I have been working with Clouds since before the coining of the term itself (back then, the startup I was working for called it "Agile Infrastructure"; now it's known as "IaaS"). From the very beginning, a frequent blocker to adoption has been the question of security. "We can't go to the Cloud because it is simply not secure," goes the complaint.
Well, I'm here to say it's bunk -- pure bunk. There is NO new security problem in the Cloud.
There is, in fact, a security problem in external Clouds -- but it is already in your data center right now.
If you take a truly secure system and place it in an external or hybrid cloud, it will remain secure. Simply exposing a secure system to a larger number of potentially hostile assailants is not enough to make it vulnerable. No, a truly secure system is designed to remain that way even during escalating pressure.
The problem is that very few of our current systems are truly secure. They rely heavily on the notion that threats are few behind the corporate firewall, so they don't need to have air-tight security. That concept is -- and always was -- a mistake. And now that conditions are changing in the Cloud, the inappropriate assumption is causing major headaches. The leaks in the boat are becoming apparent now that it is finally in the water.
News Flash: Security Through Obscurity is Dead
Many security issues have been supposedly solved by “Security Through Obscurity.” Keeping the system in question from the prying eyes of evildoers has been the great fallback policy in the IT industry for decades.
Unfortunately, this policy is like the child who sticks his head under the covers to escape the boogie man. It may work well enough for escaping the illusive monsters of youth, but when the real threat appears, it is simply the wrong solution.
Let's Be Honest About the Problem
So you may have a security problem as you go to the Cloud, but it is not a Cloud security problem. It's the same problem which has been around for years – but now you are actually going to solve it.
So how do you proceed? A good first step is to assemble a list of potential attack scenarios. Are you worried that dangerous individuals will attack your database machine through the attack surface of the network interface driver? Write it down. Are you concerned that your Java application server may be assaulted through weaknesses in the API? Write it down. For each scenario, record the target, the attack surface, and the possible results of a successful attack.
The Cloud Can Actually Increase the Possible Solutions
As the attacks on any system are frequently complex, the solutions are often likewise complex. The solutions may encompass the operating system, the hardware drivers, the application code, and more. But while those aspects are normal for a non-Cloud system, there are additional factors in the Cloud, notably the hypervisor and the Cloud orchestrator.
This may sound overwhelming, but don't fear -- the biggest secret of Cloud security is that these additional security capabilities of the hypervisor and the Cloud orchestrator can actually increase the overall security of your data. Before you deploy a Cloud solution, you need to assess the security aspects of the Cloud orchestrator, tools, and hypervisor involved in that solution.
In a recent talk at the Linux Foundation's CloudOpen North America conference, I outlined some of the lessor known security aspects of the Xen Hypervisor. Using some of the security aspects of Xen, it is possible to make a VM more secure than it would be running on bare metal by combining techniques like disaggregation and Xen Security Modules to do things that you cannot easily accomplish otherwise.
So don't fret. Security in the Cloud may not be your problem, as it might be your solution. You just need to get your head out from under the bed covers and face the real boogie men in the room.