In cloud security architecture, responsibility is shared between the cloud provider and customer. As more organizations shift and share their data in the cloud, the more important it becomes to have a security architecture in place to secure data.
The cloud can be delivered in multiple formats. As such, cloud security architectures are designed to work in a combination of software as a service (SaaS), platform as a service (PaaS) and infrastructure as a service (IaaS) environments -- in addition to areas such as the public or private cloud. The goal of a cloud security architecture is met through a series of functional elements. These elements are often considered separately rather than as part of a coordinated architectural plan. This includes access security or access control, network security, application security and contractual security as well as monitoring, sometimes called service security. Finally, there's data protection, which is the measures that are applied at the protected-asset level.
A complete cloud security architecture addresses the goals by uniting the functional elements.- A security architecture framework should be established with consideration
of processes (enterprise authentication and authorization, access control,
confidentiality, integrity, nonrepudiation, security management, etc.), operational procedures, technology specifications, people and organizational
management, and security program compliance and reporting.
- A security
architecture document should be developed that defines security and privacy principles to meet business objectives.
- Documentation is required for
management controls and metrics specific to asset classification and control,
physical security, system access controls, network and computer management, application development and maintenance, business continuity, and
compliance.
- A design and implementation program should also be integrated with the formal system development life cycle to include a business
case, requirements definition, design, and implementation plans.
- Technology and design methods should be included, as well as the security processes
necessary to provide the following services across all technology layers:
1. Authentication
2. Authorization
3. Availability
4. Confidentiality
5. Integrity
6. Accountability
7. Privacy - The creation of a secure architecture provides the engineers, data center
operations personnel, and network operations personnel a common blueprint to design, build, and test the security of the applications and systems.
- Design reviews of new changes can be better assessed against this architecture to assure that they conform to the principles described in the architecture, allowing for more consistent and effective design reviews.
6.3.22 Data Security
- The ultimate challenge in cloud computing is data-level security, and sensitive data is the domain of the enterprise, not the cloud computing provider.
- Security will need to move to the data level so that enterprises can be
sure their data is protected wherever it goes.
- For example, with data-level
security, the enterprise can specify that this data is not allowed to go outside of the United States. It can also force encryption of certain types of data, and permit only specified users to access the data. It can provide compliance with the Payment Card Industry Data Security Standard (PCI
DSS). True unified end-to-end security in the cloud will likely requires an
ecosystem of partners.
6.3.23 Application Security
- Application security is one of the critical success factors for a world-class
SaaS company. This is where the security features and requirements are
defined and application security test results are reviewed. Application security processes, secure coding guidelines, training, and testing scripts and
tools are typically a collaborative effort between the security and the development teams. Although product engineering will likely focus on the application layer, the security design of the application itself, and the
infrastructure layers interacting with the application, the security team
should provide the security requirements for the product development engineers to implement. This should be a collaborative effort between the security and product development team. External penetration testers are used
for application source code reviews, and attack and penetration tests provide
an objective review of the security of the application as well as assurance to
customers that attack and penetration tests are performed regularly. Fragmented and undefined collaboration on application security can result in
lower-quality design, coding efforts, and testing results.
Since many connections between companies and their SaaS providers
are through the web, providers should secure their web applications by following Open Web Application Security Project (OWASP)15 guidelines for
secure application development (mirroring Requirement 6.5 of the PCI
DSS, which mandates compliance with OWASP coding practices) and locking down ports and unnecessary commands on Linux, Apache, MySQL,
and PHP (LAMP) stacks in the cloud, just as you would on-premises.
LAMP is an open-source web development platform, also called a web
stack, that uses Linux as the operating system, Apache as the web server,
MySQL as the relational database management system RDBMS, and PHP
as the object-oriented scripting language. Perl or Python is often substituted
for PHP.1
6.3.24 Virtual Machine Security
In the cloud environment, physical servers are consolidated to multiple virtual machine instances on virtualized servers. Not only can data center
security teams replicate typical security controls for the data center at large
to secure the virtual machines, they can also advise their customers on how
to prepare these machines for migration to a cloud environment when
appropriate.
Firewalls, intrusion detection and prevention, integrity monitoring,
and log inspection can all be deployed as software on virtual machines to
increase protection and maintain compliance integrity of servers and applications as virtual resources move from on-premises to public cloud environments. By deploying this traditional line of defense to the virtual machine
itself, you can enable critical applications and data to be moved to the cloud
securely. To facilitate the centralized management of a server firewall policy,
the security software loaded onto a virtual machine should include a bidirectional stateful firewall that enables virtual machine isolation and location awareness, thereby enabling a tightened policy and the flexibility to
move the virtual machine from on-premises to cloud resources. Integrity
monitoring and log inspection software must be applied at the virtual
machine level.
This approach to virtual machine security, which connects the machine
back to the mother ship, has some advantages in that the security software
can be put into a single software agent that provides for consistent control
and management throughout the cloud while integrating seamlessly back
into existing security infrastructure investments, providing economies of
scale, deployment, and cost savings for both the service provider and the
enterprise.
In the cloud environment, where services are offered on demand and
they can continuously evolve, aspects of current models such as trust
assumptions, privacy implications, and operational aspects of authentication and authorization, will be challenged. Meeting these challenges will
require a balancing act for SaaS providers as they evaluate new models and
management processes for IAM to provide end-to-end trust and identity
throughout the cloud and the enterprise. Another issue will be finding the
right balance between usability and security. If a good balance is not
achieved, both business and IT groups may be affected by barriers to completing their support and maintenance activities efficiently