Cloud Security and Privacy
Chapter 17
17.1 Cloud-Specific Security Problems
Several factors contribute to the complexity of managing cloud computation
- Lack of control and visibility
- An infrastructure shared with outsiders
- Many services with interdependencies among them.
- Dynamic execution environment with bursts
- Remote access for all users
- Extensive use of software from the cloud providers and third parties
Lack of control and visibility.
In a cloud environment, a tenant cannot configure or examine the underlying systems
Must trust that the provider’s staff has configured security protections correctly.
An infrastructure shared with outsiders
running multiple tenants on the same infrastructure increases security risks, and security and privacy breaches have occurred.
Many services with interdependencies among them.
having many microservices and allowing frequent communication among them increases the attack surface,
Dynamic execution environment with bursts.
Rapid creation of new instances makes it more difficult to distinguish normal execution from a Denial of Service (DoS) attack
Remote access for all users.
the use of remote access increases the possible attack surface
Extensive use of software from the cloud provider and third parties.
Building cloud-native software has added complexity, such as designing microservices that can be orchestrated.
17.2 The Zero Trust Security Model
How can a tenant know which individuals should be allowed to access and manage services?
The answer lies in a zero trust security model.
The idea is straightforward: assign each user a set of privileges for each possible service. Instead of merely allowing a user to login once and then have access to all services, validate each request separately. That is, whenever a user attempts to access a service, use the identity of the user (and possibly the identity of the user’s device) to decide whether to grant or deny the request.
17.3 Identity Management
To avoid having separate authentication for each service, an identity management system uses a Single Sign On (SSO), which means a user has the same login and password credentials for all services.
An Identity Management system
- stores information about users’ identities and their access rights,
- uses a single login for all services,
- authenticates users,
- ensures only authorized users access each service,
- and allows a user to enter credentials once for each task.
17.4 Privileged Access Management (PAM)
- A Privileged Access Management (PAM) system handles identity management for privileged accounts (administrative or superuser level of privilege).
- PAM systems log all accesses, providing a detailed record of which individual accessed a system at a given time.
- The systems also record failed login attempts, providing a way to track attackers.
- If a staff member’s ID is used to access multiple secondary systems within a short time, the PAM system sends an alert to the manager reporting suspicious activity.
17.5 Protecting Remote Access
Three principles help define security practices:
- Keep all communication confidential
- Protect and isolate business data
- Enforce workflow security
Keep all communication confidential
- To keep communication confidential, all data must be encrypted.
- Virtual Private Network (VPN), technology forms a connection to the organization’s cloud data center and encrypts all packets sent over the connection
Protect and isolate business data.
- Remote access introduces an additional danger:an employee may lose a device that contains confidential business data.
- To protect it from accidental loss, all business data stored on a user’s device must be encrypted.
Enforce workflow security.
- As an employee performs a task, data may move from the cloud to the employee’s device and back.
- To ensure that all data remains safe independent of its location, an organization must define a security policy for each workload.
- Industry uses the term workflow security to characterize the approach.
17.6 Privacy In A Cloud Environment
- Security systems enforce protections to guarantee the confidentiality, integrity, and availability of data.
- Privacy refers to keeping sensitive information about an individual safe from public dissemination.
- Privacy protection cannot focus only on the data at hand.
- In addition, other aspects of security must be chosen to prevent violations of privacy.
17.7 Back Doors, Side Channels, And Other Concerns
- Interestingly, privacy considerations intertwine with other aspects of data security.
- An organization must be careful to avoid possible back doors and side channels that allow data to leak to unintended recipients.
- Three points of contact between applications cause concern:
- shared storage systems,
- shared computing systems
- shared networks
- Instances have occurred where flaws, including flaws in the underlying hardware, allow data to transfer from one application to another through a side channel.
- In addition, attackers try to insert back doors into systems that send copies of data to the attacker.
- Tenants cannot predict or prevent flaws from occurring, but they can remain aware of the potential danger, and work hard to detect back doors.
A tenant must view a cloud service provider as a partner and work closely with the provider on security, both to ensure policies have been configured correctly and to handle problems that arise in the underlying infrastructure.
17.8 AI Technologies And Their Effect On Security
Interestingly, Artificial Intelligence (AI) technologies influence security in both positive and negative ways.
- On the one hand, attackers can use AI techniques to bypass safeguards and gain unauthorized access to data or systems.
- On the other hand, AI techniques can be used to strengthen safeguards.
Negative impact of AI
The approach is known as a deep fake.
An AI program that used machine learning (ML) was first fed recordings of the voice of a company executive so the program could learn the executive’s voice and speech patterns.
Once the learning phase was complete, the program imitated the voice while pronouncing text from a script.
The attacker left voice mail for an employee, apparently from the company executive, asking the employee to transfer confidential data to an external site.
Positive impact of AI
- PAM systems can use AI software to detect various types of anomalous behavior of an employee under the general topic of security analytics.
- If a machine learning program receives notification of each network connection that arrives from the Internet, the program may be able to detect an instance of a Distributed Denial of Service (DDoS) attack.
- One final aspect of security analytics arises from context.
- Suppose a given user always logs into the HR system and uses the system to update the employee database.
- Security analytics software takes another view: it flags the access as unusual because it does not occur in the usual context.
- Security analytics software can be context-aware.