1. Public the way we see it
Trends in Cloud
Computing
Secure Journey to the Cloud - a Matter of Control
2.
3. Public the way we see it
Trends in Cloud Computing
Secure Journey to the Cloud - a Matter of Control
February 2012
4.
5. Public the way we see it
The introduction of cloud computing
marks a crucial transformation
Everything will change in the years of “Secure Journey to the Cloud -
ahead in the field of ICT-based oper- a Matter of Control,” provides an
ational management. Civil servants answer to this question for politicians,
will no longer have computers under administrators, and others dealing
their desks, customer-facing counters with or responsible for implementing
in government offices will become cloud solutions in the public sector.
superfluous or be digitized, data cen-
ters will be merged and ICT depart-
ments of public authorities and exec-
utive agencies will be fully or partly
abolished. At the same time, increas-
ing amounts of data stored by public
authorities will be made available to
citizens and businesses for reuse.
Influenced by social media develop-
ments, citizens and businesses will
demand that the government pro-
vides its services through the same
channels. This must all take place in
a government-guaranteed secure
environment.
It is high time for a fresh look at the
organization and use of ICT in and
by public authorities; and an associ-
ated security policy. The necessity of
the latter, is clearly demonstrated by
the recent developments relating to
WikiLeaks and particularly the suc-
cessful denial-of-service attacks on the
websites of various public authorities.
Cloud suppliers could have thwarted
these attacks if cloud computing had
already been implemented.
Cloud computing can only be suc-
cessfully adopted if traffic can flow
securely along the digital highway.
Security is, therefore, often a key
area of concern in discussions on cloud
computing. It is essential that security
is well organized in the interest of
society as a whole. The question is
what actions the government should
take in the field of security to guaran-
tee the proper introduction of cloud
computing. This paper on the theme
3
6. Contents
1 Cloud computing - an irreversible trend 05
2 Worry-free use of the cloud 07
3 The context of cloud security 09
4 The concept of cloud security 10
5 Cloud security services 13
6 Conclusions and recommendations 16
7. Public the way we see it
1 Cloud computing - an irreversible
trend
Cloud computing in its various email, download videos or use word- n Lower costs/less ICT investment
forms processing applications directly on in the workplace
Cloud computing allows smart use of the Internet. A third concrete example Unwieldy computers under or on
the potential offered by the Internet. of the impact of cloud computing is desks will be replaced by a tiny
Both businesses and public authorities the reduction in the number of data box that manages traffic via the
view it as a useful and unstoppable centers, as cloud computing enables Internet. The benefits are lower
development in information and com- server capacity to be used more effi- costs in the investment and opera-
munication technology (ICT), which ciently and only when it is really tional phases for hardware, and
modernizes and improves services and necessary. licences which are no longer re-
operational management. Implement- quired in the workplace but which
ations will succeed only if data, data What are the benefits of cloud can be accessed via the cloud. Also
security and data traffic via the Internet computing? fewer ICT personnel are required
are handled in a careful and well-man- Cloud solutions offer innumerable on the shop floor to keep computers
aged way from day one. benefits: running. The savings on workplace
facilities alone are considerable. For
Cloud computing differs conceptually n Joined-up government example, the US Federal Govern-
from existing ICT arrangements. Government services are increas- ment is aiming to achieve savings
A key difference is that users do not ingly being provided via the Internet, of more than 60 percent on licence
have to store information on data which acts as a virtualized counter costs for the use of email (source:
carriers such as PCs and USB sticks. for public services. In this way CIO.gov). The range of tried-and-
That is a major advantage. Surveys public authorities can be contacted tested applications and services
reveal that business-sensitive infor- seven days a week, 24 hours a day. available in the cloud is growing
mation is held insecurely on hard Citizens and businesses increasingly daily, including for the support of
drives in over 60 percent of worksta- expect that. They are also less operational management functions
tions and laptops. Business sensitive concerned about the way in which (personnel, information, organiza-
information is also held in unen- authorities organize themselves be- tion, finance, computerization,
crypted form on 66 percent of all USB hind the computer screen. Whether communication, and accommoda-
sticks (www.cloudworks.nu/uploads/ for a tax return, a licence or benefit tion). This substantially reduces
cloudworks05.pdf, November 2010). application, the customer expects the time required to implement
the authority to know who he is new ICT systems. They are no lon-
Cloud computing takes various forms. and link up the relevant files, there- ger built or purchased, but are
The best known are social media. by keeping the number of trans- selected and paid for on a per-use
Social apps (cloud-based applications) actions to a minimum. This is all basis on the Internet.
such as Hyves, LinkedIn, and Face- possible using the cloud as the
book are used daily by millions of basic framework. After all the n Consistent supplier management
people around the world. Users now government services have been The introduction of cloud comput-
store data not on their own PC but interlinked, the next step in the ing enables us to purchase and use
somewhere in the cloud. Another modernization of service provision ICT resources in a more coordinated
example is the increasing use of thin- is the enrichment of the available and consistent manner. ICT deci-
client computers. These are computers information via social media, and sions are currently taken across mul-
with very limited storage and process- communication via social media by tiple levels and departments within
ing capacity. They provide access to public authorities, citizens, and busi- governments. The relationship with
applications and remote storage via nesses. business is changing. Public author-
a (web) browser. A thin client is, there- ities can greatly reduce the number
fore, nothing more than an informa- of commercial relationships by sign-
tion viewer that seeks to connect to ing contracts with partners on the
the World Wide Web. You read your basis of a one-stop-shop model,
Cloud computing - an irreversible trend 5
8. using ICT hardware and software, Cloud computing requires ments (SLAs) between the govern-
to a large extent, remotely. This consistent management ment and suppliers of cloud prod-
model helps governments to con- The secure and efficient implementa- ucts and services.
centrate on their core tasks. tion of cloud computing solutions by
ministries and local authorities re- The next part of this report deals in
n Consolidation of data centers quires a consistent approach under greater depth with security policy,
Data center consolidation signifi- the overall ‘direction’ of the central the context, risks, and available cloud
cantly reduces costs. The govern- government. The management rules services. The aim is to provide guide-
ment uses more cloud-based ser- must be clear to prevent everyone lines for worry-free use of the cloud.
vices, and so less capacity is required reinventing and implementing their In short, a restrictive set of boundary
than in the current situation. It also own cloud wheel. Security require- conditions must be established and
means ICT can be used more sus- ments must be supported by all gov- enforced for public authorities. Ensu-
tainably. The average utilization in ernment institutions, otherwise all the ring continuity of service is of prime
cloud solutions is between 60 per- benefits will be negated; and chaos importance. Some people also view
cent and 70 percent. In on-premise and complexity will merely increase. this as an integral part of “security”.
data centers it is still between 10 As an illustration, suppose that com-
percent and 15 percent. pany X supplies cloud services to
500 government institutions. Those
n Economies of scale and security 500 government institutions cannot
The economies of scale offered by carry out their own separate annual
cloud computing allow security and audits of the solvency, security com-
privacy to be managed more effec- pliance, privacy, and data controls of
tively than at present. At first sight company X.
that may seem illogical, but just
think for a moment about the current Hence there must be centralized
security situation. Standalone com- management on several fronts:
puters in the workplace are often n a single client, a uniform schedule
inadequately secured. All kinds of of requirements from a demand-
things can happen while they are focused organization on the basis
unattended: for example, data can of consensus among all layers of
be read, USB sticks can be copied, government;
and intruders can manipulate soft- n a uniform ICT architecture, policy
ware to spy on data or can install and organization for departments,
viruses. What about passwords? And local authorities, and executive
is it possible to detect data breaches agencies;
in local data storage? With cloud n specification of and compliance
computing, data does not have to with available and open standards;
be stored on a data carrier or local n accessibility of basic registers for
PC, and problems such as those use in cloud solutions for govern-
described above are prevented. ment and business;
Security, including data encryption, n establishment and management of
is managed centrally for all users. But the government “App Store” pro-
even within the cloud environment viding cloud solutions;
there is human input, so checks and n international developments/regula-
balances must be set up to keep the tions (EU and elsewhere);
risks of human error to a minimum. n a consistent and effective security
policy and clear service level agree-
6
9. Public the way we see it
2 Worry-free use of the cloud
What policy can be formulated? Now, back to security in the organi-
Cloud computing naturally poses many zation: has there ever been an assess-
ICT-related challenges which require ment of the current level of security
constant attention. Many companies in the organization’s own data center
(IBM, Microsoft, Intel, among others) or that of the outsourcing partner?
have conducted research into the They may have an SAS 70 statement
concerns frequently raised by senior and an ISO 27000 certificate, but what
business and ICT management. Over- do these actually cover and what are
all, this research has highlighted the the actual risks?
three biggest concerns as follows:
1. security and privacy of data in the How well secured is your data at pres-
cloud (44 percent); ent? Do you know who sweeps the
2. availability of cloud services for server room floor in the evenings after
business processes (41 percent); work? Is everything securely under
3. integration with other services lock and key, both physically and dig-
(39 percent). itally? Cloud architectures require
additions and modifications for use
Proper security arrangements are in the cloud.
therefore a top priority!
Risk management
Why the fear of security issues The fears surrounding this new cloud
in the cloud? phenomenon are understandable, but
Security is seen as the biggest concern. cloud services can help improve the
Why? Because the cloud appears to be current level of information security.
somewhat “hazy” in terms of security, Increasing numbers of parties are be-
and the way in which security should coming involved; and, as stated pre-
be set up to promote business initia- viously, human failings are always a
tives and comply with regulations. This possibility. Risks must therefore be
is mainly because we can no longer managed. The following five points
point to the room, server or tape that are of great importance in risk manage-
contains our information. Many people ment:
instinctively believe that if they can 1. inventory of information of impor-
see and touch something they have tance for the government;
more control over it. You could liken 2. inventory of possible threats with
it to somebody who travels by motor- regard to that information;
cycle (the least safe means of transport) 3. determining the probability of
to the airport in order to board an air- threats materializing;
craft (the second safest means of trans- 4. determining the impact of a materi-
port). For most people, the fear of an alized threat;
accident when flying is many times 5. determining measures to protect/
greater than when riding a motorcy- minimize the impact.
cle, whereas the statistics show pre-
cisely the opposite. That is because Security is one of the possible mea-
on a motorcycle you retain control. sures resulting from point 5.
Whereas in an aircraft you do not.
Worry-free use of the cloud 7
10. Towards a new security be responsible for the implementa-
approach for the cloud tion of part of the services. It no lon-
Risk management means striking a ger matters to the government how
balance between opportunities in oper- these services are structured in terms
ational management and financial of hardware and software, although
factors or regulations. It is about en- the government does retain responsi-
abling flexible services, not limiting bility for functionality, including
new initiatives. security requirements. These must
If the government wants to use the be set out in clear SLAs. The central
cloud successfully without worries, government CIO must specify the
then it needs to develop policy differ- framework for this. The government
ently with regard to security and con- must maintain overall control of the
trol under the influence of changes standards that will be used to secure
resulting from economies of scale and the information. There are various
standardization. The basic principle is reasons for this:
actually very simple. At present, deci- n the government must prevent the
sions on security matters in many formation of cloud silos, which
countries are still taken independently cannot communicate with each
at many different points in government. other;
With the introduction of cloud com- n the government must prevent cloud
puting, this must take place in a co- suppliers setting up their own authen-
ordinated and coherent way. A central tication and authorization systems
government CIO, for example in the independently of each other;
Netherlands, could have a prominent n the government must maintain over-
role to play in setting the framework all control of any encryption used,
in this regard. and in particular the management
of keys among cloud suppliers;
It must also be possible to open up n the government must enter into
cloud services on the basis of stan- agreements on how cloud suppliers
dard protocols, so that information will communicate securely with
can easily be reused within the gov- each other;
ernment. After all, care must be taken n the government must ensure that
to avoid recreating information silos, cloud suppliers fulfil their agree-
this time in the cloud. ments by monitoring them com-
A possible means of worry-free mig- prehensively across all suppliers.
ration to the cloud could involve the
government developing a migration Conclusion
strategy in which less sensitive ICT Governments should develop a gov-
services with lower security require- ernment-wide process and ICT archi-
ments are examined first. Subsequent tecture that makes optimum use of
levels will then only be tackled if there the possibilities afforded by modern
are adequate results with known learn- cloud facilities. They must also draw
ing effects. up and implement measures to main-
tain the architecture (both within the
Shift of responsibility government and extending to cloud
When ICT services are moved to the suppliers).
cloud, the government also ceases to
8
11. Public the way we see it
3 The context of cloud security
What are the risks? your data will also be used by crim- location in which their data is stored.
The apparent new risks resulting from inals or by the administrators of the Depending on the type of regulation,
the use of cloud services appear fur- cloud service. The impact of this there may be a requirement to know,
ther-reaching than the security risks type of data leak depends on the for example, precisely who has ac-
associated with conventional client- type of data stored in the cloud. As cess to what data, who has carried
server infrastructures, such as the far as is known, the recorded cases out particular modifications, etc.
risk of loss or theft incurred when have always involved an error by a Cloud services do not always in-
physically transporting information system administrator, for example corporate functionality to provide
on laptops, USB sticks or paper files. forgetting to change the default clients with such information.
Such transportation is no longer nec- password, thereby allowing other Additional logging tools and access
essary when using the cloud, as secure users in those organizations to abuse controls will be necessary when
information can be accessed from their access permission. This type using cloud services for that type
any location. of data leak cannot, however, be of compliance. It should be stated
attributed to the concept of the that a number of suppliers in the
The main risks when using cloud cloud provider. cloud are already providing such
services are: services.
n Privacy breaches
n Unavailability Almost all government organiza- n Integration across multiple
Whatever the cause, data managed tions handle privacy-sensitive data. organizations
by a cloud service provider would This type of data must not fall into When government organizations
be less readily available than data the wrong hands. Privacy also has begin transferring services to the
stored within the organization. If to do with the type of information cloud, the cloud services must be
a government organization takes stored and the length of the permit- able to communicate with services
no steps to guarantee the reliability ted storage time. These aspects are still running in the organization’s
of the cloud, services may become not specific to the cloud, but it is own data centers. They must also
unavailable. That will result in a advantageous to know where privacy- be able to integrate with partners
failure of business processes. An sensitive information is stored in in the logistics service chain. Two
interesting example concerns the the cloud. The privacy laws apply- types of risk are significant. Firstly,
recent developments surrounding ing in Europe differ from those on the basis of standards, the cloud
WikiLeaks. This organization had applying elsewhere. Most cloud service must be able to communicate
stored a large number of documents providers can currently guarantee with other services within and
with an American cloud provider. that information will remain within outside the boundaries of the
Despite the use of the “safe harbour” the EU. It is expected that a number client organization. Secondly, the
model (a model in which the rules of cloud providers will go a step service must be able to secure this
and laws of the data owner’s coun- further, and even give country guar- communication to satisfy the
try apply rather than those of the antees. This will depend on the requirements of the government
US), the US Government was never- spread of the various cloud data organization.
theless able to pull the plug on the centers and their economic feasibil-
organization. ity. In the case of both examples,
these guarantees must be legally
n Data leaks and technically watertight.
You do not know who, other than
your own employees, has access to n Compliance issues
your data. After all, it is outside the Compliance with internal and
field of vision and boundaries of your - more importantly - external regu-
organization. There is a risk that lations sometimes means that orga-
without sufficient access security nizations need to know the physical
The context of cloud security 9
12. 4 The concept of cloud security
Which security aspects have to Privacy ties have an important role to play in
be fulfilled? Privacy measures protect personal this regard. Cloud providers can guar-
What must government organizations information in such a way that others antee that information has actually
do for a reliable transfer to the cloud cannot access it. Various identity and been destroyed, but the owner of the
based on acceptable risks? They must access management systems support data needs to ensure that the destruc-
fulfil a number of basic security cloud services with a wide range of tion has been initiated. ITIL formu-
aspects, the principles of which are privacy and security measures. These lated an appropriate set of processes
described below. include low security level with pass- some years ago for incident and prob-
word-based authentication, to high lem management, backup, and recov-
Protection security level with attribute-based ery. The government must enforce
A user’s information and access rights authentication systems. The latter those requirements and have them
must be protected against abuse by systems use state-of-the-art privacy- guaranteed by a TMP. In an SLA, all
unauthorized users and intruders. supporting certificates. Efficient pro- conditions such as retention time, min-
Due to the fact that information and cess organization is also important imum performance, and storage size
applications are based in the cloud, in the event that the authorities raise can be recorded in a standardized way
security measures such as door locks any questions. For example, what does and verified subsequently by means of
or uniformed security personnel no the provider do if a public prosecutor standard reports.
longer work. The storage, transmission, asks for data? How can the govern-
and use of information must be digi- ment demonstrate to its citizens and Access and reliability
tally protected. This can be done businesses that the provisions of the Access to information and the pro-
using technologies such as PGP, SSL, relevant laws will be upheld? cessing of data items must comply
FTPS, and HTTPS. However, cloud with the privileges granted to the user
providers choose to go further. Most Recoverability requesting access. Unauthorized access
supplement the existing security Data stored in the cloud is subjected must be prevented. Every user claim-
measures with specific measures to to regular integrity tests to guarantee ing a unique identity when gaining
dispel the cloud user’s fears and un- its recoverability. Most cloud service access to data will be subject to a pro-
familiarity with cloud data centers. providers replicate data three of four cess to investigate whether he is indeed
Data in cloud environments must be times instead of making real backups. the authentic owner of the claimed
protected to an even greater extent This means they can recover from disk identity. After verification, the user
than in your own operating environ- crashes and major disasters. However, may only carry out those actions for
ment. Government bodies must of most service providers do not guaran- which he has been granted permis-
course decide for themselves whether tee the backup and recovery of data sion. Cloud providers have set up
a cloud provider is using sufficient which is “accidentally” deleted by the facilities for this. There are even pro-
security techniques in the data cen- end-users themselves. A government viders who offer the possibility, for
ter. This requires the government to body must therefore make or arrange example, of linking such facilities to
have specific expertise. its own backups, for example by tak- an active directory of their customers.
ing snapshots and downloading and An active directory of this kind estab-
The transmission part requires sepa- storing these on its own premises or lishes the authenticity and access
rate attention, addressing aspects with another cloud provider. Another rights. These are then managed exclu-
such as virtual intrusion (penetration problem is that data in clouds can be sively by the client organization. The
tests have been found to be very use- stored indefinitely. Depending on the advantage of this is that such informa-
ful), theft or compromising of data type of data and the applicable legisla- tion is recorded in only one place and
during transmission (stealing a copy), tion, this may not be permitted. Service can be used both by the internal
interception, and sending forged providers only process and store data. information systems and externally by
messages. The data center is ultimately So, they may have insufficient knowl- the cloud provider. The authentica-
just part of the assets and aspects edge of statutory retention periods or tion and authorization data constitute
requiring protection. mandatory clearances. Public authori- an application/information system in
10
13. Public the way we see it
their own right. That system must over IP (VoIP) seek to empower users very expensive. Most cloud providers
therefore also meet the specified by managing identity and security offer logging and monitoring tools,
requirements. These concern authenti- “on the fly” or dynamically in place although some are rather rudimentary.
cation and authorization for people of traditional directory control activi- Market participants are responding to
who are or are not given formal access ty. Certification and policy control of this by offering additional logging and
to the data. Safeguards against unau- applications and data from devices is monitoring tools.
thorized (criminal or terrorist) access managed through the federated securi-
are not yet covered. ty of multiple devices outside the cor- Integrity and irrefutability
porate firewall. Access is through de- Cloud providers must ensure that the
Connectivity vice policy control, enabling new cloud integrity of data is protected and that
Managing the process of access to cloud service models of apps stores and new it cannot be modified, duplicated or
services through identity authentica- content delivery channels. The advent deleted without authorization, just as
tion and authorization is critical, but of cloud broker services has led to the in the client’s own ICT organization.
there are also other steps once con- emergence of a Bring Your Own Policy The long-term irrefutability of digitally
nected to the network. Extract net- (BYOP) concept where companies not signed data is an important aspect of
work security may be needed beyond only have multiple devices, but also PKI-related standards in clouds. Cloud
SSL, TLS secure messaging and data control the policies that enable devices providers use various mechanisms
transport layers to ensure the actual to be approved, audited and controlled among themselves to deal with routine
security of this network. remotely. events. These could include the expiry
With the growing public telecommu- These network topology choices also of a public-key certificate and the
nications infrastructure such as the affect the “last mile logistics“ of con- expiry of a time-dependent trusted-
Internet to connect to cloud services, necting a user device to the informa- authority certificate.
and the potential for company net- tion technology service, whether it be
works and external non-company net- cloud or non-cloud hosted. Connec- Compliance with regulations
works to be involved in cloud service tivity can be fixed-line, or IP address- Legal, regulatory, and contractual
use, this raises issues of connection enabled and delivered through a wire- requirements must be defined for
security both for mobile employees, less connection. It also is a key en- all parts of the information system.
and external users outside the compa- abler in the idea of hybrid cloud, Monitoring activities must be planned
ny firewall environment. Choices of where data and applications move- and laid down in advance in joint
private networks and the use of tech- ments between different clouds and consultation between the parties con-
nologies such as Virtual Private Net- host environments can be achieved cerned. It is also necessary to conduct
works (VPN) and Virtual Wide Area securely. The security of networks regular independent reviews and
Networks (VWAN) are increasingly is an essential strategic architecture assessments. Cloud providers must
necessary parts of a secure network choice in cloud computing which comply with all internal and external
strategy to underpin the desire for affects the access, mobility and usage regulations, laws, contracts, policy
more freedom and mobility. Using of cloud-enabled business and users. and mandatory standards. Many pub-
secure networks enables remote user lic cloud providers use the compliance
access management while enabling Accountability and controllability and legislative frameworks of the
encryption of data as a layer to pre- A full log must be maintained for country in which the respective cloud
vent disclosure to unauthorized users. accountability in respect of data oper- data center is located. Government
ations. This must record all actions organizations can adopt these frame-
Yet the virtual private network is also carried out within a user session to works or outsource them to a cloud
seeing other new cloud consumption allow controllability. What precisely provider that complies with the neces-
models that are reversing previous has to be logged must be agreed with- sary legal frameworks. This could be
trends of centralized systems and net- in your organization. This is technically an additional task for the government
work management. Bring Your Own feasible, but (comparable to the storage audit service that can opt to keep it
Device (BYOD) connectivity and Voice and logging of telecom data) can be in-house or have it outsourced.
The concept of cloud security 11
14. also necessary to fulfill the interopera-
Figure 1: Layered Architecture
bility of cloud services.
In the case of IaaS, for processing
power or storage capacity for example,
Cloud Security Architecture the service provider may be required
Laws &
to store the data within a country or
Secure Communication Services
Regulations region, for example in the EU or the
Netherlands. This is to comply with
Cloud Integration Services
legislation on data storage.
Monitoring & Auditing
In the case of PaaS, the exposure is
Authorization Management
Upgradability &
Access Control Services Migratability
changed for example for in-house
applications or purchased packages,
Data Data which were initially behind a firewall
SAAS Encryption Application Encryption Policy &
Governance
but which now operate on the cloud
infrastructure. Anyone with an Inter-
PAAS Platform Storage Integration
net connection can now access them.
Business Continuity Therefore, more attention needs to be
IAAS Networking Management paid to whether the access to data via
the application or directly to the data-
base is properly secured. PaaS gives a
Insurable tional to cloud-oriented ICT services. third party the possibility of hosting
The risks relating to the system must This will take a number of years. The its own software on a particular plat-
be controlled. Few parties other than first migration must also incorporate form made available by a provider
the cloud service providers themselves an exit strategy (back to conventional (perhaps a standard application with
currently offer such financial insurance services), otherwise there may be a adjustable parameters). Some provi-
for cloud services. feeling of being on a “one-way street”, ders may also handle the application
which will be unsettling. management tasks.
Migratable and upgradable In the case of SaaS, there are other
A migration path must exist that is What architecture model can be matters of importance. Each SaaS sup-
feasible, controllable, and acceptable used? plier must be able to fulfil the compli-
to users in order to move from an old Cloud security services can be imple- ance rules applicable to government
to a new cloud provider or to a subse- mented in layers. Figure 1 shows how institutions.
quent version. The cloud infrastructure the various security layers for cloud
must be easily upgradable to new computing are positioned relative to In each cloud service (IaaS, PaaS or
releases of hardware and software. each other. It is important that the SaaS) the compliance, management,
This may pose a problem for the use familiar cloud computing variants and security aspects must be assessed.
of some business functionality, as of Infrastructure-as-a-Service (IaaS), A gap analysis can be carried out
some business functions are currently Platform-as-a-Service (PaaS), and showing what is required and what
available from only one cloud provider. Software-as-a-Service (SaaS) are all is present. It is also possible to deter-
The growth of the cloud market should aligned: these include associated ser- mine how these characteristics relate
mean that technology to support every vices. The main message in figure 1, to the insurance and protection requi-
possible business process will become from a security architecture perspec- rements of the respective information
available from multiple sources; and tive, is the distribution of responsibili- components. This answers the ques-
open up the possibility of migration ties. Depending on the type of cloud tion of which data and which func-
from one cloud service provider to service in the model, there is a further tionality can be accommodated in
another. In the first place, energy will responsibility relating to management which location.
be focused on migrating from conven- and security aspects. Of course, it is
12
15. Public the way we see it
5 Cloud security services
What cloud services are avail- look at the security of the connec-
able on the market? tions: this is a specialist area that
Figure 1 identifies the main security must be addressed separately.
services in the different layers of
cloud environments. These services Authorization management
and their operation within the cloud services
environment are described below. Authorization management services
ensure that the right user accounts
Data encryption services with the right information are avail-
Most people believe that the cloud able in the relevant systems. If that is
services in the market provide a not properly implemented, access
lower level of security than their own control will be a mere illusion. All
data center. The question is whether accounts, including administrative
this is an accurate observation. In accounts, must always be related to
many cases the cloud service provid- individuals in order to prevent abuse.
er will have a higher level of security The first step is, therefore, to manage
than most data centers and outsourc- the entire life cycle of accounts relat-
ing providers. There are two possible ed to individuals (employees, part-
reasons for this. First, cloud service ners, customers, etc.). This must
providers take a standardized, gener- include the functional accounts (for
al approach to security. Moreover, they example, administrators) that are
simply cannot afford to lose customers linked to these identities at any given
as a result of deficient security. A sin- time. Identity and authorization mana-
gle newspaper report about a serious gement is liable to be a complex matter
data leak could mean the end of a within the organization.
cloud provider, particularly if it
involves data that government insti- Outside the boundaries of the organi-
tutions are legally required to keep zation, however, such as in ecosys-
under surveillance. Cloud providers tems, supply-chain channels or cloud
are therefore focused on information services, identity and authorization
security from day one. It is their management is essential for opera-
most important priority. tional management. Applications can
be moved to the cloud, but control of
How do you know your provider has authorizations must remain within
implemented the right level of securi- the client organization. This does not
ty measures? If there is insufficient mean, however, that the actual identity
control of the system in which the and authorization management cannot
data is stored, it is necessary to be carried out in the cloud; on the
ensure that the security of the data contrary, Identity-as-a-Service can be
itself is controlled. By using data very useful in the outsourcing of
encryption and retaining control of identity management and the facilita-
encryption key management, organi- tion of a model such as e-Recognition
zations can take full advantage of as implemented in the Netherlands,
cloud computing. They need have no which enables users to log into vari-
concern about whether their data is ous government institutions through
stored somewhere in their own coun- their own account. Always be aware
try or abroad. It is also necessary to that combining cloud services and
Cloud security services 13
16. cloud security services in the same to be creating the same islands or
cloud will only be effective if the ‘stove pipes’ that we have been trying
cloud service provider can effectively to get away from in our own data
guarantee functional separation. centers in the last ten years. All these
services must be integrated in a secure
Access control services and controllable way. The cloud ser-
Authorization management may then vices must communicate with stan-
be a requirement, but if access control dard protocols for web services in
measures fail to operate effectively, order to achieve genuinely secure
your data will be unprotected without cloud integration.
your being aware of it. If the access
control is too tight, however, opera- Communication security services
tional management may be impeded. Cloud services - and hence data be-
Access control measures must ensure longing to citizens and businesses -
a balance between practicability and may be located anywhere and trans-
security, and must be based on the mitted frequently via the Internet.
relevant risks. Another important During transmission, the data must
aspect is the integration of access be secured by standard protocols.
control measures in your data center, Encryption is also an option, but it
your outsourcing partner’s data center is too complex to store all data in
and the cloud applications used. Single encrypted form. It will probably only
sign-on (SSO) across the boundaries be necessary to store business- or
of the organization and relationships privacy-sensitive data in encrypted
of trust between organizations are form. The rest must nevertheless be
essential for the successful use of protected during transmission via the
cloud services. Internet. This can be achieved by
means of standard protocols such as
Cloud integration services SSL/TLS. Network traffic can be pro-
People generally speak of “the” cloud. tected by PKI based protocols. Even
However, it is unlikely that there will more important than traffic to end-
be a single cloud containing all the users is traffic between service pro-
organization’s applications. Some viders. This must also be encrypted,
office applications may be obtained but you will probably not own the
from Google, for example, whereas keys used, which means you will
the CRM is with Salesforce.com. The incur a risk when services of different
security services may in turn be sup- service providers are integrated. You
plied by a dedicated security provider. must at least ensure that this risk is
This not only means that all employees known. You can discuss ways of mit-
must have access to all these services igating this risk with your service
from any location, but also that cloud provider.
services must have access to each
other’s network for specific services. Monitoring and auditing services
Consideration must also be given to If security levels are not being mea-
where brokers and other generic ICT sured, it will be difficult to assess the
services will be accommodated, such status and quality of these security
as the enterprise service bus (ESB) or levels. It is important to have access
print servers. At present, we appear to monitoring and auditing services,
14
17. Public the way we see it
either in-house or with a cloud service
Figure 2: Identity Lifecycle
provider, where all the information
from the client data center, the out-
sourcing provider, and the cloud ser-
vices provider will be gathered for
further processing. This solution must
be able to receive log files from all
systems in order to process security Hire Processes
Promotion
warnings from all systems.
This is a labor-intensive process Change
requiring people with very specific Location
skills to analyse the results. It is,
Retire Project Identity
therefore, advisable to also use this Membership Lifecycle
Processes
service in the cloud, with all other Change
cloud and non-cloud services being Role
connected. Change
Password
Additional
Business continuity service Reset Role
Business continuity management Password
(BCM) is an important area of atten-
tion for all government organizations.
The drawing up of detailed emergen-
cy plans for unforeseen disasters,
such as denial-of-service attacks on documents are deleted, accidentally
government websites, is essential or otherwise.
nowadays. In the ICT sector, that
means backups of business critical The business continuity service must
data must be available at different at least perform the following:
locations. n identify threats and the associated
potential business impact;
Cloud service providers such as Google, n determine the requirements for
Microsoft, and Amazon are very useful business continuity and recovery;
in this regard. They promise 99.9 n assess the current possibilities;
percent uptime and their services n design, implement, and test a busi-
release organizations from the burden ness continuity plan based on busi-
of creating and maintaining a backup ness objectives.
infrastructure and recovery facilities. www.nl.capgemini.com/expertise/
BCM incorporates various comple- publicaties/a-secure-start-in-cloud-
mentary elements, such as disaster computing.
recovery, business recovery, business
resumption, contingency planning,
and crisis management. However,
disaster recovery alone is not suffi-
cient. A mechanism must exist to
recover this data automatically even
if small quantities of data or specific
Cloud security services 15
18. 6 Conclusions and recommendations
Cloud computing in its various ministries and local governments.
forms This applies particularly to the use
Cloud computing is an important of applications offered by cloud com-
trend in the field of information pro- puting.
vision and related ICT. It turns com-
puter processing power and data The authority to decide on and
storage into a utility for collective implement cloud computing models
use, as has long been the case of gas, must therefore cut across departmen-
water, and electricity. The rise of tal boundaries. Cloud computing is
cloud computing has been particular- too complex and too generic to assess
ly strong, is set to continue, and is risks, develop security concepts, and
irreversible. In view of the advantag- select services individually in each
es for government organizations, government body. The security re-
cloud computing should also be quirements should be translated into
trusted and supported within the a clear SLA. Every government insti-
public sector, both at central and tution must nevertheless carry out an
local government levels and within additional risk analysis to ascertain
executive agencies. whether all generic risks also apply
to them, and whether they need to
The actions required in order to mi- be supplemented with specific risk
grate securely and carefully to the areas and additional measures.
cloud can be summarized as follows:
1. formulating a clear security policy Cooperation is important. The chal-
including security requirements; lenges involved in adopting cloud
2. organizing the management among services, and the scale of the poten-
the government organizations and tial risks and benefits demand that
market participants concerned; risk assessments, security frameworks
3. acquiring the required expertise in and service selections be elaborated
the field of cloud computing and on a pan-governmental basis.
demand management;
4. international coordination for the Governments must also align their
exchange of knowledge and experi- security and privacy policy regulations
ence. to the new reality, coordinate them
effectively with those of the other EU
It is important that all government member states, and test them against
institutions cooperate consistently those of non-EU states. That will pre-
with each other. Security requirements vent unauthorized reading of data
must be supported by all government and breaches of privacy rules.
institutions. Otherwise all the benefits
will be negated and, chaos will result.
Overall management of the formula-
tion and implementation of the secu-
rity policy must be guaranteed.
The public services provided by the
government, with ICT as an enabler,
extend beyond the boundaries of
16
