The fun thing about being asked to predict security industry issues and trends is that I get to think about what could affect us, both negatively and positively in the upcoming year. Whether I approach it with the mindset of “How bad can things go if we do this?” or “What issues are we missing that could hurt us?”, there will always be the possibility of having the hindsight realization of “What were we thinking?” when looking back on predictions from the previous year.
I’d like to pay special attention to the prediction that we will finally recognize a fundamental exposure with Hardware as a Service (HaaS), Infrastructure as a Service (IaaS) and Platform as a Service (PaaS). Specifically, the rise of HaaS and IaaS in 2019 will shed light on a central insecurity in PaaS cloud strategy, as the staff controlling cloud environments have access to the information and materials stored and used in the cloud.
We have all seen the NIST security recommendations for Cloud PaaS (encompassing HaaS and IaaS) security. While they are foundationally accurate, they seem to have missed the real issue with PaaS. Phrased differently, they recognize the security requirements as well as the legal requirements. So, what is exactly dangerous about PaaS?
In the modern age, I truly hope that everyone realizes that anything with a computer and memory needs to be wiped before it is recycled. The good news is that recycling is not a PaaS problem by nature. If we look at cloud implementations of PaaS, some of the most valuable features are auto-migration and dynamic reconfiguration of an environment.
Auto-migration and dynamic reconfiguration do not require a restart, whereas under normal circumstances a program or system would need to be restarted. For these features to work in PaaS, the environment must to be changed while “still active,” which works by pausing, snapshotting the system and modifying it from there. Next, the system needs to be “unpaused” because while the system can be enabled from a pause, it is not a re-initialization.
When paused, everything that is active in memory remains in memory exactly as it was when paused. The active memory may even be flushed out to disk and migrated elsewhere. For those of you following along, you may see the problem by now.
The real issue is that when the snapshot is written to a disk, those controlling the cloud environment have full access to the data and materials being utilized and kept in the cloud, which in turn compromises the privacy of that information. While most may realize this privacy issue with SaaS, they are largely unaware of the issue with PaaS too.
Of particular concern are those depending on virtual machines and the encryption on them to guarantee privacy. Consider the following, you have a virtual machine hosted in the cloud with encrypted stored data. As un-accessed and stored material, the file would be encrypted and protected. When accessing the file and entering a decryption key however, the file and key are now officially in memory.
Overall, while we ask ourselves “What is dangerous about PaaS?” we need to understand that attention needs to be given to protecting the system snapshots from a HaaS and an IaaS perspective. We need to ensure the snapshots are protected so that they can still run, but not be copied or accessed in an unauthorized manner, or be migrated to unauthorized hardware.
Most importantly, we should continue asking, “Who really has access to the virtual machines and snapshots?” Until this happens, PaaS remains a real threat.
'Originally seen in Information Management