March 4, 2009 Leave a comment
I have given many Cloud Computing presentations to our clients in the past year. Everyone is interested, but all are concerned that the Cloud is not secure. My answer to them is that the Cloud, at least the Amazon Cloud, is more secure than your own data center. There are two reasons that Amazon Cloud is more secure.
The first reason is that Amazon gives you greater, instant control on your firewall settings. In our current IT infrastructure, we may have one firewall for the whole organization, or one for each division at best, and this firewall is controlled by some central IT guy. There are three problems associated with the current architecture. First of all, the firewall only protects you from people outside of your organization. The firewall is ineffective if the guy in the next cubicle decides to attack you or if his laptop is infected with virus. The second problem is that you do not have visibility into the firewall settings. A port could be left open for the hackers to exploit, but since you do not know, you would not have put in the necessary counter-measures. The third problem is that you could not easily change the security settings when deemed necessary. For example, you found a security hole, and you want to block future exploits. But you have to submit a form to IT to request firewall changes and it takes at least a week to implement the change. Meanwhile, your application remains vulnerable.
In contrast, Amazon gives you as many security groups (their term for their software-based firewall) as you want, and as the application owner, you have direct control on their settings. You can take advantage of security groups to have fine grain security control even at the application component level. For example, let us consider a simple two tier intranet application which has several application servers and one database server. We will create two security groups called “appserver” and “dbserver” respectively. By default, all accesses are off, and you have to explicitly enable permissions for each security group. We will add one rule to the “appserver” security group which says that only people from your IP range (e.g., x.y.x.w/24) can access port 80. Then we will add another rule to the “dbserver” security group which says that only those in the “appserver” security group can access. Once you set up the rules, you can fire up the application servers in the “appserver” security group, and then the database server in the “dbserver” security group. Now people from your organization can access your application as your designed, but a hacker has to go through extra hoops to get to your database. First, a hacker has to gain access to a server in your intranet, from there, he can only exploit port 80 to gain access to the application servers. Even if he is successful, he still has to gain access to the database server through the “appserver” group because that is the only one enabled to talk to the “dbserver” group. The chance of hacking open one machine is low already, the probability that one can hack all three open, in sequence, is essentially zero.
The second reason that Amazon is secure is that they have disabled all layer 2 functionalities. These layer 2 functionalities are the key to enable many security exploits. For example, you cannot fake your IP address from an Amazon server. If you send packets with a source IP address that is different from the one you are assigned, the packets are simply dropped by the hypervisor. Also, if you enable “prosmiscuous” mode to snoop traffic on the network, it is simply ineffective. Lastly, if you ARP for any IP address trying to find out who is nearby, you always get back the gateway’s MAC address, so you would not be able to know who is sitting in the same subnet.
Obviously, I am not alone at saying that Cloud is secure. Check out Gnucitizen for example.