The federal cloud-first initiative aims to lower IT expenses and consolidate federal data centers through the implementation of cloud-based applications. The policy requires agencies to recognize three “must move” IT services that can be transferred to the cloud by the end of 2012.
Although it is necessary to update the current government infrastructure to reduce costs as well as implement modern technology, several government agencies are apprehensive about the adoption of cloud computing and are concerned with the protection of sensitive data. Creating a secure cloud environment is clearly not an easy task.
The fear of losing control over data assets is at the top of the list for government CIOs. Cloud computing dissolves many physical security parameters, resulting in minimized control over who has access to the data. Furthermore, the burden of a shared multitenant environment contributes to the worries of IT managers, no matter whether the cloud environment is public or private.
The adoption of a datacentric strategy to security raises the question of who should be responsible for employing protection and, more importantly, who should be responsible for maintaining it.
Cryptography and Cloud Security
Cryptography, a centuries-old mechanism, maintains privacy by rendering data unreadable to anyone unable to convert it back to its original form. The data can only be accessed with the correct “key” — the string of bits used to decrypt it. When evaluating the security claims of a particular cloud provider, it is important to recognize the classes of data that will be sent, as well as the security measures required. The definition of secure depends on various factors, but the value of the data itself and the impact if it were to be compromised take precedence.
Either the cloud provider has suitable security controls or it does not, but relying on the provider to maintain data security is far from the most secure decision an agency can make. Ultimately, responsibility falls on the agency to ensure that only encrypted data leaves its control. By encrypting and holding the keys themselves, agencies can guarantee that security for their information stays in-house and is only susceptible to internal attacks.
The Significance of Key Management
Assessing the overall encryption security model depends on who has control of, or access to, the keys. The cloud provider may own and control the keys to the network or its basic storage level encryption. Those keys may span multiple tenants, which means an agency’s data is contained within the same network as the key to that data. Dedicated keys to each of those tenants are the only way to achieve isolation. However, even these keys will be accessible at least to the cloud provider, constituting a possible insider threat, which may be unacceptable to many tenants. Many agencies using cloud services may not have any choice but to manage the keys themselves.
Wherever encryption is implemented and whoever is accountable for handling the keys, it’s important to understand the validity of the systems that are in use. Although the encryption algorithms are effectively unbreakable, they mean nothing if the keys can be exploited. Having known this for years, agencies continue to deploy tamper-resistant systems, such as hardware security models, to deliver the essential levels of security, which is likely to carry over to the cloud.
Migrating to the Cloud
Cloud computing offers various opportunities for agencies to increase flexibility, capacity and responsiveness while reducing cost. Agencies should consider the protection requirements of their data assets and select appropriate levels of security. Strong cryptography offers reliable protection for data and delivers resilient isolation.