Some key issues to look at when moving an application to the cloud include:
- Communication channels to services and systems the software relies on.
- Communication channels used for necessary communications to clients.
- Encryption standards for data at rest.
- Logging, log reviews, and monitoring.
- Authentication and access control.
- Privacy policies.
A lot of the security scrutiny surrounding a cloud migration focuses on the security of the cloud provider's infrastructure itself. This is important, but the weaknesses that the software platform brings along with itself are almost certainly a bigger problem.
Communication Channel Security
The key considerations here have to do with the nature of this communication. Certain types of data should not be transmitted unencrypted across an external network. This includes information protected by the privacy policy and relevant regulations, but it may also include information that would tell someone how the application works.There is really very little incentive not to encrypt all traffic. There is a performance hit, but the only responsible way to avoid it would be do perform a close analysis of all data that would not be encrypted. Even when the analysis was complete, you can't guarantee that the program won't change in a few months (even assuming that nothing was missed in the analysis). There are a number of options for forcing encrypted traffic, including built-in capabilities in both Java and .NET to force use of SSL for web interactions.
Where programs have incorporated hard-coded IP addresses in code, there is some possibility that traffic would be delivered to entirely the wrong place in a hosted environment. This is especially the case for the standard ranges that are commonly used for internal IP addresses.
But the use of hostnames can also be problematic, since name lookup infrastructure is usually controlled by the outside vendor. (In any case, references to specific names should be contained within configuration files, not in the actual code source.)
Where possible, client-side SSL certificates can provide an extra layer of security, by providing assurance that the target side of the connection is actually the system that we are trying to contact.
Data Encryption
Data at rest can be secured using several technologies, some of which overlap. SQL Server and Oracle both provide Transparent Data Encryption (TDE), and DB2 provides similar functionality. Make sure key sizes are in line with current best practices recommendations.Queries to databases can be encrypted during transmission by specifying SSL as the connection protocol in the JDBC driver or .NET connection.
Keep in mind that existing hard-coded encryption tokens, keys, etc may cause problems during application migration to the cloud. And if the same key is re-used in several contexts, the compromise of a single component can result in a broader compromise through the entire application or environment. It is important that encryption keys, tokens, etc be maintained outside of the code base itself, where they can be changed or updated as needed.
Logging Considerations
Logging streams usually do not use connection-oriented protocols. One concern about logging in the cloud is that logging streams are relatively easy to divert or snoop. Debug-level information might be considered an information leak about how the parts of your application communicate, which could provide the information an attacker needs. While we need to allow an adequate level of logging, we may also want to restrict access that would allow too high a level of logging to be enabled.At the same time, it is important that logs be maintained and reviewed, just as they should be on an internal network. Given the potentially greater exposure of the data, log review procedures need a careful review as part of any application cloud deployment.
No comments:
Post a Comment