The “Don’t Trust Model” of Cloud Computing

Written by

By Ed King

The elephant in the room when it comes to barriers to the growth and adoption of cloud computing by enterprises is the lack of trust held for cloud service providers. Enterprise IT has legitimate concerns over the security, integrity, and reliability of cloud-based services. The recent high-profile outages at Amazon and Microsoft Azure, as well as security issues at DropBox and Sony, only add to the argument that cloud computing poses substantial risks for enterprises.

Cloud service providers realize this lack of trust is preventing enterprise IT from completely embracing cloud computing. To ease this concern, cloud service providers have traditionally taken one or both of the following approaches:

  1. Cloud service providers, especially the larger ones, have implemented substantial security and operational procedures to ensure customer data safety, system integrity, and service availability. This typically includes documenting the platform’s security architecture, data center operating procedures, and adding service-side security options like encryption and strong authentication. On top of this, they obtain SAS-70 certification to provide proof that “we did what we said we would do.”
  2. Cloud service providers also like to point out their security and operational technology and controls are no worse, indeed, are probably better than the security procedures that most enterprises have implemented on their own.

Both of these approaches boil down to a simple maxim, “trust me, I know what I am doing!” This “Trust Me” approach has launched the cloud computing industry, but to date most large enterprises have not put mission-critical applications and sensitive data into the public cloud. As enterprises look to leverage cloud technologies for mission-critical applications, the talk has now shifted toward private cloud, because fundamentally the “Trust Me” approach has reached its limit.

In terms of further development, cloud service providers must come to the realization that enterprises will never entrust the providers with their business critical applications and data unless they have more direct control over security, integrity, and availability. No amount of documentation, third-party certification, or on-site auditing can mitigate risks enough to replace the loss of direct control. As an industry, the sooner it is realized that we need solutions offering cloud control back to the customer, the sooner enterprises and the industry will benefit from the true commercial benefits of cloud computing.

As such, the approach would be: “you don’t have to trust your cloud providers, because you own the risk mitigating controls”. Security professionals normally talk about best practice approaches to implementing trust models for IT architectures. I like to refer to the self-enablement of the customer as the “Don’t Trust Model”. Let’s examine how we can put control back into the customer’s hands so we can shift to a “Don’t Trust Model”.

Manage Cloud Redundancy

Enterprises usually dual-source critical information and build redundancy into their mission-critical infrastructures. Why should cloud-based services be any different? When Amazon Web Services (AWS) experienced an outage on April 21, 2011, a number of businesses that used AWS went completely off line, but Netflix did not. Netflix survived the outage with some degradation in service because it has designed redundancy into its cloud-based infrastructure.

Netflix has spread its cloud infrastructure across multiple vendors and has designed redundancy into its platform. Features like stateless services and fallback are designed specifically to deal with scenarios such as the AWS outage (see an interesting technical discussion at Netflix’s Tech Blog). Technologies like Cloud Gateway, Cloud Services Broker and Cloud Switch can greatly simplify the task of setting up, managing, monitoring, and switching of cloud redundancy.

For example, a Cloud Gateway can provide continuous monitoring of cloud service availability and quality. When service quality dips beyond a certain threshold, the Cloud Gateway can send out alerts and automatically divert traffic to back-up providers.

Put Security Controls On-premise (SFDC) is the poster child of a successful cloud-based service. However, as SFDC expanded beyond the small and medium business sector to go after large enterprises, they found a more reluctant customer segment due to the concern over data security in the cloud. On August 26, 2011, SFDC bought Navajo Systems, an acquisition of a technology that puts security control back in the hands of SFDC customers. Navajo Systems provides solutions that encrypt and tokenize data stored in the cloud, a Cloud Data Gateway.

Cloud Data Gateway secures the data before it leaves the enterprise premises. The gateway monitors data traffic to the cloud and enforces policies to block, remove, mask, encrypt, or tokenize sensitive data. The Cloud Data Gateway technology has different deployment options. Using a combination of gateways at the cloud service provider and gateways on-premise, different levels of data security can be achieved. By giving customers control over data security before the data leaves the premises, customers do not have to trust the cloud service provider and need not rely on the cloud provider alone to ensure the safekeeping of its data.

Integrate Cloud with Enterprise Security Platforms

Enterprises have spent millions of dollars on security infrastructure, including identity and access management, data security, and application security. The deployments of these technologies are accompanied by supporting processes such as user on-boarding, data classification, and software development lifecycle management. These processes take years to rollout and provide critical controls to mitigate security risks. These tools and processes will evolve to incorporate new technologies like cloud computing and mobile devices, but for cloud computing to gain acceptance within the enterprise, cloud services must be seamlessly integrated into existing security platforms and processes.

Single sign-on (SSO) is a great example. After years of effort to deploy an enterprise access management solution like CA Siteminder, Oracle Access Manager or IBM Tivoli Access Manager to enable SSO, and having finally trained all the users on how to perform a password reset, do you think IT has the appetite to let each cloud service become a security silo? From a user standpoint, they simply expect SSO to be SSO, not “SSO, excluding cloud-based services”. Most major cloud service providers support standards such as SAML (Security Assertion Markup Language) for SSO and provide detailed instructions on how to integrate with on-premise access management systems. Usually this involves some consulting work and maybe a third-party product. A more scalable approach would be using technologies such as Access Gateway (also known as SOA Gateway, XML Gateway, Enterprise Gateway) to provide integrated and out-of-the-box integrations to access management platforms. Gateway-based solutions extend existing access policies and SSO processes to cloud-based services, placing access control back with information security teams.

It’s clear that more needs to be done to place control back into the hands of the customer. Cloud computing is a paradigm shift and holds great promise for cost savings and new revenue generation. However, to accelerate the acceptance of cloud computing by enterprise IT, we as an industry must change from a trust model to a “Don’t Trust” model way of thinking.

Ed King, VP at Vordel, has responsibility for the firm's product marketing and strategic business alliances. Prior to Vordel, he was VP of product ,anagement at Qualys, where he directed the company’s transition to its next-generation product platform. As VP of marketing at Agiliance, King revamped both product strategy and marketing programs to help the company double its revenue in his first year of tenure. Before this he was with Oracle as senior director of product management, where he built Oracle’s identity management business from a niche player to the undisputed market leader in just three years. King also held product management roles at Jamcracker, Softchain and Thor Technologies. He holds an engineering degree from the Massachusetts Institute of Technology and an MBA from the University of California at Berkeley.

What’s hot on Infosecurity Magazine?