Secure journey to the cloud. A matter of control


Published on

Published in: Technology, Business
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Secure journey to the cloud. A matter of control

  1. 1. Public the way we see itTrends in CloudComputingSecure Journey to the Cloud - a Matter of Control
  2. 2. Public the way we see itTrends in Cloud ComputingSecure Journey to the Cloud - a Matter of ControlFebruary 2012
  3. 3. Public the way we see itThe introduction of cloud computingmarks a crucial transformation Everything will change in the years of “Secure Journey to the Cloud - ahead in the field of ICT-based oper- a Matter of Control,” provides an ational management. Civil servants answer to this question for politicians, will no longer have computers under administrators, and others dealing their desks, customer-facing counters with or responsible for implementing in government offices will become cloud solutions in the public sector. superfluous or be digitized, data cen- ters will be merged and ICT depart- ments of public authorities and exec- utive agencies will be fully or partly abolished. At the same time, increas- ing amounts of data stored by public authorities will be made available to citizens and businesses for reuse. Influenced by social media develop- ments, citizens and businesses will demand that the government pro- vides its services through the same channels. This must all take place in a government-guaranteed secure environment. It is high time for a fresh look at the organization and use of ICT in and by public authorities; and an associ- ated security policy. The necessity of the latter, is clearly demonstrated by the recent developments relating to WikiLeaks and particularly the suc- cessful denial-of-service attacks on the websites of various public authorities. Cloud suppliers could have thwarted these attacks if cloud computing had already been implemented. Cloud computing can only be suc- cessfully adopted if traffic can flow securely along the digital highway. Security is, therefore, often a key area of concern in discussions on cloud computing. It is essential that security is well organized in the interest of society as a whole. The question is what actions the government should take in the field of security to guaran- tee the proper introduction of cloud computing. This paper on the theme 3
  4. 4. Contents 1 Cloud computing - an irreversible trend 05 2 Worry-free use of the cloud 07 3 The context of cloud security 09 4 The concept of cloud security 10 5 Cloud security services 13 6 Conclusions and recommendations 16
  5. 5. Public the way we see it1 Cloud computing - an irreversible trendCloud computing in its various email, download videos or use word- n Lower costs/less ICT investmentforms processing applications directly on in the workplaceCloud computing allows smart use of the Internet. A third concrete example Unwieldy computers under or onthe potential offered by the Internet. of the impact of cloud computing is desks will be replaced by a tinyBoth businesses and public authorities the reduction in the number of data box that manages traffic via theview it as a useful and unstoppable centers, as cloud computing enables Internet. The benefits are lowerdevelopment in information and com- server capacity to be used more effi- costs in the investment and opera-munication technology (ICT), which ciently and only when it is really tional phases for hardware, andmodernizes and improves services and necessary. licences which are no longer re-operational management. Implement- quired in the workplace but whichations will succeed only if data, data What are the benefits of cloud can be accessed via the cloud. Alsosecurity and data traffic via the Internet computing? fewer ICT personnel are requiredare handled in a careful and well-man- Cloud solutions offer innumerable on the shop floor to keep computersaged way from day one. benefits: running. The savings on workplace facilities alone are considerable. ForCloud computing differs conceptually n Joined-up government example, the US Federal Govern-from existing ICT arrangements. Government services are increas- ment is aiming to achieve savingsA key difference is that users do not ingly being provided via the Internet, of more than 60 percent on licencehave to store information on data which acts as a virtualized counter costs for the use of email (source:carriers such as PCs and USB sticks. for public services. In this way The range of tried-and-That is a major advantage. Surveys public authorities can be contacted tested applications and servicesreveal that business-sensitive infor- seven days a week, 24 hours a day. available in the cloud is growingmation is held insecurely on hard Citizens and businesses increasingly daily, including for the support ofdrives in over 60 percent of worksta- expect that. They are also less operational management functionstions and laptops. Business sensitive concerned about the way in which (personnel, information, organiza-information is also held in unen- authorities organize themselves be- tion, finance, computerization,crypted form on 66 percent of all USB hind the computer screen. Whether communication, and accommoda-sticks ( for a tax return, a licence or benefit tion). This substantially reducescloudworks05.pdf, November 2010). application, the customer expects the time required to implement the authority to know who he is new ICT systems. They are no lon-Cloud computing takes various forms. and link up the relevant files, there- ger built or purchased, but areThe best known are social media. by keeping the number of trans- selected and paid for on a per-useSocial apps (cloud-based applications) actions to a minimum. This is all basis on the Internet.such as Hyves, LinkedIn, and Face- possible using the cloud as thebook are used daily by millions of basic framework. After all the n Consistent supplier managementpeople around the world. Users now government services have been The introduction of cloud comput-store data not on their own PC but interlinked, the next step in the ing enables us to purchase and usesomewhere in the cloud. Another modernization of service provision ICT resources in a more coordinatedexample is the increasing use of thin- is the enrichment of the available and consistent manner. ICT deci-client computers. These are computers information via social media, and sions are currently taken across mul-with very limited storage and process- communication via social media by tiple levels and departments withining capacity. They provide access to public authorities, citizens, and busi- governments. The relationship withapplications and remote storage via nesses. business is changing. Public author-a (web) browser. A thin client is, there- ities can greatly reduce the numberfore, nothing more than an informa- of commercial relationships by sign-tion viewer that seeks to connect to ing contracts with partners on thethe World Wide Web. You read your basis of a one-stop-shop model,Cloud computing - an irreversible trend 5
  6. 6. using ICT hardware and software, Cloud computing requires ments (SLAs) between the govern- to a large extent, remotely. This consistent management ment and suppliers of cloud prod- model helps governments to con- The secure and efficient implementa- ucts and services. centrate on their core tasks. tion of cloud computing solutions by ministries and local authorities re- The next part of this report deals inn Consolidation of data centers quires a consistent approach under greater depth with security policy, Data center consolidation signifi- the overall ‘direction’ of the central the context, risks, and available cloud cantly reduces costs. The govern- government. The management rules services. The aim is to provide guide- ment uses more cloud-based ser- must be clear to prevent everyone lines for worry-free use of the cloud. vices, and so less capacity is required reinventing and implementing their In short, a restrictive set of boundary than in the current situation. It also own cloud wheel. Security require- conditions must be established and means ICT can be used more sus- ments must be supported by all gov- enforced for public authorities. Ensu- tainably. The average utilization in ernment institutions, otherwise all the ring continuity of service is of prime cloud solutions is between 60 per- benefits will be negated; and chaos importance. Some people also view cent and 70 percent. In on-premise and complexity will merely increase. this as an integral part of “security”. data centers it is still between 10 As an illustration, suppose that com- percent and 15 percent. pany X supplies cloud services to 500 government institutions. Thosen Economies of scale and security 500 government institutions cannot The economies of scale offered by carry out their own separate annual cloud computing allow security and audits of the solvency, security com- privacy to be managed more effec- pliance, privacy, and data controls of tively than at present. At first sight company X. that may seem illogical, but just think for a moment about the current Hence there must be centralized security situation. Standalone com- management on several fronts: puters in the workplace are often n a single client, a uniform schedule inadequately secured. All kinds of of requirements from a demand- things can happen while they are focused organization on the basis unattended: for example, data can of consensus among all layers of be read, USB sticks can be copied, government; and intruders can manipulate soft- n a uniform ICT architecture, policy ware to spy on data or can install and organization for departments, viruses. What about passwords? And local authorities, and executive is it possible to detect data breaches agencies; in local data storage? With cloud n specification of and compliance computing, data does not have to with available and open standards; be stored on a data carrier or local n accessibility of basic registers for PC, and problems such as those use in cloud solutions for govern- described above are prevented. ment and business; Security, including data encryption, n establishment and management of is managed centrally for all users. But the government “App Store” pro- even within the cloud environment viding cloud solutions; there is human input, so checks and n international developments/regula- balances must be set up to keep the tions (EU and elsewhere); risks of human error to a minimum. n a consistent and effective security policy and clear service level agree-6
  7. 7. Public the way we see it2 Worry-free use of the cloud What policy can be formulated? Now, back to security in the organi- Cloud computing naturally poses many zation: has there ever been an assess- ICT-related challenges which require ment of the current level of security constant attention. Many companies in the organization’s own data center (IBM, Microsoft, Intel, among others) or that of the outsourcing partner? have conducted research into the They may have an SAS 70 statement concerns frequently raised by senior and an ISO 27000 certificate, but what business and ICT management. Over- do these actually cover and what are all, this research has highlighted the the actual risks? three biggest concerns as follows: 1. security and privacy of data in the How well secured is your data at pres- cloud (44 percent); ent? Do you know who sweeps the 2. availability of cloud services for server room floor in the evenings after business processes (41 percent); work? Is everything securely under 3. integration with other services lock and key, both physically and dig- (39 percent). itally? Cloud architectures require additions and modifications for use Proper security arrangements are in the cloud. therefore a top priority! Risk management Why the fear of security issues The fears surrounding this new cloud in the cloud? phenomenon are understandable, but Security is seen as the biggest concern. cloud services can help improve the Why? Because the cloud appears to be current level of information security. somewhat “hazy” in terms of security, Increasing numbers of parties are be- and the way in which security should coming involved; and, as stated pre- be set up to promote business initia- viously, human failings are always a tives and comply with regulations. This possibility. Risks must therefore be is mainly because we can no longer managed. The following five points point to the room, server or tape that are of great importance in risk manage- contains our information. Many people ment: instinctively believe that if they can 1. inventory of information of impor- see and touch something they have tance for the government; more control over it. You could liken 2. inventory of possible threats with it to somebody who travels by motor- regard to that information; cycle (the least safe means of transport) 3. determining the probability of to the airport in order to board an air- threats materializing; craft (the second safest means of trans- 4. determining the impact of a materi- port). For most people, the fear of an alized threat; accident when flying is many times 5. determining measures to protect/ greater than when riding a motorcy- minimize the impact. cle, whereas the statistics show pre- cisely the opposite. That is because Security is one of the possible mea- on a motorcycle you retain control. sures resulting from point 5. Whereas in an aircraft you do not.Worry-free use of the cloud 7
  8. 8. Towards a new security be responsible for the implementa- approach for the cloud tion of part of the services. It no lon- Risk management means striking a ger matters to the government how balance between opportunities in oper- these services are structured in terms ational management and financial of hardware and software, although factors or regulations. It is about en- the government does retain responsi- abling flexible services, not limiting bility for functionality, including new initiatives. security requirements. These must If the government wants to use the be set out in clear SLAs. The central cloud successfully without worries, government CIO must specify the then it needs to develop policy differ- framework for this. The government ently with regard to security and con- must maintain overall control of the trol under the influence of changes standards that will be used to secure resulting from economies of scale and the information. There are various standardization. The basic principle is reasons for this: actually very simple. At present, deci- n the government must prevent the sions on security matters in many formation of cloud silos, which countries are still taken independently cannot communicate with each at many different points in government. other; With the introduction of cloud com- n the government must prevent cloud puting, this must take place in a co- suppliers setting up their own authen- ordinated and coherent way. A central tication and authorization systems government CIO, for example in the independently of each other; Netherlands, could have a prominent n the government must maintain over- role to play in setting the framework all control of any encryption used, in this regard. and in particular the management of keys among cloud suppliers; It must also be possible to open up n the government must enter into cloud services on the basis of stan- agreements on how cloud suppliers dard protocols, so that information will communicate securely with can easily be reused within the gov- each other; ernment. After all, care must be taken n the government must ensure that to avoid recreating information silos, cloud suppliers fulfil their agree- this time in the cloud. ments by monitoring them com- A possible means of worry-free mig- prehensively across all suppliers. ration to the cloud could involve the government developing a migration Conclusion strategy in which less sensitive ICT Governments should develop a gov- services with lower security require- ernment-wide process and ICT archi- ments are examined first. Subsequent tecture that makes optimum use of levels will then only be tackled if there the possibilities afforded by modern are adequate results with known learn- cloud facilities. They must also draw ing effects. up and implement measures to main- tain the architecture (both within the Shift of responsibility government and extending to cloud When ICT services are moved to the suppliers). cloud, the government also ceases to8
  9. 9. Public the way we see it3 The context of cloud securityWhat are the risks? your data will also be used by crim- location in which their data is stored.The apparent new risks resulting from inals or by the administrators of the Depending on the type of regulation,the use of cloud services appear fur- cloud service. The impact of this there may be a requirement to know,ther-reaching than the security risks type of data leak depends on the for example, precisely who has ac-associated with conventional client- type of data stored in the cloud. As cess to what data, who has carriedserver infrastructures, such as the far as is known, the recorded cases out particular modifications, etc.risk of loss or theft incurred when have always involved an error by a Cloud services do not always in-physically transporting information system administrator, for example corporate functionality to provideon laptops, USB sticks or paper files. forgetting to change the default clients with such information.Such transportation is no longer nec- password, thereby allowing other Additional logging tools and accessessary when using the cloud, as secure users in those organizations to abuse controls will be necessary wheninformation can be accessed from their access permission. This type using cloud services for that typeany location. of data leak cannot, however, be of compliance. It should be stated attributed to the concept of the that a number of suppliers in theThe main risks when using cloud cloud provider. cloud are already providing suchservices are: services. n Privacy breaches n Unavailability Almost all government organiza- n Integration across multiple Whatever the cause, data managed tions handle privacy-sensitive data. organizations by a cloud service provider would This type of data must not fall into When government organizations be less readily available than data the wrong hands. Privacy also has begin transferring services to the stored within the organization. If to do with the type of information cloud, the cloud services must be a government organization takes stored and the length of the permit- able to communicate with services no steps to guarantee the reliability ted storage time. These aspects are still running in the organization’s of the cloud, services may become not specific to the cloud, but it is own data centers. They must also unavailable. That will result in a advantageous to know where privacy- be able to integrate with partners failure of business processes. An sensitive information is stored in in the logistics service chain. Two interesting example concerns the the cloud. The privacy laws apply- types of risk are significant. Firstly, recent developments surrounding ing in Europe differ from those on the basis of standards, the cloud WikiLeaks. This organization had applying elsewhere. Most cloud service must be able to communicate stored a large number of documents providers can currently guarantee with other services within and with an American cloud provider. that information will remain within outside the boundaries of the Despite the use of the “safe harbour” the EU. It is expected that a number client organization. Secondly, the model (a model in which the rules of cloud providers will go a step service must be able to secure this and laws of the data owner’s coun- further, and even give country guar- communication to satisfy the try apply rather than those of the antees. This will depend on the requirements of the government US), the US Government was never- spread of the various cloud data organization. theless able to pull the plug on the centers and their economic feasibil- organization. ity. In the case of both examples, these guarantees must be legallyn Data leaks and technically watertight. You do not know who, other than your own employees, has access to n Compliance issues your data. After all, it is outside the Compliance with internal and field of vision and boundaries of your - more importantly - external regu- organization. There is a risk that lations sometimes means that orga- without sufficient access security nizations need to know the physicalThe context of cloud security 9
  10. 10. 4 The concept of cloud securityWhich security aspects have to Privacy ties have an important role to play inbe fulfilled? Privacy measures protect personal this regard. Cloud providers can guar-What must government organizations information in such a way that others antee that information has actuallydo for a reliable transfer to the cloud cannot access it. Various identity and been destroyed, but the owner of thebased on acceptable risks? They must access management systems support data needs to ensure that the destruc-fulfil a number of basic security cloud services with a wide range of tion has been initiated. ITIL formu-aspects, the principles of which are privacy and security measures. These lated an appropriate set of processesdescribed below. include low security level with pass- some years ago for incident and prob- word-based authentication, to high lem management, backup, and recov-Protection security level with attribute-based ery. The government must enforceA user’s information and access rights authentication systems. The latter those requirements and have themmust be protected against abuse by systems use state-of-the-art privacy- guaranteed by a TMP. In an SLA, allunauthorized users and intruders. supporting certificates. Efficient pro- conditions such as retention time, min-Due to the fact that information and cess organization is also important imum performance, and storage sizeapplications are based in the cloud, in the event that the authorities raise can be recorded in a standardized waysecurity measures such as door locks any questions. For example, what does and verified subsequently by means ofor uniformed security personnel no the provider do if a public prosecutor standard reports.longer work. The storage, transmission, asks for data? How can the govern-and use of information must be digi- ment demonstrate to its citizens and Access and reliabilitytally protected. This can be done businesses that the provisions of the Access to information and the pro-using technologies such as PGP, SSL, relevant laws will be upheld? cessing of data items must complyFTPS, and HTTPS. However, cloud with the privileges granted to the userproviders choose to go further. Most Recoverability requesting access. Unauthorized accesssupplement the existing security Data stored in the cloud is subjected must be prevented. Every user claim-measures with specific measures to to regular integrity tests to guarantee ing a unique identity when gainingdispel the cloud user’s fears and un- its recoverability. Most cloud service access to data will be subject to a pro-familiarity with cloud data centers. providers replicate data three of four cess to investigate whether he is indeedData in cloud environments must be times instead of making real backups. the authentic owner of the claimedprotected to an even greater extent This means they can recover from disk identity. After verification, the userthan in your own operating environ- crashes and major disasters. However, may only carry out those actions forment. Government bodies must of most service providers do not guaran- which he has been granted permis-course decide for themselves whether tee the backup and recovery of data sion. Cloud providers have set upa cloud provider is using sufficient which is “accidentally” deleted by the facilities for this. There are even pro-security techniques in the data cen- end-users themselves. A government viders who offer the possibility, forter. This requires the government to body must therefore make or arrange example, of linking such facilities tohave specific expertise. its own backups, for example by tak- an active directory of their customers. ing snapshots and downloading and An active directory of this kind estab-The transmission part requires sepa- storing these on its own premises or lishes the authenticity and accessrate attention, addressing aspects with another cloud provider. Another rights. These are then managed exclu-such as virtual intrusion (penetration problem is that data in clouds can be sively by the client organization. Thetests have been found to be very use- stored indefinitely. Depending on the advantage of this is that such informa-ful), theft or compromising of data type of data and the applicable legisla- tion is recorded in only one place andduring transmission (stealing a copy), tion, this may not be permitted. Service can be used both by the internalinterception, and sending forged providers only process and store data. information systems and externally bymessages. The data center is ultimately So, they may have insufficient knowl- the cloud provider. The authentica-just part of the assets and aspects edge of statutory retention periods or tion and authorization data constituterequiring protection. mandatory clearances. Public authori- an application/information system in10
  11. 11. Public the way we see ittheir own right. That system must over IP (VoIP) seek to empower users very expensive. Most cloud providerstherefore also meet the specified by managing identity and security offer logging and monitoring tools,requirements. These concern authenti- “on the fly” or dynamically in place although some are rather rudimentary.cation and authorization for people of traditional directory control activi- Market participants are responding towho are or are not given formal access ty. Certification and policy control of this by offering additional logging andto the data. Safeguards against unau- applications and data from devices is monitoring tools.thorized (criminal or terrorist) access managed through the federated securi-are not yet covered. ty of multiple devices outside the cor- Integrity and irrefutability porate firewall. Access is through de- Cloud providers must ensure that theConnectivity vice policy control, enabling new cloud integrity of data is protected and thatManaging the process of access to cloud service models of apps stores and new it cannot be modified, duplicated orservices through identity authentica- content delivery channels. The advent deleted without authorization, just astion and authorization is critical, but of cloud broker services has led to the in the client’s own ICT organization.there are also other steps once con- emergence of a Bring Your Own Policy The long-term irrefutability of digitallynected to the network. Extract net- (BYOP) concept where companies not signed data is an important aspect ofwork security may be needed beyond only have multiple devices, but also PKI-related standards in clouds. CloudSSL, TLS secure messaging and data control the policies that enable devices providers use various mechanismstransport layers to ensure the actual to be approved, audited and controlled among themselves to deal with routinesecurity of this network. remotely. events. These could include the expiryWith the growing public telecommu- These network topology choices also of a public-key certificate and thenications infrastructure such as the affect the “last mile logistics“ of con- expiry of a time-dependent trusted-Internet to connect to cloud services, necting a user device to the informa- authority certificate.and the potential for company net- tion technology service, whether it beworks and external non-company net- cloud or non-cloud hosted. Connec- Compliance with regulationsworks to be involved in cloud service tivity can be fixed-line, or IP address- Legal, regulatory, and contractualuse, this raises issues of connection enabled and delivered through a wire- requirements must be defined forsecurity both for mobile employees, less connection. It also is a key en- all parts of the information system.and external users outside the compa- abler in the idea of hybrid cloud, Monitoring activities must be plannedny firewall environment. Choices of where data and applications move- and laid down in advance in jointprivate networks and the use of tech- ments between different clouds and consultation between the parties con-nologies such as Virtual Private Net- host environments can be achieved cerned. It is also necessary to conductworks (VPN) and Virtual Wide Area securely. The security of networks regular independent reviews andNetworks (VWAN) are increasingly is an essential strategic architecture assessments. Cloud providers mustnecessary parts of a secure network choice in cloud computing which comply with all internal and externalstrategy to underpin the desire for affects the access, mobility and usage regulations, laws, contracts, policymore freedom and mobility. Using of cloud-enabled business and users. and mandatory standards. Many pub-secure networks enables remote user lic cloud providers use the complianceaccess management while enabling Accountability and controllability and legislative frameworks of theencryption of data as a layer to pre- A full log must be maintained for country in which the respective cloudvent disclosure to unauthorized users. accountability in respect of data oper- data center is located. Government ations. This must record all actions organizations can adopt these frame-Yet the virtual private network is also carried out within a user session to works or outsource them to a cloudseeing other new cloud consumption allow controllability. What precisely provider that complies with the neces-models that are reversing previous has to be logged must be agreed with- sary legal frameworks. This could betrends of centralized systems and net- in your organization. This is technically an additional task for the governmentwork management. Bring Your Own feasible, but (comparable to the storage audit service that can opt to keep itDevice (BYOD) connectivity and Voice and logging of telecom data) can be in-house or have it outsourced.The concept of cloud security 11
  12. 12. also necessary to fulfill the interopera- Figure 1: Layered Architecture bility of cloud services. In the case of IaaS, for processing power or storage capacity for example, Cloud Security Architecture the service provider may be required Laws & to store the data within a country or Secure Communication Services Regulations region, for example in the EU or the Netherlands. This is to comply with Cloud Integration Services legislation on data storage. Monitoring & Auditing In the case of PaaS, the exposure is Authorization Management Upgradability & Access Control Services Migratability changed for example for in-house applications or purchased packages, Data Data which were initially behind a firewall SAAS Encryption Application Encryption Policy & Governance but which now operate on the cloud infrastructure. Anyone with an Inter- PAAS Platform Storage Integration net connection can now access them. Business Continuity Therefore, more attention needs to be IAAS Networking Management paid to whether the access to data via the application or directly to the data- base is properly secured. PaaS gives aInsurable tional to cloud-oriented ICT services. third party the possibility of hostingThe risks relating to the system must This will take a number of years. The its own software on a particular plat-be controlled. Few parties other than first migration must also incorporate form made available by a providerthe cloud service providers themselves an exit strategy (back to conventional (perhaps a standard application withcurrently offer such financial insurance services), otherwise there may be a adjustable parameters). Some provi-for cloud services. feeling of being on a “one-way street”, ders may also handle the application which will be unsettling. management tasks.Migratable and upgradable In the case of SaaS, there are otherA migration path must exist that is What architecture model can be matters of importance. Each SaaS sup-feasible, controllable, and acceptable used? plier must be able to fulfil the compli-to users in order to move from an old Cloud security services can be imple- ance rules applicable to governmentto a new cloud provider or to a subse- mented in layers. Figure 1 shows how institutions.quent version. The cloud infrastructure the various security layers for cloudmust be easily upgradable to new computing are positioned relative to In each cloud service (IaaS, PaaS orreleases of hardware and software. each other. It is important that the SaaS) the compliance, management,This may pose a problem for the use familiar cloud computing variants and security aspects must be assessed.of some business functionality, as of Infrastructure-as-a-Service (IaaS), A gap analysis can be carried outsome business functions are currently Platform-as-a-Service (PaaS), and showing what is required and whatavailable from only one cloud provider. Software-as-a-Service (SaaS) are all is present. It is also possible to deter-The growth of the cloud market should aligned: these include associated ser- mine how these characteristics relatemean that technology to support every vices. The main message in figure 1, to the insurance and protection requi-possible business process will become from a security architecture perspec- rements of the respective informationavailable from multiple sources; and tive, is the distribution of responsibili- components. This answers the ques-open up the possibility of migration ties. Depending on the type of cloud tion of which data and which func-from one cloud service provider to service in the model, there is a further tionality can be accommodated inanother. In the first place, energy will responsibility relating to management which focused on migrating from conven- and security aspects. Of course, it is12
  13. 13. Public the way we see it5 Cloud security services What cloud services are avail- look at the security of the connec- able on the market? tions: this is a specialist area that Figure 1 identifies the main security must be addressed separately. services in the different layers of cloud environments. These services Authorization management and their operation within the cloud services environment are described below. Authorization management services ensure that the right user accounts Data encryption services with the right information are avail- Most people believe that the cloud able in the relevant systems. If that is services in the market provide a not properly implemented, access lower level of security than their own control will be a mere illusion. All data center. The question is whether accounts, including administrative this is an accurate observation. In accounts, must always be related to many cases the cloud service provid- individuals in order to prevent abuse. er will have a higher level of security The first step is, therefore, to manage than most data centers and outsourc- the entire life cycle of accounts relat- ing providers. There are two possible ed to individuals (employees, part- reasons for this. First, cloud service ners, customers, etc.). This must providers take a standardized, gener- include the functional accounts (for al approach to security. Moreover, they example, administrators) that are simply cannot afford to lose customers linked to these identities at any given as a result of deficient security. A sin- time. Identity and authorization mana- gle newspaper report about a serious gement is liable to be a complex matter data leak could mean the end of a within the organization. cloud provider, particularly if it involves data that government insti- Outside the boundaries of the organi- tutions are legally required to keep zation, however, such as in ecosys- under surveillance. Cloud providers tems, supply-chain channels or cloud are therefore focused on information services, identity and authorization security from day one. It is their management is essential for opera- most important priority. tional management. Applications can be moved to the cloud, but control of How do you know your provider has authorizations must remain within implemented the right level of securi- the client organization. This does not ty measures? If there is insufficient mean, however, that the actual identity control of the system in which the and authorization management cannot data is stored, it is necessary to be carried out in the cloud; on the ensure that the security of the data contrary, Identity-as-a-Service can be itself is controlled. By using data very useful in the outsourcing of encryption and retaining control of identity management and the facilita- encryption key management, organi- tion of a model such as e-Recognition zations can take full advantage of as implemented in the Netherlands, cloud computing. They need have no which enables users to log into vari- concern about whether their data is ous government institutions through stored somewhere in their own coun- their own account. Always be aware try or abroad. It is also necessary to that combining cloud services andCloud security services 13
  14. 14. cloud security services in the same to be creating the same islands or cloud will only be effective if the ‘stove pipes’ that we have been trying cloud service provider can effectively to get away from in our own data guarantee functional separation. centers in the last ten years. All these services must be integrated in a secure Access control services and controllable way. The cloud ser- Authorization management may then vices must communicate with stan- be a requirement, but if access control dard protocols for web services in measures fail to operate effectively, order to achieve genuinely secure your data will be unprotected without cloud integration. your being aware of it. If the access control is too tight, however, opera- Communication security services tional management may be impeded. Cloud services - and hence data be- Access control measures must ensure longing to citizens and businesses - a balance between practicability and may be located anywhere and trans- security, and must be based on the mitted frequently via the Internet. relevant risks. Another important During transmission, the data must aspect is the integration of access be secured by standard protocols. control measures in your data center, Encryption is also an option, but it your outsourcing partner’s data center is too complex to store all data in and the cloud applications used. Single encrypted form. It will probably only sign-on (SSO) across the boundaries be necessary to store business- or of the organization and relationships privacy-sensitive data in encrypted of trust between organizations are form. The rest must nevertheless be essential for the successful use of protected during transmission via the cloud services. Internet. This can be achieved by means of standard protocols such as Cloud integration services SSL/TLS. Network traffic can be pro- People generally speak of “the” cloud. tected by PKI based protocols. Even However, it is unlikely that there will more important than traffic to end- be a single cloud containing all the users is traffic between service pro- organization’s applications. Some viders. This must also be encrypted, office applications may be obtained but you will probably not own the from Google, for example, whereas keys used, which means you will the CRM is with The incur a risk when services of different security services may in turn be sup- service providers are integrated. You plied by a dedicated security provider. must at least ensure that this risk is This not only means that all employees known. You can discuss ways of mit- must have access to all these services igating this risk with your service from any location, but also that cloud provider. services must have access to each other’s network for specific services. Monitoring and auditing services Consideration must also be given to If security levels are not being mea- where brokers and other generic ICT sured, it will be difficult to assess the services will be accommodated, such status and quality of these security as the enterprise service bus (ESB) or levels. It is important to have access print servers. At present, we appear to monitoring and auditing services,14
  15. 15. Public the way we see iteither in-house or with a cloud service Figure 2: Identity Lifecycleprovider, where all the informationfrom the client data center, the out-sourcing provider, and the cloud ser-vices provider will be gathered forfurther processing. This solution mustbe able to receive log files from allsystems in order to process security Hire Processes Promotionwarnings from all systems.This is a labor-intensive process Changerequiring people with very specific Locationskills to analyse the results. It is, Retire Project Identitytherefore, advisable to also use this Membership Lifecycle Processesservice in the cloud, with all other Changecloud and non-cloud services being Roleconnected. Change Password AdditionalBusiness continuity service Reset RoleBusiness continuity management Password(BCM) is an important area of atten-tion for all government organizations.The drawing up of detailed emergen-cy plans for unforeseen disasters,such as denial-of-service attacks on documents are deleted, accidentallygovernment websites, is essential or otherwise.nowadays. In the ICT sector, thatmeans backups of business critical The business continuity service mustdata must be available at different at least perform the following:locations. n identify threats and the associated potential business impact;Cloud service providers such as Google, n determine the requirements forMicrosoft, and Amazon are very useful business continuity and recovery;in this regard. They promise 99.9 n assess the current possibilities;percent uptime and their services n design, implement, and test a busi-release organizations from the burden ness continuity plan based on busi-of creating and maintaining a backup ness objectives.infrastructure and recovery facilities. incorporates various comple- publicaties/a-secure-start-in-cloud-mentary elements, such as disaster computing.recovery, business recovery, businessresumption, contingency planning,and crisis management. However,disaster recovery alone is not suffi-cient. A mechanism must exist torecover this data automatically evenif small quantities of data or specificCloud security services 15
  16. 16. 6 Conclusions and recommendationsCloud computing in its various ministries and local governments.forms This applies particularly to the useCloud computing is an important of applications offered by cloud com-trend in the field of information pro- and related ICT. It turns com-puter processing power and data The authority to decide on andstorage into a utility for collective implement cloud computing modelsuse, as has long been the case of gas, must therefore cut across departmen-water, and electricity. The rise of tal boundaries. Cloud computing iscloud computing has been particular- too complex and too generic to assessly strong, is set to continue, and is risks, develop security concepts, andirreversible. In view of the advantag- select services individually in eaches for government organizations, government body. The security re-cloud computing should also be quirements should be translated intotrusted and supported within the a clear SLA. Every government insti-public sector, both at central and tution must nevertheless carry out anlocal government levels and within additional risk analysis to ascertainexecutive agencies. whether all generic risks also apply to them, and whether they need toThe actions required in order to mi- be supplemented with specific riskgrate securely and carefully to the areas and additional can be summarized as follows:1. formulating a clear security policy Cooperation is important. The chal- including security requirements; lenges involved in adopting cloud2. organizing the management among services, and the scale of the poten- the government organizations and tial risks and benefits demand that market participants concerned; risk assessments, security frameworks3. acquiring the required expertise in and service selections be elaborated the field of cloud computing and on a pan-governmental basis. demand management;4. international coordination for the Governments must also align their exchange of knowledge and experi- security and privacy policy regulations ence. to the new reality, coordinate them effectively with those of the other EUIt is important that all government member states, and test them againstinstitutions cooperate consistently those of non-EU states. That will pre-with each other. Security requirements vent unauthorized reading of datamust be supported by all government and breaches of privacy rules.institutions. Otherwise all the benefitswill be negated and, chaos will result.Overall management of the formula-tion and implementation of the secu-rity policy must be guaranteed.The public services provided by thegovernment, with ICT as an enabler,extend beyond the boundaries of16
  17. 17. ­­About Capgemini ® With around 120,000 A deeply multicultural organization, people in 40 countries, Capgemini has developed its own way Capgemini is one of the world’s foremost of working, the Collaborative Business providers of consulting, technology and ExperienceTM, and draws on Rightshore®, outsourcing services. The Group its worldwide delivery model. reported 2011 global revenues of EUR 9.7 billion. Together with its clients, Learn more about us at Capgemini creates and delivers business and technology solutions that fit their needs and drive the results they want. Rightshore® is a trademark belonging to Capgemini Contact Zsolt Szabo: Hans F. Scholten: Pieter Hörchner: pieter.hö Mark Skilton: Email: IN/1B-052.11aCopyright © 2012 Capgemini. All rights reserved.
  18. 18.