Cloud Computing Security
Cloud computing security is a hot topic and one of the main concerns in transitioning to the cloud. It relates to the broader topic of cloud security.
Cloud Computing Security Risks
- Careless management of accounts and access credentials. Cloud services often have their own user credentials, which need to be integrated with enterprise identity and access management solutions. Furthermore, many cloud servers have SSH keys on them, which can be used to access the servers without passwords. Most cloud applications also allow users to configure API credentials that can be used to perform operations on behalf of the user for application integration. API credentials are typically permanent and never expire unless manually removed.
- Loss or leakage of master passwords. Cloud services are typically owned by an account created with the cloud service provider. The master account can do anything with the services - including destroy them all. Thus access to the master account is critical and should be protected. Two-factor authentication should be employed. However, there is also risk of the access being lost (and the account becoming inaccessible) when employees leave or the password leaking to outsiders. Restricted sub-accounts should be created for API operations and administrators whenever feasible.
- Loss or leakage of database or application credentials. Generally databases in the cloud use database-specific credentials that remain unchanged forever. Access to the credentials may provide access to any data in the database. Therefore procedures should be in place for protecting and periodically changing database credentials.
- Leaking secrets. Many services require private keys for SSL/TLS certificates and API keys they use to access other applications and databases. Especially in elastically scaling services or containers, it may not be sensible to store secrets in the operating system images. Cloud secrets vaults are often used for providing access to secrets without storing them in virtual machine images or containers.
- Infrastructure breach means some breaking into the cloud infrastructure (e.g., the virtualization system). This could be, e.g., by escaping a virtual machine using a vulnerability, escaping a container using a vulnerability or design flaw, or escaping a serverless computing sandbox. The breach could also be due to an insider or by someone who manages to hack into or physically penetrate the cloud service provider's facilities.
- Service provider viability is a major issue for continuity. If the service provider goes under, data and access to applications could be suddenly and permanently lost. Off-cloud backups are important, as are vendor evaluations.
- Data leakage concerns include leakage via bugs (e.g., the CloudFlare leak) or as a result of data exfiltration using any of the above issues.
- Mass surveillance and espionage is a real risk. Cloud data often contains passwords into Active Directory domains, VPN passwords, Wifi passwords, and even server passwords. This data is highly sensitive and extremely valuable for penetrating enterprises in cyberwarfare situations. The data may also be used for industrial espionage and gaining competitive advantage for domestic enterprises. Intelligence agencies are known to widely exchange obtained data.
- Compliance issues are a concern in regulated industries. Cloud services may not meet the requirements of mandatory regulations. On the other hand, if the cloud service is properly certified, it may also reduce the compliance burden.
Application and Development Security
One way to break into applications and data in the cloud is to inject malicious code in applications. The security of the development process is thus critical, including security of source code repositories, build systems, the deployment process, and developer access into production.
Applications may also contain bugs that may allow an attacker to exfiltrate or modify data and impersonate privileged users.