Cloud Security Layers

Situational awareness is one of the most difficult things to get right in doing cloud security, and hand in hand with that goes inventory awareness. To understand why, take a look at the layers involved with cloud security:

  • Facility physical environment – the building and physical environment in which the data center infrastructure resides
  • Infrastructure hardware and software – the hardware and software that provides the infrastructure to run the virtual environment, including both network and systems
  • Virtual machine manager/hypervisor – the tools that manage running virtual machines on the infrastructure
  • Virtual machines – the virtual machines, including operating systems, applications and any system tools

Within the first two layers; the facility and the infrastructure, there is little new or different about doing information security. We still need to have locks on doors, emergency power backups, fire protection and more.

The same thing holds true mostly for the fourth layer, where you have conventional OSes and applications, but running in a virtual mode. Most security protections will be similar to those already being used in a non-virtual environment. We still need to run integrity checks, collect and analyze audit logs, use access control and more.

The third layer, which deals with the managing of virtual machines, is critical because compromise at this level can expose all of the virtual environment, but it is also fairly small. The big challenge here is that VM hypervisors and managers are a relatively immature technology and the knowledge domain about them and their vulnerabilities is changing constantly. Integrity checking, audit logs, intrusion detection, vulnerability scanning and more conventional protections may eventually become the most important here, even if they are applied in new and unique ways. It becomes necessary to rethink some protections. We take it for granted that the physical access control provided on the facility level prevents a stranger from being able to press a power button on a server, but when the power button is virtual and accessed by software over a network, the needs have changed.

The most difficult part of security protections in the cloud is maintaining an awareness of the relative positions of data or operations in the cloud layers. Normal situational awareness is dependent upon having an accurate inventory of information system components. In the first three layers of the cloud, the inventory issues are fairly normal and the inventory is generally static. But in the fourth layer, virtual machines can be commissioned and de-commissioned on a push button basis, and this means it becomes necessary to have special inventory tools that are updated dynamically as the environment changes. Dynamic management and distribution of this knowledge to appropriate security protection inputs is also critical.

If network infrastructure is also being virtualized, this awareness problem becomes much more difficult.

Some security controls that are liable to have increased importance in a virtual environment: (using NIST 800-53 controls)

  • AC-4 INFORMATION FLOW ENFORCEMENT
  • AC-5 SEPARATION OF DUTIES
  • AC-6 LEAST PRIVILEGE
  • AC-16 SECURITY ATTRIBUTES
  • AU-10 NON-REPUDIATION
  • CM-7 LEAST FUNCTIONALITY
  • SA-13 TRUSTWORTHINESS
  • SC-2 APPLICATION PARTITIONING
  • SC-3 SECURITY FUNCTION ISOLATION
  • SC-7 BOUNDARY PROTECTION (more focused on internal boundaries)
  • SC-11 TRUSTED PATH
  • SC-32 INFORMATION SYSTEM PARTITIONING
  • SC-34 NON-MODIFIABLE EXECUTABLE PROGRAMS
  • SI-6 SECURITY FUNCTIONALITY VERIFICATION
  • SI-7 SOFTWARE AND INFORMATION INTEGRITY

SEE ALSO:
Interconnection Security

Comments are closed.