Thursday, September 03, 2009

Security Checklist before moving into IaaS type of Cloud

The following security questions should help you make proper decision while looking for an IaaS or a PaaS type of Cloud Computing Vendor.


  • What security is built to protect the physical access to computing premises?
  • Is the storage co-located as the computing resources? If no then what security measure are taken to protect the physical access to the storage resources.
  • Who have access to host machines and storage (both physical and networked)? How is the access to host machines managed?
  • What happens when an authorized person leaves the organization or is transferred to different a role? How soon the privileges are revoked? What happens if that person leaves an open session?
  • Are there different levels of access rights? Who manages these rights? Is this activity logged?
  • Are all the activities that administrators perform on any host servers logged? How are the logs protected (time-stamped / signed)? Can the administrator delete (or modify) the log after performing any actions?
  • What kind of access do the administrators of the host machine have on the guest machines and guest session? Is it possible for the logged in administrator to perform memory scan of the guest machine?
  • Can a virtual machine do hard disk scanning and read any left-over data from the previous virtual machine session?

Data Security

  • Can the host machine (or an administrator) perform scan of virtual machine's storage (hard disk?)
  • What are privacy policies about data stored in the cloud storage?
  • What are privacy policies about customer information and application?
  • Once a customer has closed the account with the provider does the provider still retain the customer data?
  • If the cloud computing vendor shuts down the business for any reason, how will the customer be able to acquire all his data?
  • Is it possible to use application level encryption to protect the data in the cloud?
  • Can the data for multiple customers be physically co-located on the same storage rack? In case of government agency demanding to cease all physical storage rack belonging to certain customer, how do you guarantee that the business of other customers is not affected? If you cannot guarantee then what is your policy to repair the business loss because of the above incident?
  • What is the security model for accessing data stored in the cloud? This security model should be verified with a security expert.
  • Is it possible to define access protection on the stored data?
  • Is it possible to log the storage access activities?
  • What facilities are provided to keep business records of Information Lifecycle Management (ILM). The ILM business records are is defined in terms of the following:
    • Creation and Receipt
    • Distribution
    • Use
    • Maintenance
    • Disposition
  • Are there any tools provided to users for monitoring data access log?

Virtual Environment and Network Security

  • How are the Virtual machines protected from each other? (i.e., protection against neighbor attack).
  • Can virtual machines for different customers discover each other? Can they communicate with each other over the private network? Can a Virtual machine monitor all the network traffic for other virtual machines on the same network (or the same host machine)?
  • What kind of protection is built to stop virtual machines from doing IP spoofing?
  • Are there any tools provided to users for monitoring the protection of their virtual machines.
  • What measures are taken to protect the kernel level security on the host machine? Can a malicious program gain the access to hypervisor and monitor the activities of virtual machines?
  • Can the host computer do sniffing on the network traffic of Virtual machines?
  • Is the data between computer processor (and memory) and disk storage (primary drive) local or network based? Generally the data transfer between computer RAM and hard-disk is not protected. If it is network based, it will raise many more security questions.
  • How is the data transfer between computer processes and the persistent storage (SAN) (similar to Amazon’s EBS) protected?
  • How is the XEN hypervisor protected against attacks? As the paper Subverting the Xen Hypervisor shows, it is possible to insert malicious c code to gain access to DMA and insert malicious code into XEN hypervisor. The malicious code can perform memory scan of virtual machines.

In future I will post about SLA, Terms & Conditions and policy related questions that must be considered before you can choose a cloud computing provider.