Developing The Secure Cloud

RSS

Edward Snowden’s revelations exposed National Security Agency activities that have given many people and corporations second thoughts about taking advantage of the cloud, which is the latest term for the Internet. It was bad enough when developers had to worry about spammers, virus writers, and criminals bent on gaining access to private information. Companies also worried about losing information to corporate espionage.

Infrastructure as a Service (IaaS) and Platform as a Service (PaaS) platforms like Amazon Web Services (AWS) have allowed users to flock to the cloud to host everything from Web servers to corporate data storage. Most have been built on standard PC enterprise hardware that has hardware security support via TPM, virtual memory, and virtual machine support. But much of the communication between systems, including storage, moves over the network where software is used to control access.

Verizon’s Terremark service recently announced that it will be using AMD’s SeaMicro platforms, which employ a hardware hypercube communication fabric that can manage partitions that feature computing, communications, and storage (see the figure). Also, its nearest neighbors won’t affect performance, and their communication load will be isolated. It will allow cloud services compliant with the Health Insurance Portability and Accountability Act (HIPAA), the Federal Information Security Management Act (FISMA), and the National Institutes of Standards and Technology (NIST) 800-53 Security and Privacy Controls.

Still, security is only as strong as its weakest link. Any system that utilizes the cloud for some aspect of its communication is susceptible to attack that can be silent and costly or noticeable and costly. Designers need to ask who holds the keys and what locks they fit into.

Lavabit, a secure e-mail service company that Snowden and many others had used, recently shut itself down after the NSA first obtained a court order to put in a backdoor—and then for the key to the door. The problem with backdoors is that they are designed to be hidden, as is their use. Unfortunately, the security of the system comes down to who has the keys to these doors. Snowden had one of these keys.

The latest design buzzword is Internet of Things (IoT). IoT usually means connecting anything that sends data to the cloud, where the cloud servers are often running on one of the PaaS or IaaS platforms. IoT gateway tools and reference designs of various types have been rolling by my desk for months, and most have some level of hardware security included.

Most companies with these products are providing the tools to secure a system but are leaving the actual implementation up to you, the developers. Hopefully you will educate yourself about the different aspects and tools for creating a secure system because it is more than just using tools like secure boot and AES encryption. So how secure are the cloud services and IoT devices you are designing or using?

Download this article in .PDF format
This file type includes high resolution graphics and schematics when applicable.

Discuss this Blog Entry 3

on Oct 18, 2013

A thoughtful approach to security can succeed in mitigating many security risks in a hybrid cloud environment. To develop a secure hybrid environment, you must assess the current state of your security strategy as well as the security strategy offered by your cloud provider.

on Oct 21, 2013

Great thoughts on how we can make the cloud more secure and remove some of the risks associated with the cloud. Effective vendor management can help businesses move work loads around and ensure they have the best security practices in place. I work for McGladrey and there is a whitepaper on the website that talks about the risks of benefits and the risks of moving to the cloud, “Cloud risks striking a balance between savings and security” @ http://bit.ly/16uLsgi

Newsletter Signup

Please or Register to post comments.

What's alt.embedded?

Blogs focusing on embedded, software and systems

Contributors

William Wong

Bill Wong covers Digital, Embedded, Systems and Software topics at Electronic Design. He writes a number of columns, including Lab Bench and alt.embedded, plus Bill's Workbench hands-on column....
Blog Archive

Sponsored Introduction Continue on to (or wait seconds) ×