The cloud is similar to the physical data center in that the same perimeter, system, and data protection mechanisms we've come to rely upon there must also be applied to the virtual environment (firewalls, intrusion prevention, anti-malware, data loss prevention, etc.).
However, even with these protections in place, the most significant challenge that remains with cloud computing is answering the question: How can I trust the cloud provider with my environment and my data?
To expose this risk a bit more, some top areas for concern when operating in the cloud are:
- Cyber miscreants can erase their digital tracks (log modifications).
- Administrators can cover up accidents and misbehavior (log modifications).
- ‘Vault' storage doesn't work in the cloud (data modifications).
- Applications can be accidently changed or maliciously compromised (code and app modifications).
To answer the question, one needs a scalable, independently-verifiable, mathematically-provable data signing solution designed specifically for the cloud.
Here is some additional information, which captures some scenarios related to log, data, and code/application integrity in the cloud.
Log integrity: Changing the logs is the easiest way for the cloud provider to cover their tracks – accidental or otherwise. It is also the easiest way for malicious software and users to do the same.
To properly protect against this risk, the system logs and applications logs must be signed in a way such that there is undeniable, mathematical proof that they have not changed since the system or application created them.
Take note that simple data hashing won't solve this problem as the logs can be backdated – a time-based data signature is required if one is to achieve forensic-quality logs.
Storage integrity: The concept of a ‘vault' doesn't work in the cloud – there is no physical box that everything goes in.
To complicate matters, stored and archived data can be recalled from the storage device at any time – even 20+ years from now. Who is to say the data didn't change after it was archived in or retrieved from the ‘box'?
Encryption has been a good mechanism to protect data from being read while stored on a private network, but it has zero benefit in the cloud. First, it provides no proof that the data hasn't changed (0s and 1s can be changed, even if their context is not understood).
Furthermore, the use of encryption to sign data and applications fails miserably in the cloud as the cloud provider and/or malicious software could gain access to the encryption keys via memory and change the data anyway. Finally, there is always the case where the administrator of the encryption keys uses them to change the data his or herself.
To properly protect against this risk, the stored and archived data must be signed – without keys or any other secrets that can be compromised – such that it can be independently proven to remain intact, regardless of how or when or by whom it is retrieved.
Operating integrity: The cloud operating and application environment is often shared with other companies, thereby increasing the risk of cross-VM (virtual machine) activity.
This can introduce unexpected or malicious behavior to occur within the applications. Therefore, the only real way to guarantee proof of operating integrity in the cloud is through the use of a keyless, scalable, code and application signing solution designed for the cloud.
To properly address this risk, the developers must sign their ‘gold master' code or application, declaring that only those applications approved (signed) by the developers would be allowed to execute. Any applications that were changed out of band, manipulated by malicious software, or changed by the cloud provider, would not be allowed to execute.