How to Avoid the Stormier Implications of the Cloud

Adrian Seccombe explains the Jericho Forum's Cloud Cube model for understanding cloud computing's security ramifications

Introduction

The cloud represents an opportunity for incredible scalability and cost savings. At the same time, within this emerging business paradigm there are new security risks to keep in mind and old ones that must be re-evaluated. As we begin to realize the benefits and potential to reduce costs of resources that cloud computing can offer, as well as the increasing ability to collaborate globally with business partners, customers and suppliers, we also need to ensure protection from the stormier implications of clouds. Increasingly, organizations need a well-structured path towards enabling secure business collaboration within the cloud without leaving them vulnerable to issues that may put their information assets at risk.

The realities of cloud computing are inherent interoperability and increased openness; both concepts that also imply security risk. Although the idea of "secure collaboration" may seem like an oxymoron, the issue of enabling secure collaboration in the appropriate type of cloud or "cloud formation" is one that must be tackled by each organization considering migrating to a cloud model. In addition, those considerations must be best suited to the business needs of each organization. But how does an organization evaluate the risk and opportunity associated with moving into the cloud?

Also see Ira Winkler's The Real Problems with Cloud Computing

As a consortium dedicated to helping organizations remain secure in an increasingly de-perimeterized world, the Jericho Forum sees a great deal of promise in cloud computing models to help facilitate secure collaboration. This article highlights Jericho's initial considerations and guidelines for helping businesses understand the promise of cloud computing and encourages common and secure cloud practices by taking a look at the benefits and risks of emerging cloud "formations." We'll also examine the key issues that need to be answered in order to make clouds safe and secure places to work in.

Although we see these guidelines very much as a "work-in-progress," we hope they will enable all stakeholders, particularly business decision-makers, to appreciate the key considerations that need to be taken into account when deciding which parts of their business could be operated within any of the available cloud formations. We also hope that it will provide pragmatic guidance for safely leveraging the cloud today and present a clear vision for a future of secure cloud computing.

Navigating the Cloud

The joy of the cloud model is that it can deliver great advantages, but only if you know where within the different formations of cloud you need to be in order to achieve the right flexibility for your specific needs. For example, if a cloud vendor were to cease providing a service, how easy would it be to move to another provider or use your cloud-based capability to provide you with seamless disaster recovery and business continuity?

To do this it is first necessary to classify your data based on what rules must apply to protecting it. For example, what is its sensitivity and must it only exist at specific trust levels? If so, which levels? What regulatory/compliance restrictions apply? Must it stay within your national boundary?

Once you understand what level of security you need to apply to your data, you can then determine which data and processes to move into the cloud; at what level you want to operate in the cloud; and which cloud formations are best suited to your needs.

The Jericho Forum actively encourages solution providers and vendors to develop capabilities and services to protect customers. In February, we delivered a practical framework showing how to create the right Collaboration Oriented Architecture (COA) to assure secure business collaboration in de-perimeterized environments. For the Jericho Forum, the natural evolution from this architecture is to next address how to follow a well-structured path toward enabling secure business collaboration in the cloud without becoming vulnerable to issues that may put data, the ability to work with chosen business partners, or regulatory compliance at risk.

The Cloud Cube Model

The Jericho Forum has identified four criteria to differentiate cloud formations. The dimensions of this Cloud Cube Model include: Internal/External, Proprietary/Open, Perimeterized/De-perimeterized architectures, and Insourced/Outsourced.

Internal/External, Proprietary/Open

The Internal/External dimension defines the physical location of the data: inside or outside your organization's boundaries.

If the data lives within your own physical boundary, then it is Internal. If the data is not within your own physical boundary then it is External. For example, virtualized hard disks in an organization's data center would be internal, while Amazon SC33 would be external at some location off-site. There is often a false assumption that internal is more secure than external. On the contrary, the effective use of both is likely to provide the most secure usage model.

The Proprietary/Open dimension defines the state of ownership of the cloud technology, services or interfaces. It indicates the degree of interoperability and the ability to move or remove your data from a cloud form. It also indicates any constraints on being able to share applications.

Proprietary means that the organization providing the service is keeping the means of provision under their ownership. When operating in clouds that are proprietary, you may not be able to move to another cloud supplier without significant effort or investment. Often the more innovative technology advances occur within the proprietary domain. As such, the proprietor may choose to enforce restrictions through patents and by keeping the technology a trade secret. Clouds that are Open use technology that is not proprietary, meaning that there are likely to be more suppliers, and you are not as constrained in being able to share your data and collaborate with selected parties using the same open technology.

Dimension: Perimeterized / De-perimeterized Architectures

The third dimension represents the "architectural mindset." Are you operating inside your traditional IT perimeter or outside it? De-perimeterization relates to the gradual removal or collapse of the traditional silo-based IT perimeter.

Perimeterized implies continuing to operate within the traditional IT perimeter, often signaled by network firewalls. When operating in the perimeterized areas of the cloud, you may simply extend your own organization's perimeter into the external cloud computing domain using a VPN and operating the virtual server in your own IP domain, making use of your own directory services to control access. Then, when the computing task is completed you can withdraw your perimeter back to its original traditional position. We consider this type of system perimeter to be a traditional, though virtual, perimeter.

De-perimeterized, assumes that the system perimeter is architected following the principles outlined in the Jericho Forum's Commandments [pdf link] and Collaboration Oriented Architectures (COA) Framework[pdf link]. The terms Micro-Perimeterization and Macro-Perimeterization will likely be in active use here. For example, in a de-perimeterized frame the data would be encapsulated with meta-data and mechanisms that would protect the data from inappropriate usage. COA-enabled systems allow secure collaboration. In a de-perimeterized environment an organization can collaborate securely with selected parties (business partners, customers, suppliers, outworkers) globally over any COA capable network. The de-perimeterized areas in our Cloud Cube Model use both internal and external domains but the collaboration or sharing of data should not be seen as internal or external; rather it is controlled by and limited to the parties to the collaboration agreement. An organization will feel comfortable about allowing data into the internal COA-compliant domain of a collaborating organization and confident that the data will be appropriately protected.

Dimension: Insourced / Outsourced

The fourth dimension determines who you want to run your cloud. If it is Outsourced, the service is provided by a third party. If it is Insourced, the service is provided by your own staff under your control.

These two states describe who manages delivery of the cloud services that you use. This is primarily a policy issue, which is to say a business decision, not a technical or architectural decision that should be embodied in a contract with the cloud provider.

One thing to consider when developing policies around insourcing and outsourcing is how to define the parameters around collaboration inside and outside of the cloud formation. For example, given the ease with which a user within a business can ostensibly procure cloud services, just by tendering a valid credit card, it is absolutely essential that your business develops the agility to both set up collaboration agreements rapidly, as well as to close them with equal ease when they are no longer needed. For instance, when closing down an agreement with a provider, care should be taken to ensure that the data is appropriately deleted from the cloud service provider's infrastructure (including backups), otherwise a data leak risk remains. "Data Repatriation" is a key new capability that must be considered.

Cloud Layers

In addition to the cloud formation, an early decision needs to be made about the level at which to operate in the cloud. While the higher the level you operate at the more the value there is to be gained, the higher levels are currently less mature.

Also, there are two further considerations on either side of these cloud layers in addition to the security concerns that have been discussed in this paper - Orchestration and Identity and Access Management. The Jericho Forum is developing business understanding on the requirements and solutions needed in these areas.

Top Cloud Security Considerations

In order to be confident in your cloud supplier, the following are some key questions to ask to ensure they provide secure collaboration enablement and are compliant with applicable regulations:

Where in our cloud cube model is my cloud supplier operating when providing each of their services?

How will my cloud supplier assure that when using their services I am operating in a cloud form that has and will maintain the features I expect?

How can I ensure that my data and the cloud services will continue to be available in the event of the provider's bankruptcy or change in business direction?

To achieve the great benefits that cloud computing can offer, it is equally important for business managers to understand how and why using any cloud form will provide the value they want to achieve to set out their cloud computing requirements clearly and know what to expect as a result.

Also see Cisco CEO: Cloud Computing "a security nightmare"

Entering into any cloud form without establishing the actual business objectives, especially what collaborative flexibility and security they want, may prove troublesome in the future if those objectives were never established from the outset. Moving data into the cloud also has legal and compliance issues and these must be considered, as well. These should be fully understood by all parties deciding to move to a cloud service. It may be that while the cost associated with the cloud service is significantly lower, the business risk is too high.

Conclusion

Major cloud services providers should work with infrastructure suppliers and other relevant consumer interest groups, such as the Jericho Forum, and the Cloud Security Alliance, to develop the services, solutions and open standards-based interfaces that customers need for secure, open cloud computing.

Our goal is to promote confidence and operational efficiency for businesses operating in the cloud through the development of effective cross-organizational processes, ICT products that conform to open security standards and assurance processes that can be trusted by all parties. We invite both users and vendors to work with us to establish best practices for securing collaboration in the cloud. Cloud computing has the potential to provide the right technical enablement and control capabilities for safe and secure business collaboration, and by working together, the industry can build trust into cloud computing so that everyone prospers, safely and securely, in all cloud formations.

SUBSCRIBE! Get the best of CSO delivered to your email inbox.