Cloud computing architecture security part 1: Physical and intrinsic controls

Proper design of cloud computing architecture is essential for security. Learn about the physical and intrinsic controls for effective cloud architecture.

In a cloud setup, the cloud computing architecture’s design is of supreme importance for optimum performance and scalability. Any slip-ups or shortcuts in the initial definition, and you are building the proverbial house on sand—with potential impact on cloud security as well. Once you have established the need for a cloud in your organization and defined its objectives and scope, the next steps involve defining the cloud computing architecture, formulating the bill of materials, and layout of the cloud.

Overestimation or underestimation at this stage can prove costly. If you estimate capacity below what you need immediately or in the near future, it could lead to an “evolutionary patch based approach” that is less than optimal. On the other hand, many an enthusiastic CIO with money to spend but very short timelines makes the mistake of overestimation—perhaps buying much more than what would be needed even three years down the line, or making the infrastructure too complex to be of any productive use.

The obvious solution to an effective and efficient cloud computing architecture is a workshop-based approach, possibly with an experienced external professional organization. To identify the risk areas better, let us begin by breaking up the subject of cloud computing architecture into two separate parts—physical and logical/administrative:

I. Physical

From the physical housing aspect, you may decide to set up a new data center to house your cloud computing infrastructure, or you may decide to include your cloud infrastructure in your existing data center. Either way, the fundamentals are the same as when you set up a data center.

Depending on the sensitivity of your cloud, your risks may amplify manifold, and you may possibly decide to set up a Tier 3 data center complete with gun-toting guards, electrified fences, heat sensing infrared CCTV, biometric access control, and what not. This depends significantly on the financial resources and background of the organization, as well as business requirements and long term vision.

II. Logical and administrative

Logical and administrative controls can be viewed as intrinsic (internal to the system) or extrinsic (external to the system). We shall cover extrinsic controls in the next installment of this series of articles on cloud computing infrastructure. Intrinsic controls are discussed below:

Identity management (IM)

IM deals with who can get access to the cloud. This is a very shaky area to manage in cloud security. Here are some issues to think about:

  • Ensure that a robust IM system is implemented taking into consideration the number of people who may log on to the system. Take into account growth for the next 1-3-5 years.
  • Ensure interoperability with other systems.
  • Ensure that adequate identity logs are maintained even for very short logons and that the logs are retained for the next 3-5 years as per regulatory and SLA requirements.
  • Do not recycle identities and profiles of users who had earlier used the system.
  • Ensure that the IM system allows for two-factor authentication.
  • SSL based access is desirable as it does give a high level of comfort for the user.
  • Remember that one of the key features of a cloud is “resource on demand”. So, a particular user may not want anyone logging onto a resource or starting the system in a particular timeframe. Ensure that your IM is capable of managing such requests effectively.

Access management (AM)

AM defines what a successfully authenticated user can access and perform on the cloud. A few points to bear in mind:

  • Ensure that resource administrators have enough granularity to define resource permissions.
  • Define two-factor authentication for highly sensitive operations.
  • Allow for a second level of “approver” or “moderator” for business operations requiring multiple levels of approvals.
  • Use the principle of “Implicit denial, explicit approval” with a good RBAC (role based access control) to boot.
  • Ensure flexibility for resource administrators to define location-based access with varied levels of authorization.
  • Ensure that resource administrators have enough granularities to define what needs to be logged up to what level, and specify how long logs need to be stored.
  • With cloud computing infrastructure, one of the major security concerns pertains to whether administrators are accessing sensitive client resources without due approval. When such access is legitimately required ensure that it is tightly controlled and properly logged.

Maintaining time sync

It is rare that organizations ensure that all devices in the network are synced by a reliable time source. For cloud computing architecture, having a very accurately time synced network is a must to ensure that logs are reliable and that backups, log shipments, resource scheduling, rationing, invoicing and other functions happen as planned.

Do not make the mistake of setting up an internal time server from which the system picks up the time—if this goes bust, you will be in bigger trouble than you can imagine. Instead, use at least two independent global time sources connected on two separate resilient networks.

Read more on IT risk management