The Cloud Is Not That Insecure

Fri, 21 Nov 2008 15:06:01 GMT
by pdp

I am sure that by now you've seen/heard a lot of rants about how insecure cloud technologies are, etc. What worries me is that these claims are made by people who have never worked with cloud technologies and therefore have no clue on the subject whatsoever.

All of these claims actually have a common root. It is only logical to think that Gmail perhaps is less secure than your self-hosted email solution, for example. After all, in the case of Gmail, you do not have control over the software and as such it should be less trusted. But trusting something less does not necessarily means that it is less secure. On the contrary, very often you may find that the technologies that you usually trust are in fact the least secure ones.

Cloud technologies are in fact no different than non-cloud technologies. Practically they are the same. I mean the term "cloud computing" is quite broad and perhaps it is even a buzword rather than a well-thought term which describes a particular study of the IT field. To me "cloud computing" refers to the process of outsourcing computer cycles and memory keeping scalability in mind.

Cloud technologies are actually not that insecure. Let's have a look at Amazon EC2 and S3 for example. Amazon's cloud computing technologies are rock-solid really. You can run your own customized image with a full root access. You can have your own ingress firewall which in fact works really, really well. You also have a very granular and full-featured access control for every single file you host on S3. And the best thing is that none of Amazon's resources can be accessed with simple username/password credentials but rather with a CERT, a PUBLIC KEY, an ID (pretty long string), a Security ID (even longer) and of course if you want to actually login to your instance and start doing something useful with it, you have to generate yourself another PUBLIC/PRIVATE keypair just for SSH. On the top of that the keypair can be registered only once, which means that if you loose your key than you basically have no choice but to shutdown the image and register a new keypair, which is unfeasible to do from the point of view of the attacker because in order to do that you need to have the CERT, the PUBLIC KEY and everything else I listed above.

To me, this is pretty insane security and I can guarantee you that your home-grown solution will be hundreds of times less secure.

Cloud computing is trying to solve a very old and quite painful problem - computer resourcing. The way cloud vendors are doing this is be providing common features/framework to all of their customers so that they can expand or shrink their resources as needed. In case of security, if the vendor comes up with a rock-solid security model which actually works, than the good news is that you don't have to invest any money for reinventing the wheel. Similar types of operational models actually work today in other man-made systems.

Cities! Aren't day the equivalent of cloud computing? I think so. All the resources are at the same place. All the info is constrained in the same system but somehow it is separated and preserved between the various entities which compose the city. Would you feel more secure if you go to leave in a cabin in the woods? Perhaps not! Why? Because you wont find help if you need some. There are no 24/7 police patrols or hospitals, etc. Perhaps this is not a good analogy but I am sure you know what I mean.

Every once in a while we find some major bug in Gmail and we start ranting about how awful this is and how the cloud data is so insecure. But some of you fail to admit to yourselves that at least you don't have to do anything to fix the damn bug. The vendor will dispatch resources and the bug will be fixed in a couple of minutes. I would say that I have a pretty good experience with testing corporate networks and I will tell you one thing, bugs do not get fixed so quickly. Actually, they rarely get fixed. Perhaps the cloud is more secure!

Let's have a look at another cloud technology which some of the security gurus will simply proclaim as freaking insecure even without looking at it for a couple of minutes - Google App Engine. Google App Engine is not exactly Amazons EC2 but it is pretty close. The cool thing about App Engine is that it comes with a good API which makes your job as a developer very trivial. There are still chances to make a mistake but the API is so good that if you follow some very basic guidelines you should expect a good and quite secure product at the end.

For example, let's look at how the auth system is implemented in App Engine. If you decide to write an App from scratch than you have to worry about authing your users in the most secure way possible. You need to provide, password reset mechanisms, lock-outs, good session management, etc, etc, etc. This is pretty hard to do actually. But in the case of App Engine, you don't have to worry about any of these because by default you can authenticate all the users through Google's Single Sign-on authentication mechanism which is not bad at all. You can access this feature with a single call to the API or better yet with a simple change of your application config file. I must say that this is pretty awesome.

So, is the cloud secure? I would say yes, if you know what you are doing. A couple of posts back I mentioned that cloud security matters. It still does. Cloud technologies are quite secure because we tend not to trust them. However, because cloud computing can be quite confusing, you still need to spend time in making sure that all the blocks fit together nicely and securely.

Archived Comments

John from Backupanytime.comJohn from
Not just an endorsemement of cloud computing, this article actually makews a good job of explaining what the cloud is. I am often asked about this and providig a simple, clear explanation is not easy. Well done. I will refer to this next time I am asked "What is the cloud all about...?" John
The cloud computing is kinda new for most of the users. The biggest problem for me and I believe many other users is the privacy. Once you upload your applications or data files you really don't know who else has access to them. I know that the companies providing cloud computing are deploying protection systems, but as we all know any system could be broken overtime. So it is mind set not a real problem at this time. Personally I use both. Some of my data is uploaded on the Internet, but some is not and never will be. I believe that both cloud and local computing will continue to co-exist. We just need to understand how they work and do proper planning.
SAL-e, yes but equally you can say that once you start using the Internet you don't know really who is snooping onto your traffic. Do you trust your ISP? How about the recent case where Verizon's employees accessed Obama's account? GSM networks are perfect examples of cloud technologies although we hardly refer to them as such. Maybe you don't trust them but you use them nevertheless for convenience. What I am trying to say is that things are not that different. Regardless where you put your data, it can still be compromised. But you can apply the same security principles, we have been developing in the past decade, on cloud and non-cloud infrastructures to make sure that they are reasonably secure. Heck, if you don't trust Amazon's E3 than there is nothing stopping your encrypting your data as you like.
trusting cloud is trusting other people, not only underlying technology.
the same applies to everything. at the end of the day you trust people, not the technology.
Morgan StoreyMorgan Storey
As I have always said a system is only as good as its admin. It is no different than the "cloud computing" servers. Gmail, Amazon EC2/S3 are only good because the people behind them are good. I have no doubt that deep seeded nigh-on unfixable flaws will be found in current and future cloud computing solutions. If all your infrastructure rests on this provider at the time what do you do? Having said that from what I have seen of the services so far I am very impressed. But I won't be storing anything as vital as my health records or password database in the cloud just yet.
Jon WJon W
As a non-technical aside, one needs to consider the geographical locations of the boxes that make up the cloud, in conjunction with the kind of data you are storing. For example German vs. USA laws on storing user data, and indeed what constitutes "user data" in that locale. Essentially the same considerations you would have in using a Content Delivery Network or similar.
foo flawfoo flaw
you pretty much skate over the whole data security issue, which is the fundamental problem with multitenant environments, i would bet that the data is stored in big blobs (structured and unstructured) and if i had me one of those ec2 vms i could get at lots of data that didn't belong to me, not to mention the whole rogue sysadmin for sale notion. if your data doesn't matter and all you need is raw compute cycles, i'm ok with it but i'm not putting any data out there that matters.