Over the past few years, we have seen a gradual transition from traditional computer centers with dedicated resources to virtual machines and cloud computing.
During this time, people have realized some of the value of virtualization in terms of savings and resource optimization. Unfortunately there are still a number of warts in virtualization that have followed the migration to the cloud.
Before we discuss those warts, it is important to fully describe the cloud environment about which we are talking.
While most people want to talk about software-as-a-service (SaaS) and platform-as-a-service (PaaS) – and we could include them in our conversation – we really want to talk about clouds that are transparent and migratory.
These clouds are typically described as public, private or hybrid.
What is a private cloud?
A private cloud is (typically) a cloud created within a corporation (only using corporate-owned machines) and is entirely at the control of the corporation. The cloud includes numerous computers and can extend among different computer facilities, as well as crossing geographical boundaries.
What is a public cloud?
A public cloud is controlled by someone other than the corporation and can have multiple entities participating all on the same machine. Each entity can have its own separate virtual machine (VM) and may not readily be able to see other entities. The cloud location and co-residents are unknown.
What is a hybrid cloud?
A hybrid cloud consists of some resources being controlled by the corporation and some by an outside entity. There may or may not be a bleed-over of clouds from the private cloud to the public cloud.
These distinctions may sound logical; however, from a security point of view, there isn't a distinction between them.
In a cloud, you do not know the hardware you are executing in or what other entities are also using that hardware. If you are in a private cloud, you may know that all entities in the cloud are part of the company, but you don't know if the entities also using the cloud are the finance, research, or marketing department, or if they are a hacker. Additionally, you cannot tell if the cloud or the participants in the cloud are well-behaved.
Here is where the warts become noticeable.
If a cloud is paused or stopped (not halted), it generates a snapshot and is written to the disk. Thus even if encryption is used, the files in the virtual disk may be encrypted, but the memory resident copies are not and are thereby placed on disk in an unencrypted state. If the VM is going to migrate to other hardware, the unprotected secrets will also be exposed in transmission.
Next, if the hardware is reused or shared, one needs to be concerned.
If the hardware is reused, do all traces of the previous VM get wiped from a resource before a new VM can use it? If not, can the new VM read the raw resource and access the previous VM? If the resource is shared among multiple VMs, can one VM see/access the resources of another VM?
The bottom line is that unless you limit the people with access to the VM (in the cloud) and can monitor the clouds (as well as the hardware on which the cloud is based), you have no way to know if your cloud is safe.
Two last things to remember when contemplating cloud and the security implications:
- Trusting a cloud environment – because of encryption or other security functions in the VM – is dangerous.
- Trusting the host operating system or environment in the cloud is just as dangerous.