Security Considerations for Cloud Computing (Part 5) – Rapid Elasticity

If you would like to read the other parts in this article series please go to:

Introduction

In the first four parts of this series on private cloud security, we talked about some basic considerations that are specific to security issues in the private cloud. These issues are keyed to the essential characteristics of cloud computing and that sets them apart from the typical security considerations you would make in a traditional datacenter. We’ve talked about Today, we’ll turn our attention to another essential characteristic of cloud computing: rapid elasticity. How virtualization, broad network access, resource pooling and on-demand self-service affect security decisions you make in regard to your private cloud.

The concept of rapid elasticity is one of the major characteristics that set cloud computing apart from traditional datacenter computing. In a cloud environment, you have multiple tenants that share components of a shared resource pool (and in the case of a private cloud, all the tenants are part of a single corporate entity). Your tenants use the networking, compute and storage assets in the shared pool, and then return them to the pool when they no longer need those assets. They can also get more resources from the shared pool if and when they need to – but when they no longer need these additional resources, they return them to the pool. In a well architected cloud, the acquisition and release of assets from and to the shared pool would be automated, based on service demands and driven by an intelligence policy.

This rapid, policy based acquisition and release of shared pool resources is the heart and definition of rapid elasticity.

Security Concerns Associated with Rapid Elasticity

This essential characteristic of cloud computing enables you, as the provider of cloud services or cloud infrastructure, to give your customers/tenants the resources they need to provide the best service to the tenants’ customers – the end users of the services that are hosted on your private cloud. Rapid elasticity also enables you to optimize the use of the shared resource pool. You will have explicit agreements with your tenants about the amounts of resources they need, which includes minimum guarantees and maximum caps. This allows you to plan the scale of the cloud datacenter so that all tenants are able to get what they need. At the same time, you don’t have to overprovision the cloud because resources are continuously being released into the shared pool.

However, rapid elasticity also introduces some security concerns that you might not encounter in a traditional datacenter. Issues that are associated with rapid elasticity include:

  • Authentication, authorization, and access controls (AAA) that control who can request additional resources from the shared resource pool or release resources back into the pool.
  • Monitoring and auditing requests to acquire and release resources to guarantee that quotas are enforced and the services remain available.
  • Ensuring that when resources are released back into the shared pool, all data remnants are wiped from all components of the shared pool that were consumed by the private cloud tenant.

Securing the Cloud Infrastructure

The receipt and release of resources must be fully logged and auditable. Monitoring is important when providing cloud resources and releasing them because an attacker could destabilize the private cloud by shutting down resources. The provisioning and de-provisioning schemes must ensure that the resources available in the pool for reuse do not contain sensitive data that could be used by the application or service that next acquires the resource.

From the tenant’s perspective, there should be a perception of infinite capacity. From the cloud service provider’s perspective, however, the private cloud is a fixed size pool of shared resources where quality of service needs to be maintained.

Your private cloud might offer different resource quotas for different clients (thus you might offer a choice of small, medium, and large virtual machines).To maintain service quality for all clients, you might need to limit the number of certain sizes of virtual machines in your cloud so that, for example, 5% of virtual machines are large, 75% are medium, and 20% are small.

You should define policies that describe quotas to control the use of private cloud resource usage. That helps prevent a client – or an attacker – from accidentally or deliberately overwhelming the private cloud infrastructure with provisioning requests. You should be able to tell which tenant or process made a particular provisioning request and you should also be able to dynamically monitor resource utilization by each tenant. Include these provisions in the SLAs (Service Level Agreements) that you establish with your tenants.

In addition, you will need to determine the level of granularity of the shared pool resource quotas and define when the quotas will be adjusted. You might want to assign a quota to a tenant business unit for all the services and applications that it runs in your private cloud, or you could assign quotas to each application. Sometimes a tenant might request a higher quota that is resource intensive, or conversely, a tenant might request a lower quota for a lower priority service or to enforce limits on the costs associated with running the service.

Private cloud infrastructure design should ensure availability for all tenants when other tenants are making use of the cloud’s ability to elastically respond to demands for service. As noted before, all requests to acquire or release resources from tenants should be logged and auditable. The private cloud infrastructure should also be responsive and should not introduce significant delays when resources are requested.

There may be scenarios where requests for private cloud resources are very elastic upwards and it may be difficult to maintain the availability with existing capacity. In this case, you might want to consider using a hybrid cloud deployment and extending the private cloud to a third party.

In a hybrid cloud deployment you will need to consider the security controls employed by the hosting party, as their practices may or may not align with your security requirements. Specific considerations include:

  • Integration of tenant applications with services hosted in your private cloud: How will these work when some components of your private cloud are “cloud bursted” into a hosting environment to support upward rapid elasticity?
  • Legal requirements related to hosted applications: Are there regulatory issues with data governance and location for any of your private cloud tenants?
  • SLAs you have with your current tenant business units: Does the hosting company match the security requirements you have explicitly or implicitly promised your private cloud tenants?

Private cloud infrastructures provide features such as distributed resource allocation for services that are hosted by the cloud. This can lead to moving virtual machines between servers within the corporate datacenter or between the corporate and the hosting company’s datacenters. With automated procedures that support this dynamism, you must retain the confidentiality, integrity and availability (CIA) of these virtual machines and the services hosted on them.

Secure the Software in the Private Cloud

Hosted applications and services must be designed to take advantage of cloud attributes so that they retain their security configuration when they scale out. Cloud services can be designed to initiate resource requests programmatically, based on demand. These operations must be completed without impacting service availability within the cloud. In addition, applications that are designed to support rapid elasticity should include a mechanism to share user state (which can include automated processes) across virtual machine instances through the cloud infrastructure. SLAs can define how to do this securely.

Automated processes used to support rapid elasticity can affect the service continuity of other services by inappropriately requesting to acquire and release resources, or by repeated requests for more and more resources. It is also possible that a flawed automation process could disable a service completely.

The private cloud infrastructure should check the provisioning and deprovisioning service to help reduce the risk of repeated resource requests and enable tenants to define upper and lower limits on their resource requirements.

Secure Management Processes in an Elastic Environment

Acquiring and releasing resources should be made through an integrated cloud management system that is implemented through intuitive interfaces and also programmatic interfaces. Strong access control should be applied to these interfaces by employing role-based access control (RBAC), and there should be robust logging of access to these interface. These interfaces should also enforce quota checks on resource allocation.

Legal Issues in an Elastic Environment

Some services might need a guaranteed level of availability or meet requirements for responsiveness to meet legal requirements. Your private cloud level of rapid elasticity should be able to meet the tenant requirements for services and must also guarantee that legal requirements are satisfied without impairing the CIA of services hosted in the cloud.

Summary

In this article, we talked about the definition of rapid elasticity and about some of the security issues that are associated with rapid elasticity. Key issues in rapid elasticity security include the potential effects of repeated requests for resources that can impact the resource availability from the shared pool of resources. If measures are not put in place, malicious or non-malicious tenants may request too many resources from the shared resource pool and thus put the confidentiality, integrity and availability of other tenants’ services at risk. Software security needs to take advantage of and be aware of cloud attributes to ensure that the software works securely in the cloud. Management services need to be aware of cloud service mobility and the changing characteristics of services as resources are acquired and released, and the cloud needs to take into account legal requirements that revolve around responsiveness and availability. In the next article in this series, we’ll look at security issues that pertain to metered services. See you then! -Deb.

If you would like to read the other parts in this article series please go to:

Leave a Comment

Your email address will not be published.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Scroll to Top