In a previous post, we focused on security risk and controls to keep in mind when considering a cloud migration strategy, and how the choice of deployment and service model influence the security requirements therein. In this post, we will look at some privacy protection capabilities that can be used to stem data privacy concerns in the cloud.
Cloud and the availability of resources to scale at the speed of the business has gained widespread interest. Despite the appeal, security, privacy and compliance concerns remain a barrier. A recent 2016 Cloud Security Report sponsored by the International Information System Security Certification Consortium (ISC)2 revealed that 46% of respondents cited data privacy as a top concern. This, coupled with recent attacks on Apple’s iCloud and similar “as-a-Service” platforms resulting in unauthorized access to customer data, creates further doubt in the cloud’s ability to provide the assurance needed to protect critical data and systems from prying eyes.
Amid these concerns, there are some key drivers contributing to the attractiveness of cloud computing. These include:
- Elasticity – The ability to scale in order to meet customer demand, by dynamically adding more resources transparent to the user. This allows for rapid deployment of resources to achieve key business objectives and maintain current operation and designing for high availability requirements relevant to Business Continuity Plan/DRP.
- Simplicity – The Capex or Capital Expenditure associated with traditionally owning technology hardware is significantly reduced, if not eliminated with moving to the cloud. This allows the business to adopt a pay-per-usage model for resources they need and focus more on operational expenditures long term.
- Expandability – Teams are better able to access information on the go and collaborate/innovate from anywhere across the globe, test ideas and market segments before committing time and resources, and quickly share concepts real-time.
The security and privacy of information in the cloud depends on many factors linking to people, process and technology. Organizations moving to the cloud must keep top of mind that data privacy is still their responsibility. Failure to ensure protection consistent with the information sensitivity could result in the business being liable if an unauthorized access event occurs.
Here are some protection capabilities worth considering as you transition to the cloud:
- Business requirements – It starts here! Having a clear understanding of the business objectives and mission goals will directly influence how privacy protections are designed, implemented and enforced.
- Security Architecture – The success of information security and privacy has a lot to do with striking a realistic balance. To that end, there are three principles that are essential to a secure design. They are:
- Least Privilege. Activities or communications are denied unless explicitly permitted. This is usually achieved through the use of role-based access controls (RBAC) to define the associated privileges for each applicable job function. Only the minimum should be granted. Keep in mind that this type of access can increase in complexity as needed by the business.
- Defense in Depth. The use of multiple reinforcing layers such as firewalls to protect systems, should be applied as a baseline to reduce exposure. In the cloud, careful examination of each layer and understanding the impact a prescribed countermeasure may have on the business must be taken into account. This is where a process such as threat modeling can offer tremendous value, by deconstructing components to uncover threats at the highest levels as it relates to compliance, contract agreements and business requirements.
- Separation of Duties. Like traditional environments, the cloud has a number of roles and activities required to operate and maintain the infrastructure. Therefore, proper role separation should be implemented using access controls to refine what areas of the system each user can affect, up and down the stack. In reality, the system or cloud administrator should not be able to read the application data. As an added measure, user access and actions should be tracked using a technical intermediary to monitor changes to the system.
- Access Controls – These types of controls are versatile and to some extent elastic in nature, restricting who has access to the data. With business requirements on hand, several levels of granularity can be applied albeit at the network/system, record, cell, sub-cell and at the collection level based on the type of access needed. At a minimum, access should be granted using one of four basic types (no access, write, read, owner), with careful consideration on how users will interact with the data. In a no access scenario and based on use-cases, the data will only be visible to authorized users and hidden to everyone else. However, if not carefully thought out during planning and design, data could be leaked and allow users to infer on its existence, thereby undermining the countermeasures in place. Therefore, you should design test cases to validate this further.
- Data Revelation – Operational needs and clearly defined use-cases can contribute to a robust privacy architecture. This in turn regulates how data is accessed and used throughout its lifecycle, based on need-to-know, providing only the necessary exposure required relative to the intended use-case, purpose and scope. Utilizing content-dependent access controls, constrained user interfaces that are tightly coupled to the data elements and temporal isolation are great ways to tackle data disclosure requirements as you move to the cloud.
Data privacy and security in the cloud comes with many challenges. Therefore, careful consideration must be given as to how users will interact with the data during the planning, design and deployment phase of the development lifecycle. Also, be sure to define under what circumstances data should be revealed, the duration and the potential risk it presents to the business if access falls outside those conditions.