n n
nAchieving true 100% cybersecurity coverage is difficult for anyone, butnespecially for cloud providers. As Varun Carlay, CISSP, CCSP explains,ntheir own experience has demonstrated that the very nature of cloudnbusiness models adds to the challenge.n
nn
nnThe pace at which cloud service providers innovate to protect theirncustomers from a cyberattack is unprecedented. Still, it’s highlynchallenging for any cloud service provider to prevent disruptors, 24x7x365,nfrom launching attacks. Perhaps that’s why I often sense audiencenapprehension while presenting cloud security controls and mechanisms tonprospective customers – and rightly so, as I work mainly with governmentndepartments and agencies invariably entrusted with highly sensitive andncritical data.n
nnTheir primary concerns generally center around cloud multi-tenancy modelsnand the implementation of isolation mechanisms – reasonable and fairnconcerns that cloud customers should be cognizant of. One of thenreasons behind their apprehension might be anxiety about imminent changes tonthe world architecture. As the world’s major economies compete to establishnsupremacy, conventional war and military interventions are not the onlyndisruptive considerations in this multipolar world. Cyberwarfare is likelynto continue to be a source of digital disruption and economic unrest acrossneconomies.n
nnThe precursor to causing a disruption is, first, to identify critical andnsensitive workloads – essentially, applications and data. So, where couldnhighly motivated, state-sponsored attackers find the aggregated and majoritynof their target workloads? Public cloud, perhaps? Oh yes.n
nnThe Interconnected World of Public Cloudn
nnAs public cloud adoption continues to grow exponentially, shouldn’t we benconcerned about the core architecture model of the public cloud –nspecifically, multi-tenancy? However, decisions are often dictated by thenfinancial model, especially in the case of the public cloud. The monetarynbenefits of ‘economies of scale’ serve as a key business driver for manynenterprise organizations and even government agencies. Ideally, we shouldnall strive to maintain a balance with security requirements and corenbusiness objectives.n
nnMulti-tenancy involves consolidating numerous workloads on a sharednunderlying hardware infrastructure and interconnecting hundreds of thousandsnof servers that need to communicate with each other for smooth data flow.nThis includes both legitimate data and, unfortunately, in some cases,n’impermissible data’.n
nnSo, for a moment, let’s try to think from the lens of a highly skilled andnwell-funded cybercriminal (rather, a cybercrime group) who needs only onenentry point to inject malware or other bad software to launch an advancednpersistent threat (APT) in the multi-tenant, interconnected world of publicncloud. It would only take just one device for a cybercriminal to embark onnan exploitation journey. By gaining access to and infecting a single device,nand if the underlying security controls and mechanisms are not robustnenough, the cybercriminal may find a way to move laterally and exploit othernconnected devices as well as several other customers workloads.n
nnElements That Can Potentially Increase The Attack Vector In Public CloudnEnvironmentsn
nnNow, let’s corroborate the above by reflecting on concerns raised bynresearchers regarding the increase in attack surface area due tonvirtualization – technology highly prevalent in the multi-tenant, publicncloud world. Here are extracts from a couple of NIST Special Publications innthis regard:n
nnNIST SP 800-144: Overview of public cloudncomputing and the security and privacy challenges involved:n
nnn”Attack Vectors. Multi-tenancy in virtual machine-based cloudninfrastructures, together with the subtleties in the way physicalnresources are shared between guest virtual machines, can give rise tonnew sources of threat. The most serious threat is that malicious codencan escape the confines of its virtual machine and interfere with thenhypervisor or other guest virtual machines. Live migration, the abilitynto transition a virtual machine between hypervisors on different hostncomputers without halting the guest operating system, and other featuresnprovided by virtual machine monitor environments to facilitate systemsnmanagement, also increase software size and complexity and potentiallynadd other areas to target in an attack.”nn
nnNIST SP 800-125: Discuss the security concernsnassociated with full virtualization technologies:n
nnn”Attackers may attempt to break out of a guest OS so that they cannaccess the hypervisor, other guest OSs, or the underlying host OS.nBreaking out of a guest OS is also known as escape. If an attackernsuccessfully escapes a guest OS and gains access to the hypervisor, thenattacker might be able to compromise the hypervisor and gain controlnover all of its guest OSs. So, the hypervisor provides a single point ofnsecurity failure for all the guest OSs; a single breach of thenhypervisor places all the guest OSs at high risk.”nn
nnWhat Does This Mean for Us?n
nnSecurity establishments across the world understand the precarious nature ofnmulti-tenant architecture coupled with potentially vulnerable commercialnoff-the-shelf technologies that might be exploited by those highly skillednand well-funded army of state-sponsored attackers. The interconnected worldnof the public cloud is one of the most coveted platforms for state-sponsorednactors tasked with compromising the sovereignty of targeted nations, onnwhich they can launch advanced persistent attack(s) for catastrophicnoutcomes. And then they might stay undetected for a long period of time,nwhile continuously exfiltrating precious, sensitive, and critical datan(think SolarWinds).n
nnThe rapid emergence of ransomware attacks also should be a reason for us tonevaluate deeply the generally opaque security control mechanisms implementednby cloud service providers (CSPs) at an underlying cloud infrastructurenlayer.n
nnPerhaps it’s time for us, the customers of public cloud, to ask even toughernquestions.n
nnIsolation Is Key in Public Cloud – Both Physical and Logicaln
nnThe efficacy of any technology product that provides cloud security or otherncloud services depends predominantly on two things:n
n- n
- n The security control mechanisms of an underlying cloud infrastructuren (primarily, compute, storage & networking solutions); andn n
- n The implementation of control mechanisms on hardware and its software thatn is being used to offer those cloud servicesn n
nIn the context of multi-tenant, public cloud, isolation is the key. If wenthink about underlying cloud infrastructure strictly from a virtualizationnand isolation perspective, hypervisor manages both server and networknvirtualization. Therefore, it’s essential to check what additional controlsnhave been implemented to isolate network virtualization (either byndecoupling of network virtualization or by using some other mechanism toncontrol VM escape proliferation) that would stop the malware in its tracks,nand NOT allow lateral movement across different physical rack(s) andnconnected datacenter(s). A potent zero day with the capability to come outnof the confines of hypervisor should not be given a free pass to causenruckus across connected datacenters of a cloud service provider.n
nnAsk Challenging Questions During the CSP Evaluation Phase
nnOf course, the full list will be much more exhaustive, but – as someone whonfrequently presents cloud security controls and mechanisms to prospectivencustomers – let me suggest a few questions from the perspective of the topicnbeing discussed here:n
n- n
- n Check for isolation control mechanisms implemented by the cloud servicen provider at the underlying infrastructure layer that provide cloud servicesn based on virtualization, if any. Ensure your workloads are not impacted byn potential security gaps on the side of other customer workloadsn n
- n Seek tangible assurances from your cloud service provider that you willn receive an ‘immaculate’ machine every time you spin up a ‘new’ VM or Server.n Check how your CSP would guard you against firmware or hardware rootkits, asn these are the most difficult ones to detect and remove. Specifically, hown the technology components like secure boot (Unified Extensible Firmwaren Interface) and Trusted Platform Module (TPM) are being leveraged to achieven desired protection against the sophisticated firmware or hardware rootkitn attacksn n
- n Trusted Execution Environment (TEE): check the availability of confidentialn computing options like Software Guard Extensions (Intel SGX) or AMD’s SEVn (Secure Encrypted Virtualization). Keep an eye on potential performancen downside of these options and seek relevant implementation details from yourn cloud service providern n
- Gain visibility into how your data will be processed by the CSP byn requesting a data processing agreement in advancen n
nThe journey to the cloud is a strategic and long-term decision,nnecessitating thorough research, analysis, and assessment before migratingnto or adopting cloud services. Well-informed decision-making – includingnconsideration of various factors such as security, industry standards &ncompliance (HIPAA, PCI DSS, HITRUST, ISO 27001, FedRAMP, CJIS etc.), costs,nand performance – is essential for a successful transition to the world ofnpublic cloud.n
nnnVarun Carlay, CISSP, CCSP, is a management and information technologynprofessional with more than 20 years of experience in enterprise cloudnsolutions, data engineering, cloud security, compliance and privacy. Innhis current role as a Master Principal Enterprise Cloud Architect, henworks closely with several U.S. government departments and agenciesnrunning sensitive and critical workloads.nn
n- n
- n Find out more about ourn n CCSP certificationn n heren n
- n n Cloud Security Skill-Buildersn n grow what you know with short-format learning designed to fit your busyn schedulen n
- n n Download the CCSP Ultimate Guide heren n to get everything you need to know about the world’s leading cloud securityn certificationn n