فا

‫ Security Considerations for Cloud Computing (Part 6) - Metered Services

IRCAR201402202
Date: 2014-02-18

Introduction
In the first five parts of this series on private cloud security, we talked about some basic factors you have to consider that are specific to security issues in the private cloud. These issues are key to the essential characteristics of cloud computing and this sets them apart from the typical security considerations you would deal with in a traditional datacenter. And that leads us, in this sixth part of our series on private cloud security, to the final essential characteristic of cloud computing: metered services. It might well be the most controversial one, as well.
Why metered services?
Metered services is also often referred to as “pay per use.” In the enterprise, metering services is a means of accountability. Metered services is necessary to the “utility” aspect of cloud computing. People understand that they “pay per use” for true utilities such as electricity and water. The number of kilowatt hours or gallons of water you consume is measured by a meter that keeps track and each month the amount is reported back to the service provider, either through remote access, via so-called “smart meters”, or by a meter reader who manually inspects the meter and records the amount used.
Unlike in a traditional data center, where your main job is to “keep the lights on”, a private cloud environment is about providing services. You don’t want to merely keep the lights on; you want to keep the services running. This is all part of the private cloud principle of thinking of yourself as a service provider. And one of the major responsibilities that you have as a service provider is to be transparent about how much of the shared infrastructure a particular tenant uses, and the cost of that usage.
The cloud characteristic of metered service is critical because, as a service provider, part of your job is to help your tenants be good stewards of the shared pool of cloud resources. Those resources include the shared pool of compute, networking and storage resources. If the tenant has no awareness of the costs that are involved in obtaining resources from the shared pool, there will be no motivation on the tenant’s part to constrain the use of the resources and wastage is bound to occur.
This also motivates the consumers of the cloud services to think about what they actually need, instead of what they think they might need. For example, let’s take the example of uptime. Uptime is often expressed in terms of “9s.” So 99.99% is called “four nines,” 99.999% is “five nines,” and so forth. When you ask the typical tenant how many “9s” of uptime they need, they’ll invariably tell you “well, I need five 9s”. But do they really need those five 9s? What the person might not know is that, in order to provide that level of availability, the costs increase significantly and it puts a much greater strain on the shared pool of resources.
The essential characteristic of metered services is what enables you to provide the consumer of cloud services information with what the exact costs of five 9s turns out to be. Then the tenant can take those costs into consideration and compare that with what they calculate they would lose if they only had three 9s availability. It might turn out that the amount of money you lose with five nines availability is less than the cost of obtaining that level of availability. In that case, the tenant would be willing to accept a lower level of service because the overall cost is lower.
How metered services work in the private cloud
In a private cloud environment, you will need to track all chargeable use of the cloud services used by the tenants so that you can bill them. In some cases, mostly in enterprise environments, you won’t actually charge the tenants; instead you will do something called “show back”, whereby you provide reports of cloud service usage and what the services cost, but you don’t actually receive any money from the private cloud tenants. Even though the tenants aren’t actually paying in dollars, they are still accountable for the amount of resources they use.
From a security perspective, you need to ensure that tenants will not be able to bypass your monitoring systems in any way. One of the risks of bypassing the monitoring system is that the tenants might be able to reduce the amounts that they pay by adjusting the data to indicate that they are using less of the cloud infrastructure than they are actually using. This “cheating” isn’t just about money; it could potentially lead to a denial of services situation, since the tenant that is bypassing the monitoring system can acquire increasing amounts of cloud resources without any limit. If this happens, it might get to the point of exhaustion of the resource pool and then other tenants will not be able to obtain the resources they need when they need them.
While it is unlikely that a group within your organization would try to steal cloud services from the enterprise private cloud in this way, there is always the risk that someone could try to use the private cloud resources for unapproved purposes. Insider attacks are among the most common of security breaches, according to many studies, so it’s not unreasonable to imagine that a disgruntled employee might try to take advantage of the resources provided by the private cloud. Alternately, the employee might not even be disgruntled – it might just be someone who wants to use the resources for personal gain and avoid paying for them.
Of course, outside attacks can take place against the cloud infrastructure, as well. An attacker from outside the company might gain access to the private cloud in order to run a mail server. The attacker might use the mail server as a launch pad for spam or email based attacks, or even attempt to run a private commercial mail server to make money, all without paying for any component of the infrastructure. Of course, to make this a success, the intruder would have to avoid detection. In order to avoid detection, the intruder using the private cloud resources would have to bypass the monitoring and billing systems that are being used by the private cloud. Another alternative would be for the attacker to arrange for his unauthorized use to be paid for by a legitimate client, such as a business unit. These charges could even be spread out over a large number of tenants, so that the charges could go virtually unnoticed by the legitimate tenants of the private cloud. A good metering mechanism will help to prevent this.
Record keeping
Because metered services are so critical to the performance and availability of the cloud infrastructure, you need to ensure that all monitoring and logging facilities that measure and report on resource usage are protected from compromise. Logging must always be accurate and must always correctly identify who is using the resource. You need to ensure that access controls, which include role based access controls, are employed throughout your monitoring and reporting infrastructure.
You should provide tenants access to their billing information through the financial management systems you deploy in your private cloud, and they should include enough detail to enable your tenants to identify any possible unauthorized usage of resources on their behalf. Finally, you should put into a place a system whereby it is easy for the tenants to report to you if they find anomalies or inconsistencies.
Related Links:
References:

 


نظرات

بدون نظر
شما برای نظر دادن باید وارد شوید

نوشته

 
تاریخ ایجاد: 18 مرداد 1393

دسته‌ها

امتیاز

امتیاز شما
تعداد امتیازها:0