‫ Security Considerations for Cloud Computing (Part 4) - Resource Pooling (part two)

Date: 2013-09-01
Disk Encryption
Whole volume encryption (such as BitLocker and other similar technologies) can protect physical storage media in the event that an attacker gains access to the physical storage infrastructure from within a virtual environment. You should also note that virtual machines should only have access to the virtual storage devices that are allocated to them.
You will need to assess the relative advantages and disadvantages of security vs. performance that you will have to deal with when employing any encryption technique. Different encryption algorithms have different performance impacts and enable different levels of protection. Not all traffic needs to be encrypted or authenticated. Low business impact information might require only authentication without encryption. High business impact information might be encrypted over the wire and require authentication and authorization at the network level.
Core Infrastructure Security
All VMs in the private cloud will require compute, memory, storage, and network resources gathered from the pool. The hypervisor that you use must enable separation or isolation of these resources for each tenant. This can be accomplished in different ways.
An example would be the way Hyper-V maintains deliberate isolation between the memory and compute resources of all VMs running on the same host operating system, enables you to define isolated virtual switches and allows each virtual machine to use its own virtual hard disks without affecting the disks of other VMs. If multiple tenant applications that are hosted on different virtual machines require access to a shared resource, the sharing must be managed so that only the authorized applications have access, and so that all access and use is actively monitored.
Although policies should be created that apply to the infrastructure layer to protect the virtual machines and abstracted hardware elements, you should always use defense in depth and assume that attackers will discover a flaw in your infrastructure and try to get access to the platform (or the VMs running on the infrastructure).
There are two key controls you can enable from this perspective:
·         VMs should have their host-based firewalls configured to block network attacks from the external networks, intra-machine virtual machines, or other components of the infrastructure.
·         Host-based firewalls should allow inbound and outbound traffic from and to the specific machines with which they must communicate and disallow communications with all other physical and virtual machines.
IPsec can be used to logically isolate groups of hosted virtual machines so that they will be unable to connect to other machines. For example, if you have a multi-tier application in your private cloud, you could use IPsec to make sure the database server can only be connected to by the middle-tier server, and that the middle-tier server can only be connected to from the front-end web server.
Addressing Security Issues in Software
Protecting data for services and applications running in the private cloud can be accomplished in a number of ways. Application designers, not cloud infrastructure designers, are responsible for security feature design. The cloud service provider (CSP) should work with the application designers to help them be aware of the data protection services and other security features that are provided by the cloud infrastructure. Any features of the cloud infrastructure that might influence the design of the application or service should also be freely shared with the application designer.
Tenant applications may encrypt data in storage, data in RAM, and data during processing to make it more difficult for someone to steal or tamper with it in a tenant application or service even if they have gained authenticated and authorized access to the tenant's environment.
Encryption technologies require a private key to perform encryption and decryption in the symmetric encryption algorithm scenario, or decryption in the asymmetric algorithm scenario. The cloud infrastructure may move tenant applications to different host servers or even to other data centers to optimize service availability in the face of hardware failures or to optimize application performance or re-level resource utilization. Encryption techniques used by tenant applications for data protection must continue to be effective in these scenarios.
Automated processes that are responsible for moving applications and services to different devices must ensure that the cryptographic keys that are used to protect application data continue to be available to the applications and services as they are needed; if this requires keys to be copied between locations, then the automated processes must provide assurances that this transfer process is secure.
In the next installment of this series, we will look at how the essential cloud characteristic of rapid elasticity introduces its own collection of security issues.
Related Links:


بدون نظر
شما برای نظر دادن باید وارد شوید


تاریخ ایجاد: 18 مرداد 1393



امتیاز شما
تعداد امتیازها:0