Log Integrity in the CloudBy Sean Martin | Posted 01-31-2011
Cloud Computing: Ensuring Integrity for Your Enterprise Data
We can draw parallels between the cloud and the physical data center space in that the same perimeter, system, and data protection mechanisms we've come to rely upon in the physical data center must also be applied to the virtual environment. These include such tools as firewalls, intrusion prevention, anti-malware, and data loss prevention.
However, even with these protections in place, the most significant challenge that remains for enterprises considering cloud computing is answering the question: How can I trust the cloud provider with my environment and my data?
These are factors to consider when operating in the cloud:
- Cyber criminals can erase their digital tracks (log modifications)
- Admins can cover up accidents and misbehavior (log modifications)
- 'Vault' storage doesn't work in the cloud (PKI fails, data leaves the vault)
- Applications can be accidently changed or maliciously compromised (code and app modifications)
Let's explore these issues, and why they pose significant challenges for enterprises looking to take advantage of cloud computing. The challenges in mitigating risk are most prevalent in the public cloud, but the private cloud still faces these same challenges.
Log Integrity in the Cloud
Changing the logs is the easiest way for a cloud provider to cover its tracks should an accident or misuse of power occur. It is also the easiest way for malicious software and users to do the same. To properly protect against this risk, the system logs and applications logs must be signed in a way such that there is undeniable, mathematical proof that they have not changed since the system or application created them.
Take note that simple data hashing won't solve this problem as the logs can be backdated. A time-based data signature is required if one is to achieve forensic-quality logs.
Storage Integrity in the Cloud
The concept of a 'vault' doesn't work in the cloud -- there is no physical box that everything goes in. To complicate matters, stored and archived data can be recalled from the storage device at any time -- even 20+ years from now. Who's to say the data didn't change after it was archived in or retrieved from the 'box'?
Encryption has been an accepted mechanism to protect data from being read while stored on a private network, but has zero benefit in the cloud. First, it provides absolutely no proof that the data hasn't changed (0's and 1's can be changed, even if their context is not understood).
Furthermore, the use of encryption to sign data and applications fails miserably in the cloud as the cloud provider and/or malicious software could gain access to the encryption keys via memory and change the data anyway. Finally, there is always the case where the administrator of the encryption keys uses the keys themselves to change the data.
To properly protect against this risk, the stored and archived data must be signed -- without keys or any other secrets that can be compromised -- such that it can be independently proven to remain intact, regardless of how or when or by whom it is retrieved.
Operating Integrity in the Cloud
The public cloud operating and application environment is often shared with other companies, thereby increasing the risk of cross-tenant activity. This can introduce unexpected or malicious behavior to occur within the operating system and the applications.
Therefore, the only real way to guarantee proof of operating integrity in the cloud is through the use of a keyless, scalable, code- and application-signing solution designed for the cloud. To properly address this risk, the developers must sign their 'gold master' code or application, declaring that only those applications approved (signed) by the developers would be allowed to execute. Any applications that were changed out of band, manipulated by malicious software, or changed by the cloud provider would not be allowed to execute.
This brings us back to the question: How can I trust the cloud provider with my environment and my data? To answer the question: Don't. Instead, operate with proof using a scalable, independently verifiable, mathematics-based data signing solution designed specifically for the cloud.
Sean Martin, CISSP, is owner and directing consultant at imsmartin consulting. Contact him at firstname.lastname@example.org.