John Rhoton, someone who has held senior positions for cloud computing at HP and Symantec, has released the “Cloud Computing Protected: Security Assessment Handbook”. Jan De Clercq (who writes frequently about security for WindowsITPro.com) and David Graves, an HP Distinguished Engineer who specializes in cloud services, also contribute to the book. John’s previous books in the series are Cloud Computing Explained and Cloud Computing Architected, both of which are good reads for anyone who needs to understand the basic concepts that underpin this mode of computing. Given the rush to embrace the cloud as the preferred platform for a range of applications, it’s a good time to release a book to remind those considering the transition to the cloud that some work is necessary to ensure that data and access remains secure.
One aspect of migrating to a multi-tenant cloud platform is that you cede operational control over your data. Consumers have been doing this for a very long time. It’s always interested me that people are quite happy to upload some of their most precious memories to online photo sites like Snapfish.com without any knowledge of who now has access to their photos, where the photos are actually stored, and what the long-term future of the site might be. In effect, consumers transfer control over their data without batting an eyelid.
Companies can impose many requirements on cloud vendors before they transfer any data and demand that the cloud vendor demonstrates how access to tenant data is controlled and audited, but once data passes over the Internet to reside in a cloud data center you really don’t know how it’s managed. You have to trust the vendor to protect your data and to take whatever steps are necessary to ensure that no unauthorized access is ever gained to that data. Given the sheer size and scale of the multi-tenant platforms that support cloud services like Google Apps and Office 365, you have no option but to trust that administrators don’t go where they should not.
The fear that a rogue administrator might take action to compromise data on a cloud platform is understandable, but we also have to face the unpalatable fact that exactly the same fear should exist within on-premises deployments. For example, someone who is an administrator for an Exchange organization essentially has full and unrestricted access to everyone’s mailbox. And if they choose to limit their chances of continuing employment by browsing through mailbox contents to discover delicious nuggets of gossip, there is not much chance that their activities will be discovered unless you’ve implemented controls such as administrator and mailbox auditing and the rogue administrator makes a mistake and does something in a mailbox that is actually recorded.
On the other hand, if they merely look at mailbox contents, their illegal access is unlikely to be uncovered unless someone actually sees them in the act. It is for this very good reason that Exchange experts recommend that all deployments limit the number of people who have elevated permissions and that strict controls are in place to prevent permissions spreading over time. The advice is as valid for Exchange 2013 today as it was when Exchange 4.0 appeared in 1996. The details of granting and using access have changed over time, but the principle remains intact.
Even so, we still place a lot of trust in on-premises administrators to do their work without compromising user data. The same trust is given to cloud administrators – and in one way you are better protected in the cloud because the sheer size of the environments means that any individual tenant is just one tree obscured by a pretty massive forest. Something to think about, or maybe read the book…
Follow Tony @12Knocksinna