Welcome to the part 2 of the blog series ‘Cloud Security’. In Part 1 of the series, we raised some important questions about the security in the cloud. Now, in this blog post, we would like to answer one of the most important questions that we encounter when we talk about Cloud Security.
“How secure is my data when multiple tenants share the same infrastructure?”
Well, this is a tricky question that keeps cropping up again and again. In this blog post, we place a few of the different components in perspective to see which areas need to be addressed. First of all, a question arises, why do multiple tenants share the same infrastructure? The answer is, organizations want to gain price and performance advantages, and thus end up sharing the same infrastructure.
Let us understand the term ‘multi-tenancy’. It simply means, many tenants share same resources and this turns out to be very efficient and scalable. In IaaS, tenants share infrastructure resources like hardware, servers, and data storage devices. In SaaS, tenants source from the same application (for example, Salesforce.com), which means that data of multiple tenants is likely stored in the same database and may even share the same tables. When it comes to security, the risks with multi-tenancy must be addressed at all layers.
Shared Premises / Shared Data centers:
In a ‘shared premises’ context, a dedicated rack is the safest unit you can own. However we need to ensure that the power cables are secure and redundant paths are available for power. Also, we should check whether the network cables are secure and whether the redundant paths are available for network. A point to be noted here is that the rack is always locked and cameras monitor the rack and are capable of a playback for a determined period of time.
Whereas in a ‘shared racks’ context, there is always an element of risk as multiple tenants have access to the Rack. An ideal condition would be to make it a managed service and provide access only to the service provider. Doing so ensures that the untrained / semi-trained hands may not affect the services of a co-tenant.
In an instance where one cannot afford dedicated hardware, one has to settle in for one of the following:
- VMs on a Hypervisor
- Jailed environment
- Share an application through separate credentials
Out of the above, a separate VM is the next best secure element. In order to ensure that the VM is secure, we first need to encrypt the VM image and ensure that the bios password is in force so no one can tamper with the boot order. For additional security, we need to ensure that a boot loader password is in force.
As we look upon the Shared Hardware scenario, we encounter that there are other elements where we need to be careful about, such as, Disks, Processors, Memory, Hypervisors etc.
Let us look at each one of them in detail:
We first need to ensure that the disk should be encrypted with a key recorded by the administrator and no user-end encryption should be enabled. Many a times, we find this feature and it is done to facilitate data recovery in case the employee is not available to recover sensitive / important data. Another important security measure would be to dispose or reassign the disk after due cleanup.
We need to ensure that the processor should have a secure ring architecture so that the hypervisor operates in a higher security zone than the VMs.
When multiple tenants share the same infrastructure, we need to check the OS specially for extra security. We need to facilitate jails / chrooted environment for different tenants, so one can not see the other’s data.
A hypervisor or virtual machine monitor (VMM) is a piece of computer software, firmware or hardware that creates and runs virtual machines. Hypervisors main job is to map traffic from VMs to the underlying VM host hardware so that it can make its way through the data center and out to the Internet and vice versa. As the hypervisor intercepts all traffic between VMs and VM hosts, it is the natural place to introduce segmentation for the resources of IaaS tenants where VMs might be housed within the same VM host or VM host cluster. We should not share direct access to any devices to the VMs.
Also another major security concern in the virtualized infrastructure is that the machines are owned by different customers. These machines can escalate the risk for many types of breaches such as unauthorized connection monitoring, unmonitored application login attempts, and malware propagation.
VM segmentation and isolation is an absolute requirement for VMs containing regulation and compliance intense data like employee details, customer information, etc. Most regulatory mandates such as ISO 27001, SAS 70, Payment Card Industry Data Security Standard (PCI DSS), SSAE 16 and Health Insurance Portability and Accountability Act (HIPAA) require that access be limited to a business’ need to know, and that control policies be set in place to enforce blocking of unwarranted access.
Hope this post has answered the question completely. If you have any further queries, do not hesitate to contact us. You can also comment / share your observations about the topic here.
We are waiting…