Ensuring security the last barrier to Cloud adoption

Transcription

1 Ensuring security the last barrier to Cloud adoption Publication date: March 2011

2 Ensuring security the last barrier to Cloud adoption Cloud computing has powerful attractions for the organisation. It offers instant access to an infinitely flexible computing resource and the ability to make major cost savings through outsourcing. Yet for many organisations, the final barrier to adopting Cloud computing is whether it is sufficiently secure. This White Paper examines the perceived risks, assesses whether they are justified, and examines the technology and measures that can make the Cloud s virtual security a reality. Why are organisations attracted to Cloud computing? Cloud computing supplements or replaces an organisation s physical computing environment with flexible, scalable Internet and virtualisation technology. With Cloud computing, the organisation doesn t have to keep adding capitalintensive IT assets to meet growing storage and processing requirements. It can access computing resources as required (including sudden peaks in demand) and simply pay for what it uses. As data is stored remotely, employees can access it wherever they are; this allows flexible working and stimulates productivity. Meanwhile, IT employees previously involved in maintaining in-house data centre resources can now take on other, business facing roles. These business arguments are proving highly persuasive. In a recent Forrester survey of 2,803 IT decision-makers, 49% of North American companies and 45% of European companies report that pursuing a strategy of embracing cloud infrastructure services is a high or critical priority during the next 12 months 1. The main perceived security problems So far, the issue most dissuading organisations from adopting Cloud computing is security. One recent survey found 75% of respondents felt security while using the Cloud was a major concern 2. Organisations seek reassurance on several points: accessing the Cloud won t compromise their security; their sensitive data and intellectual property will be protected; they can retrieve their data if they want to change Cloud provider, or their provider ceases trading; and they can maintain their customer service standards and competitive performance. Internet access - A benefit and a weakness Foremost among Cloud security concerns for organisations is the vulnerability of the Internet to threats such as hacking, DDoS and viruses. Within an organisation s LANs and WAN, data is easily controlled, tracked and secured. But the more points at which that data is exposed to the Internet, the greater an attack surface it presents. Public Internet Cloud services offer easy access via the web, but this benefit is also a weakness. Customers can easily access the platform, but so too can any other Internet user making each connection a potential route for attack. Points of connection into the platform include end users accessing applications run from the Cloud; customers connecting to manage their service; server and application teams accessing for configuration or management; and service providers connecting to manage the platform. In a Software as a Service (SaaS) Cloud offering or any other Internet-delivered Cloud service, three of those four key connections are over the Internet and hence exposed (as depicted on the left in the illustration, below). Only the service provider s management interface is inside the security perimeter. Although internal attacks are a possibility, most security threats will come from outside, i.e. the Internet. The more Internet exposure, the greater the risks. 1 Source: Q&A: Demystifying Cloud Security, Forrester Research Inc., 29 October, Source: Data Centre World survey

3 Internet Internet Platform User Access Customer Platform User Access Customer Internal Internal The public Cloud, left, exposes more potential attack surfaces to the Internet than a platform where most access is via internal networks. Ensuring safe access Cloud providers who can integrate their service within private networks both their own and their customer s offer much greater security. By keeping the majority of the key connections inside the network, exposure to the Internet is minimised. In the example above on the right, only provisioning is accessed via the Internet. This area is relatively easy to control compared to, say, end user access, and exposure to risk here can be further mitigated by additional safeguards. Where is the data? Organisations are understandably concerned about data security in the Cloud. They are used to safeguarding their data within visible, physical hardware. The Cloud, however, is nebulous and intangible; an organisation cannot see where its data is stored or how it is handled, raising doubts about its safety. Logically, data in the Cloud still has a physical location at the Cloud provider s data centre. But because this centre is remote, there may still be concerns about where and how safe the data is. If there are multiple data centres, perhaps in different countries, does the organisation have to comply with extra compliance laws? And is there any way of telling which data resides where? Identifying what s stored where Choosing a provider whose data centres are all in the same country simplifies compliance. For UK organisations, having only UK data centres makes compliance easier to prove, and offers the opportunity to inspect the centres security arrangements subject, of course, to the customer s employees being security cleared beforehand. Organisations should look for a provider who can identify which centre stores specific data, with reassurances that it is duplicated in a separate centre, to allow continued access should the first centre go out of service. Customers also need to know what happens to their data if storage disks they no longer require are reused for another customer. Although their data should be erased, there is always the chance it may be found by the next user s disk recovery tool. Not all Cloud providers are diligent, so an organisation needs to check there is a comprehensive, effective disk erasure policy in place.

4 Will a shared environment mean more risks? Multi-tenant Cloud environments are attractive because the expense of the Cloud infrastructure is shared across all the customers, reducing the cost for each business. But how effectively are the organisations access, services, and data separated from those of other customers? The Cloud provider should be able to demonstrate it has established effective barriers between a customer s data and the outside world and with other customers sharing the same platform. Sufficiently robust partitioning should be in place to ensure no traffic can pass between customers, and that none of their virtual machines in the Cloud can access or be accessed by other tenants in that environment. Organisations should closely examine the Cloud provider s service architecture. The same level of separation should also be available within the customer s share of the Cloud. An organisation s internal processes and applications are designed to allow control of communication and traffic (so, for example, a line manager cannot access finance or HR records to discover the CEO s salary). The Cloud provider should be able to support this segmentation, so the customer can control which virtual machine (or group of machines) employees can access, and which departments can access management and provisioning functions. Safeguarding availability One of the main appeals of Cloud computing is its agility, allowing organisations to flex the amount of resources they need at any time. On a multi-tenant platform, it should not be possible for one customer to consume so much of the shared resources that it reduces another customer s service availability. Consequently, the Cloud provider must always allocate sufficient resources to accommodate sudden peaks in demand from all their tenants, simultaneously. This represents a major commitment on the part of the Cloud provider, so customers need to satisfy themselves the provider really does have sufficient capacity. In fact, the resources should be over-specified, so if one or more servers fail, there is always enough capacity to ensure service availability. Equally, within the customers share of the platform, one virtual machine should not be able to dominate the available resources and compromise the performance of the other virtual machines. The Cloud provider should have controls in place to prevent this happening. These controls should be sufficiently flexible to assign each virtual machine the capacity it needs to fulfil its role, and make sure that capacity is capped automatically.

5 How secure is Cloud The Cloud provider will need to connect to the customer s network to provision and support the service. If this connection is over the Internet, it introduces another potential weak spot. Ideally, the Cloud provider should only be able to access the customer s network via a secure, protected connection. There should also be controls in place to ensure only the provider s employees directly concerned with the task in hand whether building the customer s Cloud environment or updating it, are permitted access. To take full advantage of Cloud computing s agility, customers will want to undertake their own provisioning. However, it s important that access rights can be controlled, to ensure that activities that will incur cost can be controlled in line with company policy. A question of trust Obtaining definitive answers to all these security questions may prove difficult, particularly if an organisation uses more than one Cloud provider. An organisation might want to audit a provider s service, but how viable this is will depend on the number of customers the Cloud provider serves, and the organisation s ranking amongst those customers. If they are only one customer among many thousands, the provider simply may not agree to their audit request. Auditing is a complex and time consuming exercise, and though some customers (and their clients) insist on it, others may be satisfied their Cloud provider is accredited to industry standards. Although providers may quote several different standards, ISO 27001/2 Information Technology, Security Techniques is widely accepted as the most relevant. Finally, there is the Cloud provider s reliability. The Cloud market is a fast evolving area; although some providers are well established and trusted, others have failed, leaving their customers wondering what has happened to their data. With their reputation and prosperity at stake, customers must be sure their provider has a proven track record and is financially stable. Safety in the Cloud with Flexible Computing Vodafone has developed Flexible Computing to offer the benefits of Cloud computing, while satisfying their customers security concerns. We deliver this Cloud on a virtualised platform, accessed over the Vodafone Multi Service Platform (MSP) network across multiple UK data centres. This provides on-demand computing resources closely integrated into a customer s corporate Wide Area Network (WAN). Minimising access risks With Flexible Computing, data and services are not outside exposed to the Internet, but internal, using the customer s WAN and the Vodafone MSP network. Unlike the vulnerable Internet, the self-healing MSP is accredited by the CESG (the UK Government s National Technical Authority for Information Assurance) to carry protected Government traffic. Providing data security Flexible Computing stores customers data in Vodafone s UK data centres, which meet stringent UK Government standards for security. Customers can be reassured their data is stored according to UK regulatory compliance laws; on request, Vodafone will identify which UK data centre holds what data. Dual-site resilience (storing data in more than one centre) is also available, so in the highly unlikely event of a data centre failing, the customer can still access their data and continue operating. Creating barriers between tenants Flexible Computing isolates customers, the networks and their virtual machines from those of other customers sharing the same platform. This partitioning ensures there is no direct route between customers, and can also split each customer s partition into several segments, with appropriate access control between them. We securely integrate virtual machines running on the Flexible Computing platform into the customer s existing WAN infrastructure via a dedicated firewall context and can configure them individually to suit the customer s security policy. It is also possible to create separate groups of virtual machines, using Private VLANs (PVLANs), allowing customers to securely reproduce their current physical hardware multi-tier structures within the Cloud environment.

6 24/7 availability Vodafone runs the Flexible Computing platform below full capacity. We can add capacity rapidly whenever required and also offer automated service failover, to safeguard 24/7 service availability for the customer. Similarly, a resource sharing model ensures every virtual machine receives the correct loading of resources, adapting automatically as machines are added or removed. protection Vodafone uses a dedicated isolated network connection for provisioning, monitoring, managing and updating the customer s Flexible Computing platform, with access strictly limited to authorised personnel. Customers can also select a management service whereby Vodafone supplies an anti-virus, operating system patching, monitoring and backup service, further ensuring the availability and integrity of the infrastructure on behalf of the customer. Access to the portal is controlled and customers can select the authorisation level for each user, ensuring approval of spend can be aligned to company policy. How real are the risks? Are organisations overplaying the perceived security risks of Cloud computing? It may actually offer them greater security; a rigorously protected data centre is a safer place to store vital information than a laptop or USB stick that s easily lost or stolen. Organisations that feel safe with their own systems but distrust the Cloud may wish to compare those facilities again. IT environments tend to grow on an ad-hoc basis, with mixed proprietary infrastructure and applications. Cloud facilities are generally purpose-built and homogeneous, and consequently easier to monitor and secure. Additionally, while Cloud accreditation to standards such as ISO 27001/2 does not guarantee absolute security, it can indicate a greater level of protection than an organisation may currently attain. Ultimately, the customer must be satisfied its Cloud provider meets their requirements for authentication, authorisation, encryption, data loss protection, compliance and regulatory reporting. The need for impregnable security must be balanced against convenient access and easy management. The organisation will need to evaluate its existing policies on access control, data security, compliance, event logging and management, and work with the provider to extend them into the Cloud. The question of trust between service provider and customer that exists in any business relationship is clearly even more critical in the case of Cloud security. The provider that proves it can implement effective tools and procedures for Cloud security will ultimately engender, and deserve, customer confidence. Our experience with customers has been that the provision of a flexible computing resource as part of the wide area network has been the first step in providing customers the security assurances they need to have in place before starting the move to a multi-tenant Cloud solution. This step, however key, is not enough on its own, but when combined with the focus Vodafone has in providing secure solutions for enterprise and public sector organisations, and the way this has been reflected into the Flexible Computing product offering, we have found many organisations are now willing to step over the threshold of interest and move into real adoption of Cloud services within their operations.

7 VUK10412/03.13_01 To find out more, please contact your Account Manager or call us on Vodafone Limited. Vodafone House, The Connection, Newbury, Berkshire RG14 2FN Registered in England No