010): Page 12

15 introspection approach, a single anti-virus software is used to scan all the virtual machines within the physical machine; this approach increases the likelihood of malware detection because the virtual machines are not aware that they are being scanned. 38 In the lie detection approach, the anti-virus software compares the list of currently running processes within the virtual machine and the actually running processes, which are the processes that are consuming the computing resources of the physical machine; any discrepancies between the two lists can potentially represent the existence of malware. 38 Microsoft explored another solution with a proof of storage experimental service that ensures strong data integrity. 38 Conclusion Different approaches can to be used when addressing various cloud computing security concerns. The fundamental approaches focus primarily on the human factors, corporate policies and procedures, and the relationship between client and cloud service providers. Most of the fundamental approaches should be adopted by all organizations utilizing cloud technology because it represents the minimal level of due diligence to be exercised. The technical approaches primarily focus on preventing unauthorized access by service providers or third parties. Each framework contains some unique features. MCDB framework is the preferred approach when internal computing resources are limited because it does not require all data to be encrypted. 39 The single gateway and real-time auditing framework is unique because its real-time auditing component allows for faster detection of any security breach incidents. 40 The usual performance issues related to encrypting all data, such as rendering data unsearchable, is reduced with the Combined Approach at Data Storage and Retrieval Phase. 41 In the Anonymous User Identity and Separation of Cloud Application Framework, the service provider s ability to view the user s identity is reduced, and the complete set of the client s information is never revealed to any single service provider. 42 Other approaches can also help to prevent any malicious attacks initiated by the cloud neighbors sharing the cloud computing resources. Overall, the benefits of cloud computing technology are accompanied by various security concerns that could prevent the organization from adopting cloud computing technology altogether. Therefore, organizations must carefully equip themselves with adequate security measures to address the concerns. The security measures required by each organization will vary because each organization will have different security requirements and different resources to support the security measures. 38 (Anthes, 2010): 39 (AlZain, Soh, & Pardede, 2012): 40 (Juels & Opera, 2013): 41 (Sood, 2012): 42 (Yau, An, & Buduru, 2012): Page 13

16 Bibliography AlZain, M. A., Soh, B., & Pardede, E. (2012). A New Model to Ensure Security in Cloud Computing Services. The Society of Service Science and Springer, Anthes, G. (2010). Security in the Cloud. Communications of the ACM, Bender, D. (2012). Privacy and Security Issues in Cloud Computing. The Computer & Internet Lawyer, Caruso, J. (2011, November 2). IaaS vs. PaaS vs. SaaS - Cloud computing flavors designed to meet almost any need. Retrieved June 29, 2013, from Network World: html?page=1 Cloud Sherpas. (2013). SaaS, PaaS and IaaS - What They Mean, and Why You Should Care. Retrieved June 29, 2013, from Cloud Sherpas: G.R., V., & Rama Mohan Reddy, A. (2012). An Efficient Security Model in Cloud Computing based on Soft computing Techniques. International Journal of Computer Applications, Harauz, J., Kaufman, L. M., & Potter, B. (2009). Data Security in the World of Cloud Computing. Security & Privacy, IEEE, Juels, A., & Opera, A. (2013). Kaplan, J., Rezek, C., & Sprague, K. (2012). Protecting information in the cloud. McKinsey on Business Technology. Katzan, H. J. (2011). On The Privacy Of Cloud Computing. International Journal of Management & Information Systems, Kuyoro, S. O., Ibikunle, F., & Awodele, O. (2011). Cloud Computing Security Issues and Challenges. International Journal of Computer Networks, Sood, S. K. (2012). A combined approach to ensure data security in cloud computing. Journal of Network and Computer Applications, Takabi, H. (2010). Security and Privacy Challenges in Cloud Computing Environments. IEEE Security & Privacy, Wilson, P. (2011). Positive perspectives on cloud security. Information Security Technical Report, Yau, S. S., An, H. G., & Buduru, A. B. (2012). An Approach to Data Confidentiality Protection in Cloud Environment. Internal Journal of Web Services Research, Page 14