Tips and Tricks

Tips and tricks

How to ensure security in hybrid and public cloud models

You know how to protect a data center. Firewalls and intrusion detection are second nature to you. But protecting data in the cloud, or to be more precise in hybrid and public cloud models, is new ground for you. In the following, we discuss measures to reduce risks in migrating to the cloud. These measures relate in particular to the areas:

-         Encryption and integrity

-         Authentication

-         Identity management

-         Drafting of agreements and compliance (data protection)

-         Organization

Here are a large number of conceivable technical and organizational measures to reduce the risks involved in migration to the cloud. They include contractual provisions that take account of issues such as emergencies, data protection, audit rights and termination of agreements. Service level agreements (SLAs) must also stipulate the level of quality of the cloud services (which has to be verifiable on the basis of measureable key indicators). The technical measures also include encryption of data in databases and in communication (e.g. encryption and decryption of confidential data only on the client, XML encryption using certificates to achieve end-to-end encryption):

-         Use of digital signatures to protect data and documents (XML signature)

-         Enhanced authentication by two-factor authentication, for example using a smart card and digital certificates

-         Mature identity management that enables electronic identities to be transported securely (federation)

-         Protection of documents by means of rights management systems

-         Development of security concepts that also cover emergencies and migration to and from the cloud.

In order to implement the necessary measures, you should adopt a defined procedure – a kind of safe path for migration to a cloud – and stick by it. This approach should comprise at least the following aspects:

-         Management has developed a strategy for cloud computing which in particular defines what divisions or processes are to be migrated to the private cloud and what areas may and should be moved to a public cloud or not. It also explains what general risks have to be protected against and must never be taken.

-         The approach clearly defines the phases of planning, drafting of agreements, migration and operation, as well as all the necessary responsibilities.

-         All the responsible parties, such as management, the legal department, the Works Council, the Data Protection Officer, the Security Officer and user departments must be integrated from the outset.

-         A Security Officer is also appointed for migration to the cloud and also remains responsible during operation of the cloud.

First of all, an initial rough security analysis is conducted for migration to the cloud. In this, initial variants for the possible migration are developed and may differ as regards the service model (SaaS, PaaS or IaaS), for example. The different potential variants are analyzed for risks and the protection required.

Statutory (in particular data protection policies) and organizational requirements are included in the analysis. The information obtained is used to derive security requirements that have to be met. In the “drafting of agreements” work step, a verifiable service description must be agreed in service level agreements (SLAs). Here we recommend that you read our September newsletter, in which the subject was presented in detail. The Federal Office for Information Security

(BSI) has recently prepared a key issue paper on minimum security requirements. It provides eight simple instructions for users which have to be taken into account in the SLAs.These are:

1. Management of privileged user accounts: The service provider must have implemented a privileged identity management system for administering privileged accounts throughout its IT operations. That is intended to guarantee to users that policies, processes and practices meet their data security requirements.

2. Policy compliance: The policies and processes of the privileged identity management system on the provider side must match those of the enterprise. Ideally, all of them are ISO-based.

3. Evaluation: In the selection process, decision-makers should meticulously examine and evaluate the service provider’s security structure, paying particular attention that the tools used for privileged identity management automatically support the security policies and processes.

4. Documentation: The policies and processes for privileged identity management must comply with auditing and reporting requirements. The solutions and technologies used should be specified in writing in contracts and service level agreements.

5. Definition of roles: Policies must regulate and limit privileged user access. A separation of duties is mandatory.

6. No hidden passwords: No embedded application passwords offering access to backend systems or databases should be used.

7. Monitoring: The service provider must permanently control and monitor the privileged user accounts.

8. Reporting: There must be logging and reporting on access to and activities for all privileged user accounts. The service provider should give the customer a weekly or at least monthly report on the use of privileged accounts.

In principle, the following must always apply: The service provider’s administrators are given access to applications, processes, services, systems and data. Decision-makers should therefore ask precisely which solutions the provider uses and how it monitors means of access. No one can afford naivety when it comes to security!

Conclusion of the agreement is followed by actual migration, i.e. step-by-step and planned relocation. Migration to the hybrid or public cloud starts with creation of security concepts developed together with the service provider. They show the security architecture, specify the risks and use this as the basis for deriving measures to be implemented. The security concepts take into account the migration phase itself, since an adequate level of security must also be maintained at all times during migration. Migration is then conducted in accordance with the stipulations of the security concepts agreed with the service provider, in which in particular responsibilities must be clearly defined. It is also necessary to keep on adapting the security concepts as the project progresses.

In the work step “maintaining secure operation” the migrated functions are operated by the cloud provider in accordance with the customer`s security requirements and in compliance with the agreement and security concepts. Functioning processes and interfaces are important now. In particular, security monitoring enables fulfillment of the contractually agreed services to be proven, continuously improved and verified.

The work step “secure termination of migration” involves ensuring an orderly end to migration. This must likewise be done in compliance with the contractually agreed provisions. The service provider must demonstrably erase data on its systems in such a way that it cannot be restored using refined methods and technologies. That includes not only data from the business process, but also operational data, such as log data for systems and applications.

Finally, it can be said that migration of functions to a hybrid or public cloud is similar to an outsourcing project. For all the potential, the risks should also not be ignored, above all because they are manageable if a defined and secure procedure is used in migration. Such a procedure ensures that risks can be detected and controlled in good time.

Rainer Zeitler, Vice President Enterprise Solutions Engineers EMEA