Wednesday, August 17, 2011

Security Challenges in Cloud

What is Cloud Computing..

Cloud computing is an evolving paradigm that provides hardware infrastructure, platform and software as services readily available on demand over the Internet which users can consume pay-per-use basis.

It is also called Utility-Oriented computing where computer resources are made available for consumption like other utilities such as electricity and telephone. This cuts the initial costs and maintenance overhead of IT infrastructure resources to a greater extent and facilitates businesses to go on production in the market in less time.

Hence more and more businesses are moving into cloud for accommodating high load during peak times in order to meet the QoS of their customers.

Why Security in Cloud Computing..

As described above, cloud computing  model encourages businesses/e-science to rely on third party services  for their computing infrastructure and software requirements. Hence trust towards cloud service providers is fundamental  when moving into the cloud.

Privacy and security are major concerns of cloud consumers when hosting their important data, applications and performing critical operations/transactions  in  the cloud. On the other hand, it is a major challenge for cloud providers to meet security, trust and privacy requirements of their clients.

Cloud is like a double edged sward because in the same way it provides as much resources as required by businesses/e-sciences on demand, it is also available for attackers to launch large scale attacks on data and applications hosted on cloud. Therefore it is important to have paid attention to security, trust and privacy challenges from the design level itself of the cloud services.

What are the security challenges in Cloud..

We can identify three main layers as follows in the cloud computing stack each having their own security challenges.
  • Infrastructure as a service - provides network, hardware and storage as a service
  • Platform as a service - provides both system level middleware such as hypervisors, virtual machines, guest OS's and user level middleware such as Mashups, workflows, web services stacks implementations and application servers to host cloud apps.
  • Software as a service - provides cloud applications such as social computing, e-mail services etc.
Following can be identified as some of the main security challenges among many others, which are encountered in above mentioned cloud computing stack:

Physical security - Data centers where important/sensitive data of millions of users is hosted, need to be protected with strong security mechanisms such as multi-factor authentications before accessing data center floors, system and network control and security monitoring. Rules and regulations in the region/country where the data centers are hosted, also play a key role and has major impact on this aspect.

Availability - this is important in security because the trusted service being not available, opens doors to launch phishing attacks. Since cloud services are utilized by thousands of consumers with various loads, it is critical to ensure minimum downtime by the means of load balancing and auto-scaling in the face of high loads.

Data isolation and protection - in a multi-tenanted environment where large number of tenants host their important data in cloud providers' site, it is important to provide the expected level of data isolation and also expected level of encryption (whether it is at disk level, directory level, file level or application level) to avoid data breaches.

Execution isolation, logic isolation - specially in multi-tenanted PaaS environments where number of applications from different cloud consumers/SaaS providers are hosted, execution and logic isolation is a required aspect which should be facilitated from the architecture/design level in order to prevent vulnerabilities of one tenant's application affecting other tenants' application/data. 

Malicious code - Once again in PaaS (user level middleware) environments, where custom code of different tenants are allowed to be executed, it is important to prevent access to privileged operations in the user level middleware in order to protect entire system from malicious code and security breaches.

Identity Management - this is a challenge spread across four main areas as:
  • Authentication - cloud users need to be authenticated using strong identity factors to avoid brute force attacks and also needs to support federated identity management to avoid same user identity being stored in multiple cloud environments.
  • Authorization - needs to have centrally governed,  flexible, scalable and fine grained access management solutions.
  • Auditing - all security related events needs to be recorded and securely archived while ensuring integrity and confidentiality of the logs in order to track accountability and detect security policy violations.
  • Administration - standard and secured user account provisioning mechanism should be supported to cater the identity management requirements when moving from enterprise-to-cloud and cloud-to-cloud.
Cloud providers at any layer of the cloud computing stack needs to identify the security challenges/requirements and take necessary measures to overcome/facilitate them in order to meet the consumers' QoS expectations and establish trust with their consumers.

1 comment:

  1. Dear Hasini,
    I want to use your view "Security Challenges in Cloud" in my review paper. Please mail me the permission for use. This is for non profit.


Note: Only a member of this blog may post a comment.