What are the most significant threats every cloud infrastructure provider has to face on a daily basis?
Cloud Infrastructure as a Service (IaaS) has a number of challenging security problems to mitigate against:
- Logical and physical isolation - How do you ensure isolation of data in multi tenant environments?
- Securing virtual machines - Ensuring there is no “data leakage” from hypervisors or cross contamination with malware.
- Patching of default images - In the ever changing threat landscape how does the service provider ensure that the latest patches are loaded in a timely manner when there may be 10’s or 100’s of virtual images running on a machine?
- Encrypt stored data - How can service providers ensure data stays “secure” ie; encrypted and that the encryption keys are changed in a timely manner? Lastly, when the service is no longer required, how to ensure all the data is securely erased from all the virtual machines.
- Access self service portals - Self service is paramount in reducing operational costs for IaaS, yet robust access needs to be implemented to accommodate different ways of authentication depending on the sensitivity, rights of the user and regulatory compliance needs.
- Monitoring logs on all resources - This is critical as just collecting data logs adds no business value except in “box ticking”. Business value is achieved by real time anomaly and behavioural detection, preventing or eliminating the unusual activity as opposed to merely collecting historical logs.
- Defence of network perimeters - Another critically important aspect, defending the multi-tenant environment against generic and focused cyber attacks.
Real time analytics are absolutely needed in a dynamic IaaS environment as organisations will be activating and de-activating services as operational needs change. This means there is considerable real time fluidity in the environment and the ability to consume vast quantities of data as we move ever closer to the “Internet Of Things” with more devices and assets becoming internet enabled. Anomaly and behavioural detection will be the only pragmatic way to understand the implications of a security incident in such a dynamic environment.
How does the cloud enable cybercriminals to expand the scope and size of their attacks?
IaaS potentially exposes vulnerable applications. IBM X Force Research last year showed that over 50% of applications contained some vulnerability that could be used to compromise the application. Cloud IaaS constantly exposes APIs to connect services to each other – again, care must be taken in how these are exposed and defended. Of greater concern is the potential sharing of databases within an IaaS environment leading to potential attacks from account take over, privileged user access and orphaned user ID accounts (unused accounts that are still active) take over by cyber attackers.