Cloud security is a top priority for cloud providers. Cloud solutions in Germany are among the most secure of all, not just because they are legally obliged to comply with strict standards. Nevertheless, some companies and customers are initially inhibited from using cloud solutions due to security concerns. Because access to data is no longer restricted to specific regions. This can increase a potential danger from human error or deliberately damaging behavior, because the greatest threat to cloud security is the human being.
Nevertheless, cloud computing offers many advantages. The provision of data over a greater distance from the server and the possibility of outsourcing IT infrastructure are just two examples of many. At the same time, cloud computing, like any other data management system, also entails risks. Knowing these risks and countering them with a good cloud security concept in such a way that the data in the cloud and the operation of the IT infrastructure are secure is an important task for companies, hosting providers and customers.
Three possible risks of cloud computing are:
- The loss of data
- Data leaks that contribute to sensitive information being leaked to competitors.
- The risk of unauthorised access to data
- System breakdown e.g. due to malicious attacks, software errors or hardware failure
The first two points are largely the responsibility of the cloud provider. He must ensure that his infrastructure is reliable and that there is no data loss (point 1). Of course, this problem does not affect cloud computing, because physical servers can also lose data.
Companies can effectively protect themselves against data leaks with a detailed background check of their employees and regular data security training. Since the cloud provider’s employees also have access to the infrastructure for technical reasons, strict monitoring and regular spot checks are essential.
The task of preventing unauthorized access is also shared by the cloud hosting provider and the customer. Secure passwords, sufficient security on their own computers and individual accounts for data access are measures that help to make access by unauthorized persons and by malicious, often anonymous attacks less likely.
What cloud hosting providers do for security in concrete terms
“Know your enemy” also applies to cloud security, because it is based on the knowledge of possible risks and is oriented towards minimizing them. For this we use different security controls, which we can roughly divide into four categories.
Compliance with prescribed standards and measures is essential. In the following:
- Preventive measures are those that ensure that data does not fall into the wrong hands in the first place. These include, for example, strict separation of the infrastructures of direct competitors, but also a secure authentication procedure. How exactly this can look like, you can usually contract with your hosting provider. In addition, an IDS (Intrusion detecting system) or IPS (Intrusion preventing system) should be active.
- Monitoring controls register irregularities in the system and react to them automatically. The provider is informed about the irregularities and can take appropriate measures if necessary. Close monitoring of the system and network is part of the monitoring control measures.
- Corrective controls take effect by correcting errors that have occurred. For example, if data has been lost due to an update, the backup is part of the corrective control and you can reimport it in whole or in part if necessary.
- The post mortem analysis takes effect if an incident has occurred despite all security measures. The cloud provider analyses together with all other participants what went wrong and where the error was. Once the potential vulnerability has been uncovered, it is important to close it for the future and learn from the error that has occurred. Although malfunctions are by no means desirable, they can improve general security for the future with good post-mortem analysis.
The security measures mentioned here are generally standard for every cloud provider. The scope and focus of cloud security measures depend on the amount and type of data from and about the security risk to be assessed. The more sensitive the data, the greater the protection.
Technical and procedural measures of Cloud Security
Many security measures in cloud computing are also legally anchored and thus binding for every cloud provider within these legal limits. Accordingly, when choosing your provider, you should make sure that it is bound by the same applicable laws and does not employ any subcontractors outside the legal limits. Otherwise there is a risk of sanctions and disadvantages, which also affect the security of your data.
BSI Grundschutz and BSI C5 belong to the defined regulations.
The BSI Basic Protection, also known as ISO 27018, is decisive for the protection of personal data in cloud computing and is closely based on European data protection. Unlike this, however, it is not binding, but a sensible addition. Customers of a cloud provider should always attach importance to this standard.
The IT-Grundschutz ISO 27018 primarily sets basic requirements for data security, processes and procedures within a company. While it can be used as a standard for a cloud provider, it is not explicitly designed for cloud computing.
The situation is different with C5 (Cloud Computing Compliance Controls Catalogue), a certificate for cloud services. ISO 27018 is a certificate, C5 a certificate. The differences lie in different approaches to security testing. For the ISO certification the Cloud Security is checked at a time X. The C5 as the testing standard tests security over a period of time. This can be a month or a year.
Both processes address approximately the same security level, but are difficult to compare due to the very different catalog of requirements.
Technical and procedural measures are interlinked to ensure the highest possible security in the cloud. We have already mentioned some, such as authentication and monitoring of incidents. Other measures include emergency and recovery processes, for example. In other words, precise plans as to what should happen in the event of a malfunction and how to proceed. Ideally, these processes are regulated with your cloud provider as Service Level Agreements (SLAs). This also includes, for example, disruption and recovery times, which should be kept short by contract if your business is permanently restricted by a breakdown or disruption in the cloud.
An important measure of the cloud provider in this case is site reliability engineering. In a nutshell, this involves two main tasks: Ensuring ongoing operations on the one hand and targeted reflection in the event of disruptions on the other. The classic W questions help with the analysis. What happens when, why and by whom, and how can these incidents be prevented in the future?
Similar to a test alarm in a building, it can also be useful to deliberately play through any incidents in order to check the chain of action and alarm chain and, if necessary, rectify them.
Security and Privacy: The Secure Processing of User Data
Security and privacy are becoming increasingly important in data processing and thus also in the use of cloud infrastructures. At the top of the list is protecting access to data by unauthorized persons and protecting the identity or goals of the data owner and thus their privacy. Various security measures are used for this purpose.
Identity Management in the Cloud: Who is allowed to do what?
To put it simply, identity management means collecting the data of authorized persons in order to reliably verify their identity and regulate authorizations accordingly.
One part of identity management is authentication. Authentication processes can be carried out via simple authentication, such as the simple entry of a password. From a security point of view, however, this would be grossly negligent. Multi-factor authentications or at least two-factor authentications are better.
Two-factor authentication is used for many online services in the cloud. Here, the user logs in with his e-mail and password and is then sent another one-time code via a different route. Two-factor authentication is useful, for example, if an account, such as an e-mail inbox, has been hijacked. Without further authentication, the identity thief would usually have access to many more accounts through a “Forgot Password” action. Two-factor authentication is supposed to prevent this.
Multi-factor authentication goes one step further in terms of security. It incorporates even more factors to ensure authorized access to data. In many cases, it can even take place in the background, for example by checking the IP or the location. Multi-factor authentication also includes the precautionary blocking of the user account if authentication has failed – for example, if the wrong password is entered several times.
One of the most secure authentication measures is the hardware token solution. Instead of relying solely on software solutions, physical and technical authentication is required. This can be a chip card, a token generator that generates one-time tokens (as a stand-alone item or in the form of an app on the smartphone) or a matrix token that is inserted via the USB port.
Depending on the work environment, single sign-on (SSO) can also be useful during the authentication process. The user only has to confirm his identity once, for example with a password, but then remains logged on to his workstation – for all services to which he has access via his ID. If the employee leaves the company, his account is deleted. Because he had an individual password with SSO, he can no longer access data. With shared accounts and passwords, blocking access would be much more difficult and security gaps could arise.
Another part of identity management is the distribution of roles within the cloud. These roles are usually associated with different rights. Using the simple example of a document in the cloud: you can grant a person read rights for a document, but also the right to edit it. At the same time, you can allow a user to share a document with other users and assign access rights.
For data security it is recommended to keep the group of people with administrative rights (sharing, deleting, changing data) small and to grant read-only rights whenever possible. In addition, the de-provisioning of users can be useful. This means, for example, that an employee has access to the backup, but not to active data and vice versa. This counteracts human error or harmful behavior.
Physical Security in the Cloud: Clear Access Controls
The cloud is a virtual infrastructure for customers and agencies who use the services of a cloud provider. But of course, the cloud also has physical elements, which in turn require physical security measures. Everyone who has physical access to the cloud has access to your data. How high the security measures are depends largely on the sensitivity of the stored data.
Security measures such as locked rooms and entry security should be a matter of course for every cloud provider. If physical security standards are very high, biometric checks of employees are also used, such as fingerprint scanners.
The basic rule is: to guarantee physical security, the data center should be ISO 27001 certified. This ensures that the BSI basic protection is adhered to in the data center and that this has been confirmed by an independent ISO 27001 basic protection auditor.
Personnel Security: Security through bodyguards for your data
Security personnel for infrastructures is a must-have for sensitive data. It is the responsibility of cloud providers to check staff extensively before hiring them. There are validated standards for this, e.g. the ISAE 3000.
This can include, for example, the question of whether someone may have previously worked for a customer’s competitor. Furthermore, personnel security also requires the goal of familiarizing as few personnel as possible with specific data and, as already mentioned above, splitting access rights to different persons. One possibility:
- Person A has access to Data at rest (unchangeable, currently unused data, such as a backup).
- Person B has access to data in motion / data in use. (variable, currently used data)
- For a combination of different data (Data in transit), for example to make parts of a backup or an entire backup available again for active use, the consent of both persons is required. This double-checks security and makes it more difficult to import malicious data.
Ways to Privacy in the Cloud
In order to make data in the cloud more secure and thus protect the privacy of data owners, there are various approaches to data security. One of them is encryption, i.e. the encryption of data. Encryption also allows data processing for active data without decrypting it. There are different forms of encryption with different advantages.
- Homomorphic encryption: Calculations can be distributed on different servers that do not trust each other. Data processing is possible without the cloud provider or anyone else seeing decrypted data. The data remains encrypted and the result is also sent encrypted. For real-life applications, however, this cost-intensive method is often not practicable.
- Partial homomorphic encryption: This allows a keyword search, but no other search options are provided. Due to this fact, it is only suitable for moderate amounts of data, but is in no way inferior to full homomorphic encryption in terms of security.
Compliance in the Cloud
By commissioning a cloud provider, a company gives up sole control over its data and cross-company rules for data management must be found. In order for everything to comply with the law, the demands of the provider and the customer must go hand in hand. Fixed regulations differ according to industry and data sensitivity, and both sides should be aware of them. If, after a detailed check, it is ensured that all data protection regulations are complied with even when the cloud provider works together, compliance in the cloud can also be implemented without any problems.