Although Rumsfeld's statement was ridiculed, it was the truth of a politician's carelessness. However, I think anyone in the field of computer security can quickly understand what he is saying. We often need to constantly face these three types of risks: Known known, known unknown, unknown unknown.
One of the biggest hurdles to public cloud computing applications is the extra risk calculations for all unknown and known areas. For the past few years, I've been thinking about these issues from a public cloud provider and user perspective. The five points listed below are the list of risks that any enterprise will face as a customer of the public cloud service.
Cloud risk One: Shared access
A key principle of public cloud computing is multi-tenant, which means that often many unrelated customers share the same computing resources: CPUs, memory, storage devices, namespaces, and physical buildings.
For most of us, multi-tenant is a huge "known unknown". This includes not only the risk of accidental disclosure of our private data to other tenants, but also the additional risk of resource sharing. Multi-tenant attacks are very worrisome because a vulnerability could allow a tenant or an attacker to see all other tenant data or other tenant identity information.
Several new derivation vulnerabilities come from the sharing of cloud computing. Researchers have been able to recover data from other tenants from what is considered a new storage space. Other researchers have been able to peek into the memory and IP address space of other tenants. Some can also take over the computing resources of other tenants by simply predicting the assigned IP address or MAC address.
The security of multiple tenants is now becoming more and more important and most of us are beginning to explore. The best example is a single Web site that is placed on a Web server with hundreds of or even thousands of of other unrelated sites. In the long run, multiple tenants are usually a big problem.
Cloud Risk II: Virtual Development
Each big cloud provider is a huge user of virtualization. However, it also bears the risk posed by each physical machine, plus its own unique threats, including the risks posed by attacks on virtual server hosts and customers. Your virtual development risk has four main types: server host, customer to customer, host to customer, and customer to host. They are largely unknown, and are not counted in most risk models.
When I discuss virtual risk issues with senior executives at the company, their eyes glaze over. Many people have told me that these risks have been exaggerated or that these vulnerabilities are unheard of. I usually recommend that they check their own virtualization software vendor's patch list.
Cloud consumers often don't know what virtualization products or management tools the vendor is using. To understand some of the risks involved, you can ask your vendor the following questions: What kind of virtualization software are you running? Who is responsible for patching up the virtual host patch and how often? who has the right to log on to each virtual host?
Cloud Risk III: Authentication, authorization, access control
Obviously, authenticating, authorizing, and controlling the access mechanism of your cloud provider is critical, but depends largely on the process of its execution. How often do they troubleshoot and delete expired accounts? How many privileged accounts can access their systems and your business data? What type of authentication does a privileged user require? Does your company indirectly share a common namespace with suppliers or other tenants? Shared namespaces and authentication create single sign-on (SSO) The experience is enormous in productivity, but at the same time it also greatly increases the risk.
Data protection is another big issue. If data encryption is used and performed, will private keys be shared among tenants? How many people in the cloud vendor's team can see your business data? Where is the physical storage of your enterprise's data? How does this data work when it is no longer needed? I'm not sure how many cloud vendors will be willing to share detailed answers to these questions, But if you want to find out what is known and unknown, you should at least consult your supplier.
Cloud Risk IV: Availability
When you are a customer of a public cloud provider, redundancy and fault tolerance are beyond your control. Usually the cloud provider offers nothing, and how to do it will not be disclosed. These are completely opaque. Each cloud service provider claims magical fault tolerance and usability, but over time we continue to experience a few hours or even days of service disruption.
A bigger worry is that customers have lost several examples of data. Either because of the cloud provider's problem or from a malicious attacker. Cloud providers often say they do a great job with triple protection data backups. However, they can permanently lose data even when the vendor is constantly guaranteeing data backups. So, if possible, your business should often back up the data that is shared in the cloud, or at least uphold the law and assert its right to compensation if the data is lost forever.
Cloud Risk Five: Ownership
This risk is very surprising to many cloud customers, but often customers are not the only owners of data. Many public cloud service providers, including the largest and most famous, make it clear in their contracts that stored data is vendor, not customer.
Cloud providers want to have the data because it gives them more legal protection if something goes wrong. In addition, they can search and tap customer data to create additional revenue opportunities for themselves. I even saw some examples: some cloud vendors went out of business and then sold their customers ' private data as part of their assets to the next buyer. This is quite shocking. So be sure to ensure that you have an unknown blocking status known: Who owns your data, and the cloud provider has the right to dispose of your data?
Cloud Visibility
Even if the risk of cloud computing is known, it is hard to really calculate exactly. We do not have enough historical experience and evidence to determine the likelihood of a security or availability failure, especially for a particular vendor, and the risk will result in a large number of customer losses. The best you can do is to follow Rumsfeld's advice and at least let you manage known unknowns.
But first, try to reduce the unknown. You need as much transparency as possible, and if not, get at least one final audit report. Ask your vendor for examples of past data losses, as well as reports from previous instances. Do your best to list the cloud vendor's liability limits. You can begin to understand the overall risk of public cloud computing only if you ask your vendor questions that are difficult to answer.
While it may sound like I'm not advocating public cloud computing, I'm a big fan of public cloud computing. I believe most public cloud providers work better on data security than their customers do. But you need to know the position of your cloud provider and their measures to mitigate the risk compared to your business's own measures.