How to make a risk analysis for a public cloud migration

Why you should make a risk analysis for a public cloud migration.

This is a contributed article by Mike Bursell, Chief Security Architect, Red Hat.

 

The public cloud is firmly established as a bedrock of IT infrastructure. However, adoption has been hindered by concerns related to information security, with 93% of cybersecurity professionals being moderately to highly concerned about public cloud security. Fears regarding data leaks and privacy violations are particularly pressing for organisations handling highly sensitive data relating to financial, personnel, or payroll matters.

These fears are not unfounded. While sensitive data can be hosted in the public cloud, the magnitude of damage that can be inflicted by an error or a breach means that the risks need to be approached and tackled systematically - both ahead of, and after a cloud migration. This calls for regular and thorough risk analyses of your organisation's public cloud environment. 

Broadly, three categories of areas of risk will arise when conducting a public cloud risk analysis: the contractual arrangement you have with a provider, the architecture of the cloud software, and your hardware configurations.

 

Looking at your contract

The scrutiny you pay towards the terms and conditions of your contract with your cloud service provider (CSP) is essential to determining your standard of security. In a risk analysis, you should first look at the ISO security standards your CSP pledges to follow. You should look at your legal obligations and risks, and then look at how your CSP complies with the standards that you set for yourself for compliance purposes. 

Then, you should examine your contract to see what your CSP plans to do if a leak does happen. You should check who they deem as liable for leaks, their response plan for if a leak does happen, and their review process. You should also examine how your CSP handles security within their data centres, such as their staff screening policies.

 

Examining your architecture

The area where your risk analysis can gather the most insights and generate the most recommendations will likely be your architectural controls. This refers to how your software is set up to organise the data that goes into the public cloud. Architectural controls are particularly important for a hybrid cloud environment, where you run workloads on both public cloud and on-site servers, since they will let you keep as much sensitive data and workloads on-site as you can. For this reason, it's vital to work directly with your development and operational teams to understand your architecture.

If you're using a hybrid cloud environment, your team should ensure that the most sensitive workloads always stay on-premises, which you can manage by using scheduling tools to place workloads across the various clouds you use. To control the data shared between the public cloud and private servers, you should look into your use of API controls in controlling traffic, along with your overall strategy for monitoring data flow. You should also make sure to use a virtual LAN (VLAN) to further regulate the flow of data.

 

Picking your hardware

Finally, an efficient risk analysis also takes into account the hardware configuration of machines in an organisation, looking at the devices themselves and the hardware inside of them. Picking the right hardware can provide physical security for your confidential workloads, while also defending your data against malicious attacks - whether in-person, or via cyberspace.

One possible option is hardware security modules (HSMs), which are devices that can regulate access to your organisation's data. If you're storing some data on the public or hybrid cloud that very few people need to see, then an HSM gives you a near-certain guarantee that nobody outside of those few will be able to access that information. 

Another burgeoning development are trusted execution environments (TEEs). TEEs are sections in computer processors that offer a place for devices to run code in isolation from the rest of the device, separating them from any potential threats. This means that any malware on the machine shouldn't be able to see confidential information. TEEs are growing in popularity, although they're relatively new and their use can be thus costly and complicated. To track how this area is evolving, it's a good idea to watch for developments from silicon vendors such as AMD, Intel, and also the work of the Confidential Computing Consortium.

Your risk analysis will show you many things you need to look out for in your public cloud migration across your contract, software, and hardware. However, this migration is only the first step of your hybrid cloud security journey, and your risk analysis should never feel like a completed task. You must respond to risk by continually monitoring and developing your plan based on contractual, architectural, and technical change.


Mike Bursell is Chief Security Architect at Red Hat, the leading provider of enterprise open source solutions. After training in software engineering, he specialised in distributed systems and security, with a current focus in architecture and technical strategy. Bursell's other professional interests include blockchain, NFV, SDN, and virtualisation.