Private Cloud Security Considerations Guide

Security Implication for Private Cloud

There is little or perhaps no surprise in the fact that cloud computing is taking the world by storm. Talk of the massive advantages that come with the model, in the form of convenient and on-demand access to a pool of configurable computing resources among others. In fact, cloud computing has the power to enhance agility, scalability, collaboration and availability whilst giving enterprises that chance to reduce costs. Keeping this in mind, the journey towards the cloud is not somewhat rosy as many might imagine.

The challenge for many enterprises is not just in making decisions with many cloud options being thrown at them, but also in ensuring security in the cloud. This article thus analyses the private cloud in a bid to help you sail through the security headaches from a business and management perspective.

Cloud Service and Deployment Models

Well, before diving deep let’s take a whistle-stop look at some definitions and related subject matter or rather, the three cloud service model and four deployment models of cloud computing as per Cloud Security Alliance and National Institute of Standards and Technology(NIST).

Deployment Models

Private Cloud– in this model the resources are open to a single tenant and they may be located out or on the premises. A cloud service provider (CSP), a tenant or a combination of both may manage resources.

Public Cloud– In this model the computing resources are open to the public via a CSP and a business, government or any institution may own or manage it.

Hybrid Cloud– This cloud model delivers a blend of on-premise private cloud with third party cloud service.

Service Models

Infrastructure as a Service (IaaS)– In this kind of service model the tenant is allotted storage, network, and other computing storage plus the ability to run any arbitrary software e.g. operating system and any applications. In this type of model, the tenant does not have any control over the underlying cloud infrastructure but he may be afforded limited rights on selected networking components.

Platform as a Service (PaaS)– This service model provides the infrastructure needed for tenants to deploy any created or acquired applications- as long as it is supported by the CSP. Like the IaaS, in this model the tenant does not have any control over the cloud infrastructure but has the control over the deployed applications and settings on the hosting environment.

Software as a Service (SaaS)– This model offers the ability to make use of CSP‘s apps running in the cloud. Such applications are accessible to the tenant through an interface like a web interface. Like in the other two models, the tenant is not given the control on the underlying cloud infrastructure.

Just to be clear, each of the service models can be deployed using any of the deployment models. So in the case of private cloud, we are talking about Software as a Service in the Private Cloud, Platform as a Service in the Private Cloud, and Infrastructure as a Service in the Private Cloud.

Now that you know a thing or two about the basics of cloud computing how about with dive into some of the vital security considerations for a private cloud.

Security Foundations Considerations

A proper private cloud security must be factor as the foundation of every design step. This means that each transaction must flow through a security wrapper when transitioning through the cloud. This applies to all inter-layer communications not forgetting any data at rest. One way to achieve this would be to ensure that software designed for cloud implementations follow security development lifecycle (SDL) guidelines.

It is also important to also integrate Identity and Access Management (IdAM) to help establish identities and control access to cloud resources. This will encompass things like:

  • Authentication
  • Authorization
  • Auditing
  • Directory service
  • Federation
  • Security policies
  • Role Based Access Control
  • Credential management

Infrastructure Security Considerations

The next contentious part of private cloud security is the security of the infrastructure layer. This calls for top-notch security right from the physical security to the virtualization component (Hypervisor). A good way to understand the security issues in the infrastructure layer is to break it into small modules i.e.:

  • Storage security
  • Host operating system security
  • Hypervisor security
  • Hardware security
  • Network security
  • Computing security
  • Physical security
  • Supply security
  • Facility security

Platform Security Considerations

After you have implemented effective security at the infrastructure level, it is time to examine your platform security. In other words, this is the point where you examine any potential attack points at the platform level. The first place to assess would be the virtual machines to ensure that they are protected from each other and from the host computers. Since access to data services is also part platform layer, you should also keep in mind the aspects of data storage. Other key aspects to consider as far as platform security is concerned are: Development environment security and Application Framework security.

Software Security Considerations

Software deployed at the highest level of the cloud will usually present its own share of security challenges. In fact, application security issues at this level are usually synonymous to those in data centre meaning that the normal practices to make applications secure in these centres, do apply in the private cloud by default. It is, however, important to note that some issues are unique to the cloud. For example, you may not have control over the client i.e. client OS, browser types, Anti-virus security etc. This implies that the application you design should always validate and constrain your client input.

Service Delivery Security Considerations

The service delivery layer has the onus of giving a consumer that access to a private cloud thus security is a critical issue in the layer. Two security aspects to consider in this layer are:

  • Connection security creating and maintaining secure connections to the client.
  • Service end security- The consumer interfaces with the service delivery layer.

This can be attained through automated port and protocol restriction defence strategies coupled with intrusion detection systems, honey traps, traffic analysis and packet inspections.

Management Level Security Considerations

You might be tempted to trust your administrators but the fact that they have greater control means that you should wary of them. Therefore, you will need to keep an eye on a range of linked capabilities that give a route to manage the service delivery layer. One way to keep things in control is to make sure that the management data and the user data are properly separated. In other words, our administrators should be treated as separate tenants with restricted access to other tenants’ data. You are even advised to go for management tools that offer advanced security functionalities.

Legal Considerations

This is the last in the list but it could as well have been the first one given the importance to access of company data-by-data agencies around the world. Ultimately, you must be aware of all the compliance regulations of the countries in which your organization operates. An effective approach to mitigating legal issues is to implement a compliance, risk management, and governance framework.

Conclusion:

This article presents a detailed discussion on the issues and options that need to put under the microscope when designing security for a private cloud. This should not, however, be considered absolute given that two enterprises are never same. Regardless, this should clearly serve as a yardstick for any cloud bound enterprise.

Leave a Comment