Overview of
security risks in the cloud
On the topic of security, we can never get around GRC (Governance, Risk, Compliance), that is, governance, risk, and compliance. To some extent, compliance is also a security risk. This section will use this as a starting point to focus on various security risks in the cloud.
The risks in the cloud cover a wide range. In order to facilitate reading, the author classifies the risks in the cloud according to different categories, and separately elaborates the security risks that need attention under each category.
2.1 Risks based on deployment model
(1) Private
cloud risks
Private cloud is the traditional form of data center. Enterprises control all infrastructure. Therefore, compared with the security risks that may occur in traditional data centers, private cloud data centers may also appear. E.g:
• Personnel threats: Including unintentional and malicious threats, such as cloud architects' incorrect Hypervisor configuration that leads to isolation failure and malicious administrators "deleting libraries and running away."
• External attacks: such as unauthorized access, eavesdropping and DDOS attacks, malware, etc.
• Regulatory non-compliance: Compared with public clouds and community clouds, regulatory compliance issues in private clouds are relatively easy to solve because everything is under their control.
• Natural disasters: floods, fires, mudslides, etc.
(2) Community cloud risks
In the community cloud, companies share and decentralize resources. While providing convenience to the community, this shared and decentralized resources also brings the following risks:
• Decentralized decision-making risk: Since the community cloud is jointly funded, jointly owned, and maintained by the entire community, the ownership and operation of the network are also dispersed among community members. Therefore, each node has its own entrance, and vulnerabilities in any node may cause intrusion to other nodes. At the same time, it is almost impossible to achieve a unified configuration management and a unified baseline. Obviously, because the community cloud is maintained by everyone, this decentralized operation and maintenance will cause huge difficulties in strategy and management.
• Access control is difficult to achieve: Because community members share the overhead and costs of the infrastructure, it is difficult to achieve unified access control policies to meet the needs of various organizations.
• Lack of centralized management of performance and testing: Each community member cannot achieve the centralized performance of unified quality standards and the reliability of safety testing.
(3) Public cloud risks
This is the deployment mode most commonly used by enterprises to go to the cloud. All the risks in private clouds and community clouds exist in public clouds. Of course, this article will discuss other risks specific to public clouds.
• Cloud service provider Lock-in: Imagine three scenarios. (1) If the company fails to do a due diligence, the cloud service provider is likely to use a proprietary data format to store all kinds of company data; (2) The company is a retail organization that accepts global orders and mainly processes order payments in the cloud. Therefore, it needs to meet the PCI-DSS payment card industry standard requirements. At present, there are very few cloud service providers that can meet compliance requirements in China; (3) The business is already in the cloud It runs within 5 years, and has generated massive data, and needs to be migrated to other cloud providers after the contract expires. These three common scenarios will bring three same security risks: (1) The data format is proprietary, making it impossible to replace a new cloud service provider; (2) If only one domestic cloud service provider meets PCI-DSS Compliance requirements, after the expiration of the contract, the cloud service provider increases the cost of use, and the company will lose the ability to negotiate and cannot change the cloud provider; (3) The migration of massive data generated requires sufficient bandwidth and time, and a large number of migrations will be performed in a short period of time The traffic is based on the cloud service provider’s tiered traffic rate, which may lead to a significant increase in migration costs and abandon the migration.
All of the above situations will cause the enterprise to be locked-in by the cloud service provider after going to the cloud.
• Cloud service provider Lock-out: Imagine two scenarios: (1) Cloud service provider is acquired, bankruptcy and reorganization (2) Cloud service provider is sanctioned and stopped operating due to violation of the law. I will not exhaustively list all the reasons that may cause cloud service providers to fail to provide services, but this has caused enterprises to face the risk of Lock-out after they go to the cloud: how can cloud service providers protect our business and data from continuing to run after they stop operations? It is necessary to comprehensively consider the life cycle, core competitiveness, jurisdiction, supply chain dependence and applicable legislative environment of cloud service providers, and make the choice of cloud providers as far as possible in the early stage.
• Multi-tenant risk: Entering the public cloud means entering a multi-tenant environment. The risks brought by multi-tenancy include: (1) Conflict of interest, imagine that the virtual machine of a competitor operating the same business as you is in the same cloud. What will happen? What if the relationship between cloud database administrators and competitors is very good? Your data is likely to be leaked to competitors by the database administrator. Obviously, from a security point of view, this risk is not non-existent, but using the Brewer-Nash (also known as Chinese Wall) access control model can effectively solve this risk; (2) privilege escalation, Vm Escape and Host Escape, namely Virtual machine escape and host escape can easily achieve privilege escalation in the cloud, and access virtual machines in different VMs or different hosts of the same Host; (3) Information leakage, side-channel attacks can be judged and detected in multiple ways Information about the activity signs of Host's different cloud customers, such as the length of time the customer processes the data, etc. This is not harmless. This may help people with ulterior motives to judge the data processing product you choose, and then make targeted vulnerabilities; (4) Legal activities Imagine that due to the violation of the law, the client's hard disk in the same host as you was confiscated for investigation by the judicial department. Obviously, due to the characteristics of distributed storage, your data may also be on the disk that was confiscated by forensics. Risk it goes without saying.
(4) Hybrid cloud risks
Hybrid cloud risks include all risks of private cloud, community cloud, and public cloud, so I won't repeat them here.
2.2 Risks based on the service model
(1) IaaS model risk
• Personnel threat
• External threats
• Lack of specific skills: Enterprise administrators are not necessarily proficient in the configuration and deployment of cloud computing environments, and business operations may face huge risks.
(2) PaaS model risk
• Interoperability risk: The operating system OS in the PaaS model is managed and updated by the cloud service provider. Therefore, when the environment is adjusted, the software deployed by the enterprise may not be able to run normally on the cloud service provider's OS due to compatibility.
• Backdoor risk: PaaS is often used in software development and DevOps. After the release of these software products, developers often forget to delete the backdoor they left in the early stage, leading to 0day vulnerabilities in the later stage.
(3) SaaS model risk
• Proprietary format: SaaS means the use of cloud provider applications, they may use their own proprietary format to collect, store and display data, which may lead to reduced portability.
• Web application security: Most SaaS products rely on browser access, and access through the web causes all the risks in Owasp Top10 to exist in the SaaS cloud environment.
2.3 Risks based on virtualization type
(1) Type1 risk
Type1 refers to the bare metal architecture, using the virtualization management software Hypervisor as the interface and controller between the virtualization instance and host resources. Malicious hackers believe that Hypervisor is a potential target because the lower layers of the system provide greater control. By destroying the Hypervisor, you can control the installed VMs, physical systems, and hosted applications.
Common attacks include super hijacking (installation of rogue hypervisors that can fully control the server), such as SubVir, Blue Pill (hypervisor rootkit using AMD Secure Virtual Machine [SVM]), Vitriol (hypervisor rootkit using Intel VT-x), And direct kernel structure operation (DKSM).
(2) Type2 risk
Type2 is the host architecture. It has all the risks of Type1. At the same time, compared with Type1, Type2 has an additional layer of OS. From a security perspective, the newly added OS introduces more attack surfaces. This OS It is more complicated than VMM and may contain more vulnerabilities.
